Grand Theft Data (Loss Prevention) in SharePoint 2016 or Online
Sorry, no new version of GTA is forthcoming…this blog is about Data Loss Prevention (DLP) in SharePoint 2016 public beta 2 release.
DLP what is it not? DLP has nothing to do with backup or recovery. In general it is a combination of technology and processes that safeguard sensitive information from (un)intentional loss.
This blog is a summary from a nice blog on the MVP Award Program site.
What is DLP? It is a complementary set of technologies to aid your business strategy to handle and protect sensitive business data that restricts sensitive data being put into SharePoint.
- Credit card numbers
- Passport numbers
DLP is consists of 2 main elements:
An important point to mention here is that both of these options do apply to both items stored in SharePoint 2016 On Prem, SharePoint Online and Items stored in OneDrive.
Data Loss Prevention: Discovery
Having the ability to perform a DLP query based on a DLP template. A.k.a check if credit card numbers and the like are in SharePoint! The outcome relies 100% on search having crawled all content.
In other words the Discovery section let you FIND and REPORT information that holds sensitive information.
You will be needing one (or more) eDiscovery sites for this.
So if you have a document with a creditcard number in it, the eDiscovery site will report this document.
Data Loss Prevention: Policy
Having the ability to enforce and actually restrict viewing of sensitive information! To do this you need to create a (set of) policy(s).
After you have set the policies and you have linked it to your site collection(s) the document with the creditcard number will be blocked!
You will need to create one (or more) compliance site(s) for this.
Please read Steve's blog for full details! It is really a very good document (and read)!
Update 29th januari 2016
I just came across some extra information from Microsoft Netherlands, written by Hans van der Meer, that might be usefull to you as well: