The Data Loss Prevention (DLP) feature in the new Exchange will help you identify, monitor, and protect sensitive information in your organization through deep content analysis. DLP is increasingly important for enterprise message systems because business critical email includes sensitive data that needs to be protected. It’s the financial information, personally identifiable information (PII) and intellectual property data that can be accidently sent to unauthorized users that keeps the CSO up all night. In order to protect sensitive data without affecting worker productivity, the new version of Microsoft Exchange Server 2013 integrates DLP features so you can manage sensitive data in email more easily than ever before.
You can be comfortable getting started with DLP in Exchange because Microsoft has included a simple management interface that allows you to:
Using the Microsoft-supplied DLP policy templates are an easy way to get started. DLP policies are packages of transport rules with new features that you can customize. These rules include classification types that define the type of content you are looking for in the DLP policy. You can use the Exchange management shell or the Exchange Administration Center (EAC) or even your own XML file editor to start incorporating DLP policies into your messaging environment. The image here shows the data loss prevention management interface.
Figure 1: Managing Data loss prevention (DLP) using the EAC
A number of new transport rule conditions and actions have been created in Exchange Server 2013 in order to accomplish new DLP capability. One key feature of the new transport rules is a new approach to detecting sensitive information that can be incorporated into mail flow processing. This new DLP feature performs deep content analysis through keyword matches, dictionary matches, regular expression evaluation, internal functions such as validate checksum on credit card numbers, and other content examination to detect specific content types within the message body or attachments.
With the new DLP features, you can inform email senders that they may be about to pass along sensitive information that is detected by your policies—even before they click send. You can accomplish this by configuring Policy Tips. Policy Tips are similar to MailTips, and can be configured to present a brief note in the Microsoft Outlook 2013 client that provides information about your business policies to the person creating a message. You can configure Policy Tips that will merely warn workers or block their messages, or even allow them to override your block with a justification. Policy tips can also be useful for tuning your DLP policy effectiveness, as they allow end users to seamlessly report false positives. Here’s a screenshot that shows the Policy Tip in action.
Figure 2: A Policy Tip informs email senders about sensitive information before they send the message
Three different methods exist for you to begin using DLP:
When you create DLP policies, you can include rules that include checks for sensitive information. The conditions that you establish within a policy, such as how many times something has to be found before an action is taken or exactly what that action is can be customized within your new custom policies in order to meet your business requirements. Sensitive information rules are integrated with the transport rules framework by introduction of a condition that you can customize: If the message contains…Sensitive Information. This condition can be configured with one or more sensitive information types that are contained within the messages.
To make it easy for you to make use of the sensitive information-related rules, Microsoft has supplied policy templates that already include some of the sensitive information types. An inventory of the sensitive information types supplied out of the box is provided on the TechNet Library. A brief sample can be seen here:
Data loss prevention in Exchange 2013 is one of several new features that are focused on helping to solve compliance issues in email. Check out In-Place eDiscovery, In-Place Archiving, Retention policies, and the new additions to transport rules, and information rights management too. We hope you become more productive and safe with the new DLP features that help you protect your organization’s sensitive data.