Microsoft is helping its growing Office 365 customer base plug potential data leaks.
Following up on the launch of data loss prevention (DLP) capabilities in SharePoint Online and OneDrive, the company announced that it is expanding those protections to a broader set of software and cloud-delivered Office services. DLP describes computer security solutions that detect and prevent unauthorized attempts to transmit sensitive data, such as Social Security and credit card numbers.
"Starting in early 2015, we will enable DLP natively in Microsoft applications that your users are very familiar with," wrote Shobhit Sahay, an Office 365 technical product manager, and Jack Kabat, an Office 365 principal program manager, in an Oct. 28 Office Blogs post. "This will enable you to enforce policies for content creation and sharing rights at the time of content creation, and will provide users with policy tips, similar to the experience they already receive in Outlook and OWA when they try to share sensitive content."
The feature will first appear in Excel. Word and PowerPoint will gain similar functionality sometime later in the year.
Microsoft also plans to leverage Windows File Server's automated file management feature, called file classification infrastructure (FCI), to enhance security on select services. The jointly authored post revealed that Microsoft is "enabling the detection of Windows FCI content classifications for Office documents in Exchange Online, SharePoint Online and OneDrive for Business" in the first quarter of 2015.
This newfound FCI awareness can help organizations avoid potentially costly lapses in regulatory compliance. Sahay and Kabat explained that administrators "will be able to create an Exchange transport rule that is able to detect the FCI classified Office document as Protected Health Information, and apply appropriate action to prevent disclosure."
Over the next few months, Microsoft is enabling "active policy evaluation and enforcement" on sensitive data stored on SharePoint Online and OneDrive for Business, they added. "This includes policy actions to restrict and block access, as well as user education with email notifications."
DLP is gaining ground with companies that build solutions for secure cloud computing environments. In January, CipherCloud announced that it had acquired CloudUp Networks to help bolster its cloud security platform's DLP capabilities. Earlier this summer, Trend Micro announced new security offerings that integrate with Office 365 and help safeguard data with DLP, encryption and malware scanning.