Nick Ball, a Premier Field Engineer from the UK, writes about how Data loss prevention in Exchange 2013 can help your business.
A lot of my customers have been asking me lately about some of the new features in Exchange 2013 especially around Data loss prevention so I thought I would write this post just to give an overview of what it is, the features and how it can benefit your business.
Overview of Exchange 2013 Data Loss Prevention:
Businesses are ever more dependent on their email systems for transferring data these days and the risk of accidently sending sensitive information outside the organisation is more prevalent than ever. Data Loss Prevention in Exchange 2013 and Office365 allows you to set policies that govern what data you consider to be sensitive and how that data is to be handled as it passes through Exchange.
Features and Benefits:
In the next few sections i have highlighted some of the main components and features of Data Loss Prevention and how they can benefit your business.
Policies and Templates:
Exchange 2013 comes with a set of pre-defined policy templates and gives you the ability to import from 3rd parties or create your own. The templates included cover many aspects of sensitive date including financial, personal and business. Implementing new polices and restrictions is always a concern for a business, to avoid the normal headaches around this Exchange 2013 allows you to implement them in a test mode so you can verify your policy works before enforcing them, minimizing downtime and unnecessary calls to your support teams.
Benefits: A lot of the work had been done for you, adaptable to your business, granular control, safe deployment.
A great feature of DLP are PolicyTips which are used to warn users that they might be in breach of a policy by displaying a warning in the message window much like MailTips in Exchange 2010. PolicyTips will advise the user of what policy they are in breach of and where they can get more information on the policy. Policy tips only work with Outlook 2013 pro plus. Policy tips are also customizable allowing you to direct users to a web site with your corporate policies.
Prevent accidental disclosure, keep users informed, and customize the notifications.
Benefits: Customisable notifications, Policy awareness, Policy visibility, early warning.
We need to consider how policy violations are reported, DLP utilises an incident report which when
configured will be generated and sent to a central mailbox for analysis by your governance professionals. The incident report will contain a copy of the original message along with a comprehensive set of information to help you decide how you wish to progress the violation.
Below is an example incident report which contained a credit card number, when the user attempted to send the message they chose to override the company policy, in doing so the sender had to provide a reason which is part of the incident report.
Benefits: Centralise reporting, detailed breach information, familiar work flow.
What to do with the message:
DLP also allows you to take actions against messages that meet criteria a set out by your policy, these actions give you control of how the message will be handled for example should a message breach policy by containing a phrase matching the title of an internal project this message could be forwarded to the project manager for approval.
Benefits: Take control, adaptable with your business, work flow, secure information, and protect users.
1. User A is sent a credit card number to process a customer refund sent from the Call centre.
2. User B receives the message, hits reply and mistakenly adds an external recipient.
3. A policy tip is displayed notifying the user that a credit card number has been detected and that an external recipient has been added to the list of recipients.
a. The user sees the notification and corrects the mistake.
b. The user overrides and sends the message.
i. The message is detected, incident report generated and sent to the auditing team, and the message is sent to the payments department for approval.
4. User B is contacted by the auditing team and the payments department for confirmation that the message is to be sent outside the organisation.
5. User B confirms the mistake and re sends the message with the correct recipients.
Data loss prevention is a very powerful and highly customisable feature of Exchange 2103, this is a very basic overview of Data loss prevention in Exchange 2013 but hopefully has given an insight into how this can affect your business and shows how powerful this feature can be in safeguarding against disclosure of sensitive information from within your messaging environment. For more information take a look at the further reading below or speak to your Technical Account Manager for details on the services Premier offer for Exchange 2013.
Data loss prevention is a premium feature of Exchange 2013 and requires an enterprise CAL more licensing details can be found here Exchange Server Licensing. More compliance features are available in Exchange 2013 such in place e discovery, in place archiving, retention policies, and the ever helpful transport rules.
Exchange 2013 Data Loss Prevention on TechNet: Microsoft Technical resource for DLP
Exchange Team Blog Post on DLP: Excellent post highlighting some more technical detail of the feature.