How do your current DLP practices measure up now that you’re leveraging the power of the cloud and Office 365?

There’s no denying that the majority of organizations have begun to take advantage of the cloud in one form or another. One of the key players in this space is Microsoft with their Office 365 offerings, which are reportedly in use by 80% of Fortune 500 companies.

data center with sky overlay

While it’s great news that so many companies around the world are leveraging the power of the cloud to get things done more efficiently, there are certain DLP best practices that must be followed to ensure data is secure at all times.

Understanding how DLP works in the cloud

DLP, or data loss prevention, is simply a set of policies that organizations enact to meet a variety of security and compliance concerns for the cloud. When organizations shift from a central in-house storage model to a cloud-based model, it forces security management to shift as well.

Best practices for storing and accessing data in Office 365

1. Take an inventory of what types of sensitive data are being stored in Office 365

If your organization is already using Office 365, an important first step is to audit exactly how the cloud service is being used and find out what types of data are being stored on the platform. This step involves scanning data at rest across the major Office 365 apps, including SharePoint Online, OneDrive, and cloud-hosted mailboxes. Your team should be looking specifically for sensitive data that could include:

  • Credit card data
  • Social security numbers
  • Unencrypted files containing user passwords
  • Outlook offline files used to restore mailboxes (PST, MSG)
  • Account numbers
  • Health records and any other personal health information

2. Understand and analyze existing DLP policies to determine how they apply to the cloud

Many companies who are using Office 365 likely already have some set of DLP policies in place for their on-premises systems. It’s important to analyze these existing policies to identify which ones apply to Office 365 and determine if any new policies need to be enacted based on the fact that data will be moving to the cloud. This helps to ensure data stored in Office 365 will be protected with the same level of vigilance as on-premises systems and that necessary precautions will be taken because the data will be stored in the cloud.

Organizations should also identify what types of data are permitted to be stored in Office 365 and those that should not, as well as the types of sensitive data that should be shared with external parties.

3. Identify and prevent certain data from being uploaded to Office 365

Based on the structure of your organization and the sensitivity of your data, certain information may not be permitted to be stored in Office 365. Certain intellectual property or health records could be looked at as extremely sensitive, and therefore should be stored outside of Office 365. The question then becomes, how can you systematically ensure this data doesn’t make its way to Office 365? This question is complicated, but thankfully Office 365 offers a number of ways to protect these types of data based on policies used to identify this sensitive information by:

  • Searching for keywords that indicate sensitivity (ex. ‘confidential,’ ‘salaries,’ ‘passwords’)
  • Matching number patterns (ex. credit card data, birth dates, social security numbers, phone numbers)
  • Identifying a predefined set of search terms (ex. proprietary product names)

4. Avoid sharing sensitive data with unauthorized external parties

One of the security benefits of Office 365 is their robust set of APIs that allow real-time policy enforcement spanning all users and devices. Depending on the policies that you employ, when a violation does occur, remediation actions could include any of the following:

  • Notifying an IT administrator for further analysis
  • Working with users on acceptable sharing policies
  • Only allowing sharing with whitelisted domains
  • Modifying sharing permissions

5. Remain consistent across all cloud providers

It’s important to enact security policies that are consistent across not only Office 365, but also other cloud service providers. With more and more companies looking to the cloud to handle many aspects of their day-to-day operations, it’s critical that all of these services are safe and secure.

Reach out to MessageOps for help crafting sound DLP policies

Ensuring that your sensitive data is secure both at rest and while it’s stored in the cloud can seem quite intimidating. If you’re unsure whether your current DLP policies are sufficient for how your organization’s data is stored, it may be time to reach out to the team.

Was this article helpful?