This isn’t your parents’ workplace. More employees are working remotely than ever, and tech-savvy Millennials will represent half of the American workforce by 2020. As the workplace changes, the way we collaborate and share information continues to change with it. Adoption of Microsoft Office 365 is indicative of these changes.
Workers use the Office 365 platform to communicate via email, chat and video. With the tap of a button, all the documents and information related to a project can be shared with a single person, a small team, a full department and external business partners. The ease of information sharing and the sheer volume of information being shared make it difficult to manage data effectively, and can create security and regulatory compliance risks.
In our last post, we began talking about the data governance tools within Office 365. These include retention policies that can be assigned to content based upon its location, type or specific keywords. Retention policies define how long content is held before it is archived or deleted, helping to ensure that only valuable information is stored within Office 365.
Labels are used to classify content. Administrators can create labels based upon the type of content (such as financial or legal) or the nature of the content (such as confidential, private or sensitive). Users can apply labels to content manually, or labels can be applied automatically to content that contains sensitive information or certain keywords. (The automatic application option is available with the Advanced Data Governance functionality in an E5 subscription.) In addition, labels can be applied by default to all documents in a particular library.
While labels can be used simply as a classification system, most organizations apply various settings to force some action based upon the classification. These actions help to ensure that sensitive data is accessed and shared according to business and regulatory compliance requirements.
Administrators can set retention policies for labels, which generally are more granular than the retention policies discussed in our last post because they are applied to specific types of content. Content can also be classified as a “record,” which means that it can’t be edited or permanently deleted and the label can’t be changed or removed.
In addition, labels can be used as a condition in a data loss prevention (DLP) policy. DLP policies aid in security and regulatory compliance by identifying, monitoring and protecting sensitive information through the enforcement of rules. Rules include:
- Conditions, such as the type of sensitive information or the label applied to the content
- Actions to be taken when content matching the condition is found, such as restricting access or preventing sharing
- User notifications explaining the DLP policy and the actions the user is allowed to take
- User overrides that allow users to circumvent the rule if they have a valid business reason
- Incident reports that show activity related to sensitive content
Like retention policies, DLP policies can be applied to entire locations or specific sites or accounts. Using labels as a condition in a DLP policy gives administrators more granular control.
Collaboration and data sharing are critical to business success. However, failing to control and manage your data is risky business. The Microsoft experts at AdaptivEdge can help you use the power of labels and DLP policies to enhance security and regulatory compliance.
Written and composed by Principal, Steve Soper