Exchange Server admins must protect email from hackers and security breaches, as well as mistakes from end users. One way to do this is by properly applying and reviewing role groups, but that’s not the only way. Let's take a look at how data loss prevention should fit into your strategies to secure Exchange 2013.
Apply and review DLP rules
Security isn't just about keeping attackers out of the enterprise. Email has become a major source of security breaches through data loss. This can happen when malicious or uninformed users send sensitive business data, such as customer databases or new product designs, via email. Not only does data loss threaten security, but it can also expose the business to regulatory compliance violations and can be a serious hit to the company's reputation.
Exchange Server 2013 includes a set of data loss prevention (DLP) features that use a number of transport rules to filter email flowing through the business. If you're looking for a more secure Exchange 2013 deployment, Exchange 2013 provides standard DLP rule templates, supports the use of third-party rule templates and allows you to create custom rule templates. DLP can use templates to analyze the content of email and looks for certain words, phrases and other content that might suggest the presence of sensitive information.
Exploring Exchange 2013 security
- This is part two in a series about creating a more secure Exchange 2013 deployment.
- Click here for part one, which covers role groups.
- Stay tuned for part three, which covers malware and anti-spam protection.
DLP can also take actions when it suspects the possible presence of sensitive information. For example, DLP can choose to reject or delete a suspicious message, redirect the message to a local administrator or supervisory personnel or insert disclaimers in the message to meet compliance requirements, including legal or financial disclaimers. DLP warns end users about potential violations before messages are sent and can also log each action for further review and disciplinary action.
Any organization with sensitive internal information should consider implementing the DLP features in Exchange Server 2013. This must also include regular reviews of the transport rules and the establishment of clear acceptable use policies for email users. For instance, rule reviews and adjustments are often appropriate when rules are so poorly conceived or overly broad that they may produce false positives. This generates additional work for managers, and any resulting warnings can become obtrusive for end users. Periodically identifying and correcting weak rules can actually ease the burden for secure Exchange 2013 experts and end users alike.