data loss prevention in office...

#ITDEVCONNECTIONS | ITDEVCONNECTIONS.COM

Data loss prevention in Office 365


Jethro Seghers

Program Director

SkySync


• What is sensitive data?

• DLP how does it work?

• DLP management

• DLP auditing

• QA

Agenda


“


What is SENSITIVE DATA


HOW DO PEOPLE EXPOSE SENSITIVE DATA

DLP


Demo

How does it work?


How does it work?


Policy

distribution

Contextual policy

education

DLP policy configuration

Backend policy

evaluation

Audit & incident

data generation

Admin

Information workers

DLP system walkthrough


Integrated into Exchange Transport Rule (ETR) engine• Runs in categorizer during

OnResolvedMessage

• Integrated as a new ETR predicate

• Performs text extraction for body & attachments followed by classification

• Can be combined with any existing predicates & actions

Text extraction

Transport rule agent

Classification

DLP content detection flow in Exchange


DLP content detection flow in SharePoint

ClassificationOperator

Document summary

PropertyMapping

DocumentParser

Custom Entity

Extraction

Wordbreaking

Ifilter sandbox

LanguageDetectio

n

Deleteitem

Delete Links

Insert newor updateditem

Runs in Content Processing Pipeline as an operatorInvoked for search crawler as new content discovered and changedClassification results and counts stored in the content index

Excel Format Handler


• Built-in templates based on common regulations

• Import DLP policy templates from partners

• Build your own

DLP policy templates


Demo

DLP policy management


• Predefined rules targeted at sensitive data types

• Advanced content detection

• Combination of regular expressions, dictionaries, and internal functions (e.g. validate checksum on credit card numbers)

• Extensibility for customer and ISV defined data types

Sensitive content detection


Built-in DLP Content Areas

Country PII Financial Health

USUS State Security Breach Laws,US State Social Security Laws, COPPA

GLBA & PCI-DSS (Credit, Debit Card, Checking andSavings, ABA, Swift Code)

Limited Investment: US HIPPA, UK Health Service,Canada Health Insurance card

Rely on Partners and ISVs

GermanyEU data protection,Drivers License, Passport National Id

EU Credit, Debit Card,IBAN, VAT, BIC,Swift Code

UKData Protection Act,UK National Insurance, Tax Id, UK Driver License, Passport

EU Credit, Debit Card,IBAN, BIC, VAT,Swift Code

CanadaPIPED Act,Social Insurance, Drivers License

Credit Card,Swift Code

France

EU data protection, Data Protection Act,National Id (INSEE),Drivers License, Passport

EU Credit, Debit Card,IBAN, BIC, VAT,Swift Code

JapanPIPA, Resident Registration, Social Insurance, Passport, Driving License

Credit Card,Bank Account,Swift Code

Australia Drivers License, Passport, Social Insurance Credit Card, Bank Account, Swift Code


Examples:Joseph F. FosterVisa: 4485 3647 3952 7352Expires: 2/2015

Get

Content

4485 3647 3952 7352 a 16 digit number is detected

RegEx

Analysis

1. 4485 3647 3952 7352 matches checksum2. 1234 1234 1234 1234 does NOT match

Function

Analysis

1. Keyword Visa is near the number2. A regular expression for date (2/2015)

is near the number

Additional

Evidence

1. There is a regular expression that matches a check sum

2. Additional evidence increases confidenceVerdict

Content analysis process


Demo

Document Fingerprinting


• Advanced deep content analysis enabling new scenarios!

• A tax firm needs to detect and encrypt standard tax forms, like the 1040 EZ, W2, etc.

• Company Confidential documents like Patents detected based on their template

• A Law firm can fingerprint legal forms, and

have them detected automatically for

policy application

• Integrates with the existing DLP

Infrastructure as a custom sensitive

information type

• Surfaced in Exchange, Outlook and OWA

DLP Document Fingerprinting


Fabrikam Patent Form Tracking Number Author Date Invention Title Names of all authors...

Get

Template

Content

1. Condensed representation of the template content

2. Document is not stored3. Stored as a sensitive information type

Create

Fingerprint

Fabrikam Patent Form Tracking Number 12345Author Alex Date 1/28/2014 Invention Title Fabrikam Green Energy...

Get Email

Content

1. Temporary in memory representation2. Used for comparson with source

fingerprint created at config time

Create

Fingerprint

1. Compare the two fingerprints2. Evaluate a ’containtment coefficient’

to declare template contained in email content

Verdict

CO

NFIG

UR

ATIO

NR

UN

TIM

E

Document Fingerprinting

CLASSIFICATION RULE with

FINGERPRINT

FINGERPRINT

GENERATION

Evaluation

+ verdict


Demo

DLP in SharePoint Online


• Search for sensitive

data

• Built-in classifications

• Identification and

export

• Extends to data in

OneDrive

DLP in SharePoint Online


• Empower users to manage their

compliance

• Contextual policy education

• Doesn’t disrupt user workflow

• Can work even when

disconnected

• Admin customizable text and

actions

User educationOutlook

OWA


Policy Tips in OWA for devices


• Comprehensive view of

DLP policy application

• Drill into specific departures

from policy to gain business

insights

• Export to excel workbook

& email incident reports

DLP reporting and auditing


Reporting and Auditing


Real Time Notifications

Audit dataClassificationRule detailsMatch details


• Custom DLP contentSupplemental DLP policy rules

Supplemental DLP classification rules

• Incident reports integration

with custom workflows

• Custom reporting solutions

• Remote PowerShell management

DLP extensibility points


Q&A

data loss prevention in office...

Documents