Microsoft has jumped on the DLP bandwagon with some strong DLP capabilities. We often get asked why not just use Office 365 for DLP? We encourage companies to compare O365 capabilities against the leading enterprise solutions. DLP technologies like Digital Guardian, Forcepoint and Symantec provide better overall coverage and with more effective detection accuracy. Here are some questions to consider when looking at O365 DLP:

Comprehensive DLP Coverage

Office 365 provides pretty decent coverage of Microsoft technologies Exchange Online, SharePoint, OneDrive and Office documents. But how does this coverage compare to leading DLP solutions? O365 has email covered, but what about web traffic? For data at rest discovery, how much of our total stored data resides exclusively in Exchange, SharePoint and OneDrive? What about other repositories and databases? What coverage does O365 provide for data in use at the endpoint? Are we open to significant data loss risk with these gaps? Will O365 meet our long term coverage needs or is it just a band-aid? Are the cost savings with O365 DLP worth the continued risk?

Single DLP Management Console

O365 has a single console for the areas it covers. What other DLP technologies will be needed to address gaps in other areas? How many management consoles will we have? How much time will it take to support two or more management consoles? Can enterprise DLP provide all the coverage of O365 – and more – in a single solution?

DLP Incident Management for Compliance

Enterprise DLP solutions are designed for preventing data loss as well as supporting proper handling for data breaches that are sure to come. Is incident handling an important component of our state and/or federal compliance requirements? What incident management workflow features does O365 have? Does O365 help us prove proper handling of data breaches? Will good incident handling protect us from fines and other sanctions?

DLP Detection Method Accuracy

What are the detection methods used by O365? How do these detection methods compare to enterprise DLP technologies? Are high false positive rates a concern? Does O365 compare well against false positive rates of enterprise DLP? How can we be sure that O365 is accurately detecting incidents and not missing many (false negatives)? Are we willing to accept false positives and long incident queues and the unknown of false negatives?

It makes sense to leverage existing investments in Office 365 for DLP. But if your organization requires comprehensive data protection, take a hard look at the gaps in coverage and compare that with enterprise data loss prevention.