Let’s take a trip back to the 1990s and early 2000s. In those days, vehicle manufacturers didn’t always do a great job of protecting vehicles from getting stolen. Many people, with a desire to secure their vehicles, purchased aftermarket security alarms. While they were great, in theory, to reduce the risk of vehicle theft, two key things ended up happening. Many of these products ended up being SUPER sensitive, resulting in a lot of false alarms. Walking through a parking lot in this time, it was not unusual to hear a loud and annoying car alarm going off. Soon after, cue a confused car owner running over and fumbling with their remote, trying to figure out how to turn it off. The long and short of the fact is that generally, these products didn’t offer a great user experience. Too many alerts left people ignoring the issue, and if you were the unlucky one having to turn off your alarm, it was effectively like rocket science to silence the false alarm. This highlights the fundamental need for security to be intentional and user friendly, which will improve compliance and reduce false alarms.
What is Data Loss Prevention (DLP), and why does it matter?
Microsoft Purview is an important tool in your tool belt for helping to protect and secure the data in your Microsoft 365 environment. One of the key tools inside Purview is data loss prevention (or DLP) rules and policies which help to protect bad actors from taking data outside of the bounds of your Microsoft 365 environment. At its core, DLP policies can be thought of as putting up a fence around the boundary of your environment to prevent data from leaving "unexpectedly". It is important to note that the unexpectedly component of that last sentence leaves the door open for certain people in certain cases to remove data in a controlled manner. It is important, and ultimately pivotal for compliance and user experience, to make sure that you carefully tailor policies that achieve your protection goals without hampering the user experience.
Essential Best Practices for Effective Data Loss Prevention
With this general advice in mind, we do suggest you take the time to set up DLP policies in your environment best practices. When you do so, think about these key best practices:
Data or user targeting: unless you have a very specific, highly regulated need, it is generally best practice to apply DLP policies selectively throughout your environment, either based on users (who may work with highly sensitive data) or based on data type (identified via content or metadata).
Target actions intelligently: after segregating and targeting data and/or users, think about how different actions can be used to apply different levels of restrictions to each class. It may not be helpful to apply the same actions to every group of data or users, but on the flip side it may be exceedingly necessary to apply more harsh restrictions on certain groups of data or users depending on the importance.
Alerting is turned on: DLP works best when admins are notified of breaches and or of people acting improperly so that they can not only be aware of what's happening but can adjust the actions and policies as necessary to give the right level of protection without, again, impeding user experience.
Consider endpoint: if you are properly set up within two non windows endpoints that are controlled by the organization, extend the DLP policies into your endpoints to provide extra protection and additional layers of security when people have data on their hard drives
Data loss prevention is a very complex topic and while we're attempting to express a high-level point of view about some best practices and a general recommendation for user experience, this article is not a replacement for in depth training on how to set up and how to structure DLP in an intelligent way.
Implementing DLP in Your Organization
We highly recommend that before you start down the process of setting up DLP in your organization, that you take the time to do some training on how to properly use data loss prevention. As you consider the different training options you should make sure that your training course offers:
Theoretical foundations of how DLP should operate
Hands-on experience with setting up DLP
Best practices on how to structure DLP
While data loss prevention is not necessarily dangerous to set up on your own, you do run the risk of significantly restricting your users’ ability to do their work effectively using data loss prevention if it is not set up properly. Hence, training is pivotal to make sure you can truly balance the protection that data loss prevention offers with the core of user experience.
If you are interested in learning more about data loss prevention, Cadence Solutions is the ARMA international approved data loss prevention training provider. We would be more than happy to welcome you into our courses which are offered once per quarter and include the following features:
Access to a full-featured test environment for working with DLP settings
Best practices and lessons learned from our experiences
End-to-end learning by experienced facilitators who implement DLP on projects actively.
Protecting your organization's data starts with the right strategy. Ready to strengthen your DLP approach?
Comments