Blog

Data Security and Privacy with an In-House Compliance Center

By Cathy Dew on April 4, 2018

 

You don’t need MS Azure Information Rights to get started with Data Security in Office365

Ultimately, data governance for your business is about data security and privacy. With strong governance policies in place, you can create a system where your data is safe, private, and hopefully hack-proof. In an era when so many major businesses—including those with presumably huge IT budgets—are falling victim to data breaches, you simply cannot overstate the importance of data governance, security, and privacy.

We’ve already talked a bit about how you can use features in Office 365 to protect your data. However, with so many disparate pieces, it can be challenging to create a comprehensive data governance system while also making sure the system remains manageable. This blog post will help you solve that problem by establishing an in-house Office 365 Security & Compliance Center.

 

What Is the Office 365 Security & Compliance Center?

In the simplest terms, the Security & Compliance Center is a view within Office 365 from which you can manage all the data governance tools you are using. In essence, it brings all the disparate security, privacy, threat management, and data protection tools in Office 365 and puts them under the same umbrella. By using the Security & Compliance Center, it is much easier to translate data governance from a theoretical concept with lots of potential benefits into a legitimate and consistent practice of your business.

Only specific users can access the Security & Compliance Center. The system defaults so that only Office 365 global administrators can gain access. However, you can also give other members of your organization access by assigning them to specific Security & Compliance Center groups.

If you have the necessary permissions to use the Security & Compliance Center, you can use it by navigating to https://protection.office.com. There, you will find a portal with extensive oversight and control over your organization’s entire web of data security. The “Data governance” section allows you to import data securely, configure retention policies, manage data storage, and more. The “Search & investigation” tab, meanwhile, allows you to search for content and monitor admin and user activity going on around it. Other sections include “Alerts,” “Permissions,” “Threat management,” and more.

 

What You Can Do with the Compliance Center

As you can imagine, the Security & Compliance Center is an incredibly powerful feature in Office 365. No longer must you manage every data governance or data protection measure in a different spot. Instead, you can handle everything from one touchpoint. The convenience is substantial, as is the benefit. When you have all your data security and privacy controls at your fingertips in one place, it is a lot more difficult to overlook essential security functions. Getting into the habit of using and monitoring the compliance center, therefore, can go a long way toward helping you incorporate unbeatable data governance policies into your business.

You can use the Security & Compliance Center to manage or execute a lot of key functions in Office 365. The tool can do so much that getting the hang of it might take some time. To get you started, though, we’ve written up a few run-throughs of some of the primary features you will probably be accessing in the compliance center: labels, retention policies, and data loss prevention.

 

Labels

Labels in Office 365 allow you to classify data based on governance enforcement needs and data retention policies. By using labels, you can separate documents into different categories based on such criteria.

For instance, say you were using labels to drive data retention. You might use one label on all tax documents, to make sure those files are all retained for a certain number of years. However, not all the files that your organization has on record are as important—either for future reference or regulatory compliance. You might have press releases or project documents that a lot more ephemeral. By using a different label for these types of files, you could ensure that they followed different data retention policies (with a quicker deletion cycle) than important tax documents.

There are two primary ways to handle labels. Option one is to let users add them to content manually. Because users typically know best what type of content they are using and whether it needs to follow the rules of a specific governance or retention policy, letting them handle classification on their own often makes sense.

Option two is to configure labels to be applied to content manually. With this option, you essentially free your team members from having to know anything about data governance. They can focus on their day-to-day work, and the system can apply labels based on keywords or content types. For instance, you can set up a governance policy so that everything with the keyword “tax” in the title gets the same label. This functionality works across your Microsoft ecosystem, including in Office 365 groups, SharePoint, and OneDrive.

There are also less common ways of handling labels in SharePoint. For example, you can set a default label for a document library in SharePoint. From that point forward, every document in the library or added to the library would get tagged with the same label.

Labels are one of the things you can manage in the Security & Compliance Center. Just navigate to the compliance center page and click on the “Classifications” tab in the sidebar. You’ll see a drop-down menu, from which you can select “Labels.” This action will launch a menu that lets you configure label policies for your Microsoft ecosystem.

 

Retention Policies

We’ve already talked about how labels can be used to enforce retention policies within your organization. However, the Security & Compliance Center also includes a page geared explicitly toward retention settings. To find it, open the compliance center again and select “Data governance” from the sidebar. A drop-down menu should appear where you can click “Retention.” You will be able to use this page to establish new policies for your organization.

Document retention is an important priority for a few reasons. Most crucially, there may be laws or industry standards that require you to retain certain types of content for minimum periods of time. On the other hand, keeping data for longer than you need it may expose your business to legal and reputational risks. For instance, setting up retention policies to delete files containing sensitive personal information about former employees or ex-clients can help reduce the potential data breach. Even if the older content does not contain sensitive data, it can add bloat to your organization’s document management system and make it more difficult for end-users to find content that is relevant to their purposes.

With document retention policies in place, you can tell your system to delete files automatically once they have fulfilled certain conditions. Usually, those conditions involve dates. The specific conditions may vary for different types of files—hence the need for labels. However, before you can get the full benefit of labels, you will need to configure retention policies. Luckily, you can handle both processes side-by-side in the Security & Compliance Center.

 

Data Loss Prevention Policies

A data loss prevention policy is about preventing the disclosure of sensitive information. You don’t want employees within your organization leaking customer financial data or enterprise trade secrets. Data loss prevention lets you set up policies and rules to prevent leaks, whether accidental or purposeful. For instance, you can set up policies to prevent certain documents from being emailed to people outside your organization. Alternatively, you can set up a rule that makes it impossible for an email recipient to forward the message to anyone else. You can even use data loss prevention policies to prevent users from copying and pasting certain content.

Just like labels and retention policies, data loss prevention can be configured and managed using the Office 365 Security & Compliance Center. “Data loss prevention” has its own tab on the sidebar menu once you navigate to the main compliance center page. Just click on the tab and select “Policy.” On the main screen, you should now see a menu including a blue “Create a policy” button. You can use this menu to build new data loss prevention policies, define their rules, and apply them to specific content.

 

Using the Compliance Center to Drive Your Company’s Data Security and Privacy Practices

Data security and privacy are vital considerations for any modern business. The days of locked file cabinets are gone. Today, with everything online, accessibility is greater but so are security threats. Luckily, with the right features, you can give your documents and data as much protection—if not more—than any file cabinet lock could ever provide. In Office 365, the key to these protective measures is the Security & Compliance Center, a robust and intuitive tool that lets you manage all your governance and protection policies in one place.

If you need help navigating this system or understanding how all the different features and functionalities affect your data throughout SharePoint, Outlook OneDrive, or other Microsoft software, 2Plus2 can help. We are your premiere San Francisco Bay Area SharePoint consultants. Go online to schedule a free consultation with our team or call 510-652-7700 today.

Sources

 

Need help figuring out SharePoint's sexy new Modern UI? Click here to get Your Free Downloadable Guide 
Cathy Dew
Cathy Dew – CEO + Information Architect
Cathy focuses the company on our mission – Real results. Every time. Information architect and strategist, Cathy is passionate about making software work well – the function, the feel, the result.