Skip to main content

010: Monitor external sharing

Overview

Based on the scenarios listed earlier for sharing data with external partners of the organization such as service providers and collaborators (excluding customers), design the DLP policies to block external sharing scenarios not matching these patterns. Use both sensitive information types as conditions and sensitivity labels as either conditions or DLP rule exceptions to address those scenarios. E.g.: block sharing of high confidence NDA intellectual property with anyone except registered partners. Block sharing of high confidence NDA intellectual property with partners unless it's labeled as "Partner Confidential" (which limits access only to employees and partners and limits resharing functionality).

Use rules based on sensitive information types and/or EDM if sharing PII with partners is allowed in specific circumstances (e.g. auditors, data processors). Use rules based on trainable classifiers to detect intellectual property or allowed types of sensitive discussions. Combine them with regular classifiers (e.g. keyword-based SITs) if data pertaining specific projects or topics is allowed for sharing with partners.

Do not enforce the DLP rules at this stage, keep them in simulation mode in order to assess potential impact, and after a few weeks assess if critical business scenarios could have been impacted by these rules if they had been enforced. Adjust the logic of the rules and their enforcement actions (e.g. usage of policy tips, overrides and exceptions) as needed.

Reference