Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

30 on Thursday - data loss prevention in SharePoint 2016 - protect your sensitive information - published

1,522 views

Published on

Enterprise SharePoint deployments contain sensitive data, from intellectual property to compliance impacting information (PII, PCI and PHI). Users are not always aware of what data is classified as sensitive and they can unknowingly create information security and compliance issues. Microsoft SharePoint 2016 provides new Data Loss Prevention (DLP) capabilities that allow us to find and protect sensitive information in SharePoint and OneDrive for business. These capabilities alert users to when they are working with sensitive information, and they help you work with document owners to reduce the risk to your organization and remain compliant with industry regulations. In this session, Demoing Live Protection, Antonio Maio will show you how to deploy and configure DLP in SharePoint 2016 to support your security and compliance objectives.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

30 on Thursday - data loss prevention in SharePoint 2016 - protect your sensitive information - published

  1. 1. Data Loss Prevention in SharePoint 2016: Protect Your Sensitive Information Thank you for joining our webinar!
  2. 2. Who We Are 3,300 professionals Over 20 countries in the Americas, Europe, the Middle East and Asia-Pacific 70+ offices IT Consulting ► Enterprise Content Management Solutions Protiviti is a global consulting firm that helps companies solve problems in finance, technology, operations, governance, risk and internal audit, and has served more than 40 percent of FORTUNE 1000® and FORTUNE Global 500® companies. Protiviti serve clients through a network of more than 70 locations in over 20 countries. Protiviti is a wholly owned subsidiary of Robert Half (NYSE: RHI). Founded in 1948, Robert Half is a member of the S&P 500 index.
  3. 3. Introduction • ‘30 on Thursday’ Webinar Series • 30 minute webinar series • All things SharePoint & Enterprise Content Management! • Upcoming Webinars: • June 9: “SharePoint 2016 and PowerApps Revealed!” • July 14: “Capacity Planning: An Introduction on How to Size and Architect a SharePoint Farm” • Full Schedule: ECM.Protiviti.com/Webinars
  4. 4. Upcoming Roundtables: SharePoint Security Register Now at: ECM.Protiviti.com/Events! Date Time Location Tuesday, May 17 8:30-10:30 am Edina, MN Tuesday, May 17 12:00-2:00 pm McLean, VA Tuesday, May 17 12:00-2:00 pm Atlanta, GA Wednesday, May 25 8:30-10:30 am Chicago, IL Wednesday, May 25 12:00-2:00 pm Houston, TX
  5. 5. Live Tweeting! Tweet us your questions & feedback during the webinar! Tweet @ProtivitiECM and use #30TDLP
  6. 6. Today’s Webinar • Today’s session is being recorded • Archive of past sessions • YouTube.com/ProtivitiSP • Questions: Use the Question Window or tweet us your questions @ProtivitiECM using #30TDLP
  7. 7. Today’s Presenter Antonio Maio Microsoft SharePoint MVP (5x) Senior Manager & Senior SharePoint Architect Protiviti
  8. 8. LET’S GET STARTED!
  9. 9. Data Loss Prevention (DLP) Goals • Protect the business (legal action, sanctions, loss of reputation) • Comply with regulations and business standards DLP is about Finding and Protecting sensitive information • Personally Identifiable Information (PII) • Payment Credit Industry Data (PCI, PCI DSS) • Financial Data • Health Insurance Data etc…
  10. 10. Data Loss Prevention in Office 365 Available through… • Exchange Admin Center • Compliance Center (Protection Center)
  11. 11. Data Loss Prevention in SharePoint 2016 Available through… • Improved eDiscovery Site Collection • New Compliance Policy Center Site Collection
  12. 12. SharePoint 2016 DLP Policies for eDiscovery eDiscovery Center • Create & run DLP Queries to identity sensitive data • Save Queries • Export Data • Highly dependent on SharePoint Search Index!
  13. 13. SharePoint 2016 DLP Policies for Compliance Compliance Center • Create DLP Policies to monitor and enforce protection of sensitive information • Provide administrator notification (via email) • Provide policy tips to users and owners • Block access to files containing sensitive content • Assign policies to existing site collections • Highly dependent on SharePoint Search Index!
  14. 14. SharePoint 2016 DLP Prerequisites • Create a Search Service Application (mandatory) • Start the search service, Define a crawl schedule, Perform a full crawl • Must have a healthy search index and crawl • Configure out-going email (recommended) • Turn on Usage reports (recommended) • Create the eDiscovery or Compliance Center site collections (mandatory– both not needed) • eDiscovery – for DLP Queries to identify where sensitive data exists • Compliance Policy Center – for DLP Policies to monitor or enforce policies • Assign permissions to Compliance team through the Site Collection Members group (recommended)
  15. 15. Creating the Compliance Center • Create a new Site Collection • Site Template - Select the Enterprise tab • Select Compliance Policy Center template • Only One Compliance Center Site Collection per Web Application • Compliance Center cannot cross Web Application boundary (eDiscovery Center can query across Web Applications)
  16. 16. Create DLP Policies • Create DLP Policies using Policy Templates • 10 policy templates available • Looking for 10 sensitive data types • U.S. / U.K. Passport Number • U.S. Individual Taxpayer Identification Number (ITIN) • U.S. Social Security Number (SSN) • No health related data • Cannot customize policy templates or data types
  17. 17. Create DLP Policies • Create DLP Policies using Policy Templates • 10 policy templates available • Looking for 10 sensitive data types • Credit Card Number • U.S. Bank Account Number • U.S. Individual Taxpayer Identification Number (ITIN) • U.S. Social Security Number (SSN) • No health related data • Cannot customize policy templates or data types
  18. 18. Create DLP Policies • Create DLP Policies using Policy Templates • 10 policy templates available • Looking for 10 sensitive data types • Credit Card Number • No health related data • Cannot customize policy templates or data types
  19. 19. Create DLP Policies • Create DLP Policies using Policy Templates • 10 policy templates available • Looking for 10 sensitive data types • Credit Card Number • EU Debit Card Number • SWIFT Code • No health related data • Cannot customize policy templates or data types
  20. 20. Create DLP Policies • Create DLP Policies using Policy Templates • 10 policy templates available • Looking for 10 sensitive data types • ABA Routing Number • Credit Card Number • U.S. Bank Account Number • No health related data • Cannot customize policy templates or data types
  21. 21. Create DLP Policies • Create DLP Policies using Policy Templates • 10 policy templates available • Looking for 10 sensitive data types • U.K. National Insurance Number (NINO) • U.S. / U.K. Passport Number • No health related data • Cannot customize policy templates or data types
  22. 22. Create DLP Policies • Create DLP Policies using Policy Templates • 10 policy templates available • Looking for 10 sensitive data types • SWIFT Code • U.K. National Insurance Number (NINO) • U.S. / U.K. Passport Number • No health related data • Cannot customize policy templates or data types
  23. 23. Create DLP Policies • Create DLP Policies using Policy Templates • 10 policy templates available • Looking for 10 sensitive data types • SWIFT Code • No health related data • Cannot customize policy templates or data types
  24. 24. Create DLP Policies • Create DLP Policies using Policy Templates • 10 policy templates available • Looking for 10 sensitive data types • U.S. Social Security Number (SSN) • No health related data • Cannot customize policy templates or data types
  25. 25. Create DLP Policies • Create DLP Policies using Policy Templates • 10 policy templates available • Looking for 10 sensitive data types • Credit Card Number • U.S. Bank Account Number • U.S. Driver's License Number • U.S. Social Security Number (SSN) • No health related data • Cannot customize policy templates or data types
  26. 26. Create DLP Policies • Create New Policies • Provide Name • Select 1 of 10 templates (no customization) • Select # of instances of sensitive data • Email address to send incident reports • Select to Notify with Policy Tip • Select to Block Access • Assign Policies to site collections (one at time)
  27. 27. Avoiding False Positives Looking for More Than Regular Expressions Finding Credit Card Numbers • Format • Pattern • Checksum (Luhn Algorithm) • 191 related keywords • Confidence Definition • 85% confident if all found within 300 chars • 65% confidence if number found & checksum passes Full Definitions found here: https://support.office.com/en-ie/article/What-the-sensitive-information-types-in- SharePoint-Server-2016-look-for-ec9fdbe2-bb77-455f-a2f6-407a4f54fca5
  28. 28. Finding US Driver’s License Numbers • Format – State Dependent • Pattern • 16 related abbreviations & 75 keywords • State name & State Abbreviation • Confidence Definition • 75% confident if all found within 300 chars • 65% confidence if all found (except keywords) within 300 chars Avoiding False Positives Looking for More Than Regular Expressions Full Definitions found here: https://support.office.com/en-ie/article/What-the-sensitive-information-types-in- SharePoint-Server-2016-look-for-ec9fdbe2-bb77-455f-a2f6-407a4f54fca5
  29. 29. DEMONSTRATION
  30. 30. Important Technical Notes • If its not in the search index DLP policies will not be enforced • Consider your crawl schedule • 4 Timer Jobs used to enforce policies • Policies not enforced on new documents until search crawl and timer jobs complete • Timeliness of policy enforcement depends on priority of policy template • Can take up to 24 hours • Cannot enforce policies on list items – only documents (not yet proven)
  31. 31. Final Thoughts • Data Loss Prevention just one critical part of securing sensitive data • Identifying sensitive data, monitoring its usage and enforcing policies • DLP requires regular management of policies – refine to avoid noise of false positives • SharePoint 2016 DLP is a great start! • Start learning and testing SharePoint 2016 DLP Today • Critical to have healthy search index • Test policies in Staging before deploying to Prod
  32. 32. Questions? Antonio Maio Antonio.Maio@protiviti.com @AntonioMaio2 ECM.Protiviti.com Julia Marple Julia.Marple@protiviti.com @ProtivitiECM
  33. 33. Thank You!

×