Last month Microsoft announced some sweet changes that will enable Data Loss Prevention (DLP) features within SharePoint Online and OneDrive. Available in the first quarter of 2015, this advanced toolset is yet another sign that Microsoft is no longer targeting just small and medium sized business for the Office 365 platform. The move to integrate Data Loss Prevention strategies into SharePoint and OneDrive means there's now a consistent and unified approach to managing DLP across all Office 365 storage units. Shobhit Sahay does a great Channel 9 video on this topic here.
Why is this important?
To date, Exchange has been the leading edge product for management and implementation of Data Loss Prevention strategy. The Exchange Admin Console allows administrators to prevent users from sending sensitive information as defined by administrative DLP policies. If you tried to send out credit card or personal health information in an environment with DLP policies enabled, you'd be warned or prevented from sending that message.
No such prevention was possible in SharePoint or OneDrive. This means users can add a sensitive file to SharePoint and share it with both internal or external users at their discretion regardless of policy. SharePoint leveraged eDiscovery to allow for the manual discovery and remediation of any sensitive content. This is a great, but reactive approach to managing DLP.
Now, Office 365 is getting a cool new Compliance Center to centrally administer compliance across applications.
How will all this work? Our best friend, search (of course). There's a new component in search that runs in the content processing pipeline that will classify content to match against defined policies.
You will define DLP rules in much the same way existing policies and rules are created in Exchange, but you'll be able to apply them to SharePoint (including specific subsites) and OneDrive.
Policy actions can be set to notify users of risks.
Can't wait for these new DLP features - this will help organizations rest easy knowing they can use DLP strategies to protect corporate information across the Office 365 space.