Automated, file-level protection of sensitive information with SharePoint Online
Sensitivity labels are a useful but underused feature for securing documents across Microsoft 365, but particularly in SharePoint Online. With recent developments in this solution, we explore sensitivity labels in greater depth
Microsoft has really enhanced the security features of the 365 family in recent years. Importantly it has also worked on how security implemented on one of its products can carry over to another.
A well-configured SharePoint Online site already offers a range of administration tools and permissions to protect files from being accessed or edited by those an organisation wants to keep out.
However, this has required information to be siloed within distinct team or hub sites for administration purposes. So what happens when you need to provide access to sites that may contain sensitive information? Is it practical to segregate information into other folders?
Sensitivity labels offer another solution.
Sensitivity labels provide a way of classifying and protecting files within SharePoint and can extend to the whole 365 tenant (including email, documents etc,). It’s effectively a way of labelling documents and files with the level of security they require.
There are four levels of security available. Depending on the level of security on a file, sensitivity labels can be used to do things like add a digital watermark or add ‘Confidential’ automatically on all pages of a document, change access permission to ‘read-only’ and prevent download capability, or even deny access to documents.
What makes sensitivity labels so useful is that they can be applied per document. And based on file metadata or their contents, documents and files can also be secured automatically.
Setting the sensitivity label status of every file would be time-consuming. There’s also a risk of user error, with users forgetting to apply labels to documents or not spotting the sensitive data in the file.
The auto labelling feature is designed to automatically apply sensitivity labels if specific content is detected within a file or document. This can include detecting content such as:
- Passport numbers
- National Insurance information
- Bank details
Should any of these types of data be detected in a document, a pre-determined security level is then applied to the document automatically. Auto labelling is ideal from both a security and a GDPR point of view, preventing documents containing sensitive or personal information from being accidentally shared.
Reporting on sensitivity labels
In addition to applying security settings to documents, Microsoft also provides a means to track activities involving sensitivity labels.
Data Classification Reports can be found in either Microsoft 365 Security Center or Microsoft 365 Compliance Center. Here you’ll find a log of the number of protected documents, the types of data they contain, the numbers of files with different sensitivity labels applied and a wide range of other useful metrics, including who has accessed files recently.
Data Classification Reports provides an excellent way for organisations to keep track of their most sensitive files and an easy way to assess if they’re holding more risk than they would like.
To discuss SharePoint security solutions, please get in touch.