IS OFFICE 365 READY TO TAKE ON THE ENTERPRISE DLP HEAVYWEIGHTS?
Microsoft has hopped on the DLP fleeting trend with some solid DLP abilities. We frequently get inquired as to why not simply utilize Office 365 for DLP? We urge organizations to think about O365 abilities against the main undertaking arrangements. DLP innovations like Digital Guardian, Forcepoint and Symantec furnish better generally speaking inclusion and with increasingly compelling discovery exactness. Here are a few inquiries to think about when taking a gander at O365 DLP: COMPREHENSIVE DLP COVERAGE
Office 365 provides pretty decent coverage of Microsoft technologies Exchange Online, SharePoint, OneDrive and Office documents. But how does this coverage compare to leading DLP solutions? O365 has email covered, but what about web traffic? For data at rest discovery, how much of our total stored data resides exclusively in Exchange, SharePoint and OneDrive? What about other repositories and databases? What coverage does O365 provide for data in use at the endpoint? Are we open to significant data loss risk with these gaps? Will O365 meet our long term coverage needs or is it just a band-aid? Are the cost savings with O365 DLP worth the continued risk?
SINGLE DLP MANAGEMENT CONSOLE
O365 has a single console for the areas it covers. What other DLP technologies will be needed to address gaps in other areas? How many management consoles will we have? How much time will it take to support two or more management consoles? Can enterprise DLP provide all the coverage of O365 – and more – in a single solution?
DLP INCIDENT MANAGEMENT FOR COMPLIANCE
Enterprise DLP solutions are designed for preventing data loss as well as supporting proper handling for data breaches that are sure to come. Is incident handling an important component of our state and/or federal compliance requirements? What incident management workflow features does O365 have? Does O365 help us prove proper handling of data breaches? Will good incident handling protect us from fines and other sanctions?
DLP DETECTION METHOD ACCURACY
What are the detection methods used by O365? How do these detection methods compare to enterprise DLP technologies? Are high false positive rates a concern? Does O365 compare well against false positive rates of enterprise DLP? How can we be sure that O365 is accurately detecting incidents and not missing many (false negatives)? Are we willing to accept false positives and long incident queues and the unknown of false negatives?
It makes sense to leverage existing investments in Office 365 for DLP. But if your organization requires comprehensive data protection, take a hard look at the gaps in coverage and compare that with enterprise data loss prevention.