Data Loss Prevention Overview
What Does DLP Do?
Identify sensitive information From across many locations, such as Exchange/SharePoint Online, OneDrive [not personal but Business], and Microsoft Teams. As an example, you can look for any document containing any credit card numbers that's stored in any OneDrive for Business site, or you can monitor OneDrive site collections of specific people.
Prevent the accidental sharing of sensitive information. Healthcare looks for HIPPA related content as an example. Policies can be configured for client needs as they see fit for any document or email containing a health record that's shared with people outside your organization, and then automatically block access to that document or block the email from being sent.
Monitor and protect sensitive information in the desktop versions of Excel, PowerPoint, and Word. Much like Online versions of Office 365, Office desktop programs include the same capabilities which identify sensitive information and apply DLP policies. DLP provides continuous monitoring as users share content in Office programs.
Help users learn how to stay compliant without interrupting their workflow. Obviously, we can throw HR paperwork at our users, but we can educate users about DLP policies and help them remain compliant without blocking their work. Much as we mentioned above with emails and documents containing sensitive information, a DLP policy can both send them an email notification and show them a policy tip in the context of the document library that allows them to override the policy if they have a business justification. The same policy tips also appear in Outlook on the web, Outlook, Excel, PowerPoint, and Word.
What does a DLP contain at a high level?
You can choose to protect content in Exchange email, Microsoft Teams chats and channels, and all SharePoint or OneDrive libraries, or select specific locations for a policy.
This is what enforces your business requirements on your organization's content. A policy contains one or more rules, and each rule consists of conditions and actions. For each rule, when the conditions are met, the actions are taken automatically. Rules are executed sequentially, starting with the highest-priority rule in each policy.
A rule also provides options to notify users (with policy tips and email notifications) and admins (with email incident reports) that content has matched the rule.
Grouping and logical operators
Often your DLP policy has a straightforward requirement, such as to identify all content that contains a U.S. Social Security Number.
When you create rules in a policy, each rule is assigned a priority in the order in which it's created - meaning, the rule created first has first priority, the rule created second has second priority, and so on. After you create a rule, its priority can't be changed, except by deleting and re-creating it.
So, these are the higher level components to DLP’s There is much more information in creating these DLPs and we will be more than happy to discuss in detail so feel free to reach out.