Problem: With Online and Cloud storage,
sensitive user information and company details can be inadvertently disclosed.
This results in a non-compliance with business standards and industry
regulations as the private data is compromised and can make its way to
non-intended users. Securing of sensitive information like Credit Card Number,
SSN, Passport Number are of utmost priority while using SharePoint Online for
content management.
Solution: Data Loss Prevention(DLP)
Set up DLP Policy: set up the Data Loss
Prevention Policy for securing Credit Card information using Rules and Policies
in SharePoint Online.
Step1:
SharePoint Admin Centre and select Security and Compliance.
Step2: From
threat management select ‘Data Loss Prevention’ option.
Step3: Click
on the Plus icon to add a new DLP Policy
Step4: By
clicking Plus button to add DLP Policy open up a window from where we can
select the type of information that we would like to protect. We can either select already available
templates or we can select Custom option to build a custom policy.
Now we should
select the services that we would like to protect. Let’s select SharePoint Online and One Drive.
Setup Rules
for DLP Policy:
As part of
creating the Policy we should assign specific rules that will catch the
sensitive information while in transit. Click on Plus icon to configure the Rule.
Click on Add
Condition to add conditions that will form the satisfying condition for the DLP
Rule.
Let’s select
“Content contains sensitive information” as the main condition that will
trigger the Policy.
We can
select multiple sensitive information types. We will go ahead with Credit Card
Number as the primary sensitive information that we would like to protect.
Now we
should specify what action should be taken when the specific rule is met. Click
on Add actions to trigger the resulting action.
Let’s select
block the content as the first action.
Thus, we
have set up the below actions by which the content will be blocked and
notification will be sent to end user regarding the same.
We will save
the rule by giving it a name and click on OK.
If we want
to add more rules we can click on the Plus icon, else click Next.
Now let’s
give the DLP Policy a name and click on Create. This will complete the creation
of the DLP Policy.
Thus, we
have completed the creation of the DLP Rule and the Policy.
Test the DLP
Policy:
We can now
test the DLP Policy we have created. I have uploaded few documents which
contain the sensitive information – Credit Card Number. Upon sharing the
document, the DLP policy should get triggered which will block the content and
send a notification mail to the end user. To test DLP, let’s Share one of the
documents that contains Sensitive information.
In a few
minutes time, we will get a mail notification stating that the DLP rule has
been matched and it has to be rectified.
Until the
sensitive information has been removed from the user, the document access will
be restricted to its owner, last modified and the Site owner.
If we go to
the Library we can see that a blocked icon has come up against each of the
documents that match the DLP Rule.
Unless the specific sensitive information is removed from these
documents, it will continue to be blocked from other users.
No comments:
Post a Comment