The Garage Series for Office 365: Stop that smoking gun! The latest in eDiscovery and data loss prevention

Episode 3 out of a 6 part special filmed in New Orleans, our intrepid host Jeremy Chapman is joined by Microsoft SharePoint and Microsoft Exchange experts Mark Kashman and Bharat Suneja to share an overview the very latest in integrated Enterprise Search, eDiscovery and Data Loss Prevention to harden your data protection. See how these technologies work across both Office 365 Cloud implementations and your on-premises Office stack to help save users and organizations proactively and reactively from themselves while helping to reduce the complexity of discovery and high costs of legal review due to compliance audits.

Jeremy: So our last show got quite a reaction by way of offering an exclusive first look deep dive on the upcoming real-time co-authoring capabilities with Office Web Apps which we demonstrated in Word, Excel and PowerPoint. This was the first time that we had showed the pre-release code capabilities. You can continue to catch that show here or by visiting the Garage Series show channel.

For our latest New Orleans show special, I’m joined by SharePoint and Exchange experts Mark Kashman and Bharat Suneja to take a look at another important topic, the very latest in data protection with eDiscovery and Data Loss Prevention across Cloud and Hybrid environments.

Mark: That’s right, data lives everywhere and the foundation to any data hardening and compliance strategy is to be able to locate key sources of data wherever they may be and you’ll see that not only are we making it so you can quickly discover content through key word searches across the Office stack with integrated enterprise search (formally FAST), but we’ve also greatly enhanced your ability to preserve content versions with eDiscovery and the new eDiscovery Center in SharePoint which allows you to perform in-place holds on SharePoint content, email in Exchange, saved Lync conversations etc.. This means users cannot manipulate or change data from an earlier point in time, and while we can put a document version on hold, we can do this without impacting the ability for the user to continue to be productive.

SharePoint eDiscovery Center showing unified search, filters, statistics, on-hover previews, and tabs for the various sources and content type – from an example “Northwind Traders” case.

Jeremy: This is pretty game changing – I know that for a typical audit it could previously take months to discover the data sources and then you were at risk of the data source being obscured or changed.

Mark: Yes we can now get a real-time response but the other thing that is significant is when you go to export documents and assets we aim to help reduce the footprint. If you consider that the cost of legal review is sometimes $10,000 per GB, these advances mean you can now minimize the volume of what gets reviewed without having to first export everything, saving a ton of time and money in lawyer’s fees wherever there is a suspected issue.

Once you discover data in an audit and use an in-place hold, the original file is preserved in that state in the preservation hold library. Even a SharePoint Site Administrator cannot modify the file and edits made in the Preservation Hold Library will result in another instance of the file. That is why you see two links to what appears to be the same file in the demo on the show. Then once you narrow in on the required content, you export it in a standards based EDRM XML format once from across the entire Office stack – not multiple time from various silos.

Jeremy: So we had a bit of fun showing how this all works with SharePoint online and the eDiscovery center on the show. It was great to see what you can do reactively from a data compliance/protection perspective, so then we looked at what you can also put in place more proactively from a data protection perspective with the new Data Loss Prevention capability in Exchange.

As we were in New Orleans we did this New Orleans style and tested whether or not Exchange Online could stop a smoking gun email leaving the organization as our test study Mr. #dealwithit tried to send out his boss’s credit card details.

Before you get too trigger-happy in the comments section with other ways to communicate the credit card number, we all know he could have used a plethora of other means to succeed in his task – but this is an example of how Data Loss Prevention rules can be set up to work to prevent the worse from happening within the corporate domain. It not only helped train our user, but it also blocked the offensive message at the backend using the new transport rules enabled via Data Loss Prevention.

Bharat: Yes that guy definitely needed to be saved from himself, and in this particular case, he was behaving a little drunk and malicious and not using his best judgment.  Most users on the other hand, don’t try and send stuff out maliciously. That’s why we have Outlook Policy tips to focus users on going the right thing. But we can also set up custom policies which we demonstrate on the show.

This is pretty powerful as you saw it means that even where Outlook tips are overlooked by the user we can forcibly stop data leaving the organization by email via the Exchange back-end, by setting up custom rules, which are like transport rules but a lot more sophisticated and allows for deep content inspection. Exchange now in fact ships with thousands of templates to assist with this.

When you create DLP policies, you can include rules that include checks for sensitive information. The conditions that you establish within a policy, such as how many times something has to be found before an action is taken. Sensitive information rules are integrated with the transport rules framework by introduction of a condition that you can customize. Exchange also supplies policy templates that already include some of the sensitive information types. A list of what is supplied in-box is provided here.

Jeremy: So eDiscovery and Data Loss Prevention are two major advancements with the new Office, to help with data hardening and compliance. But there’s also a lot more to it such as Windows Azure Active Directory Rights Management Services for file-level security, and Exchange Active Sync for device management and security, both of which we’ll cover more on future shows. So what are next steps that our viewer/readers can take?

Mark: If you want to go deeper into eDiscovery, dive into this “What’s new in eDiscovery” article, and then I would suggest beginning to Plan for eDiscovery to understand how it can best serve the needs and compliance requirements of your organization.

Bharat: TechNet’s library for Data Loss Prevention is a great place to start – the important point though is that with templates and such we are making it a whole lot easier to implement policy and so this should be mostly a no-brainer for both seasoned and new Exchange administrators out there.

Jeremy: Great, thanks Mark and Bharat, I look forward to having you back on the show as we cover more topics on SharePoint and Exchange in future. Data Loss Prevention and eDiscovery along with Windows Azure Active Directory Rights Management Services (AD RMS) provide excellent proactive and reactive security for data. We’ll dig a bit deeper into Windows Azure AD RMS in a future show. Our next show will take a look at the new Fasttrack tools and process for speeding up time to value for Office 365 inside of your organization. If you think that it is slower or more complex to get the new Office tenant deployed inside of your organization – think again!

Bye for now,

Jeremy Chapman, Mark Kashman and Bharat Suneja

More resources

Garage Series Video Channel

The Exchange Team Blog

SharePoint Blog

Garage Series Season 1 Blog Archive

Follow @OfficeGarage on Twitter

About the Garage Series hosts

By day, Jeremy Chapman works at Microsoft, responsible for optimizing the future of Office client and service delivery as the senior deployment lead. Jeremy’s background in application compatibility, building deployment automation tools and infrastructure reference architectures has been fundamental to the prioritization of new Office enterprise features such as the latest Click-to-Run install. By night, he is a car modding fanatic and serial linguist. Mark Kashman is a Senior Product Manager on the SharePoint team focusing primarily on SharePoint Online & SharePoint Mobility. He lives in the Redmond, WA area and enjoys kayaking, biking, hiking, ballet/soccer/science club/swimming (all the Dad duties), and quiet-bird-chirping moments for reading books on his #WP8 Kindle app when not playing that darned addictive Bejeweled LIVE+. Follow Mark on Twitter @Mkashman. Bharat joined Microsoft on a mysterious day between the end of March and beginning of April 2008. He’s a Senior Technical Writer in the Exchange Customer Experience (CXP) team, responsible for content related to Compliance (Archiving, Retention, eDiscovery, In-Place Hold), Security, and Search. Bharat is a former Exchange MVP, current MCT, MCSE (+Messaging +Security), MCITP. He is the coauthor of Exchange Server 2007: The Complete Reference (Osborne McGraw-Hill), and publishes Exchangepedia blog.