New in SharePoint 2016: Sensitive Information Types
It’s exiting days, these… Microsoft have just released the public preview of SharePoint Server 2016 and the SharePoint community are already all over it.
One of the areas that got a huge boost with Microsoft SharePoint Server 2013, was Search. With the integration of the Fast Search technology into the core server product, companies got a lot more search capabilities at their hands, and most of the companies I have worked with in the recent years have Search as one of the most prominent drivers for new SharePoint investments.
Being an advisor for governance and compliance, I have worked with these companies to understand how exactly to realize the value from these capabilities in a way that does not expose them to new and unknown risk. Implementing new search capabilities very often surfaces serious information challenges, most of which used to be nicely hidden in the lack of strong information management practices. Getting better at using and managing information in your company actually also works for those who want to misuse information.
So with the introduction of very strong Enterprise Search tool and machine learning driven tools like Delve, companies need to get sharper focus on how to identify and managed sensitive information across the board.
The “old-fashioned” method is to classify SharePoint as a collaborative platform that should not contain any sensitive information. This works very well “on paper”. But many companies are realizing that collaboration – to most end users – mean working with fewer constraints to accomplish individual or team goals. With the lack of tool to make sensitive information governance policy (meaning finding and removing sensitive information from where it should not be stored) operational, it is very hard to stay in control of these kind of things.
Now – with Microsoft SharePoint Server 2016 we get what is called “Sensitive Information Types”. This is brand new technology – a part of the Data Loss Prevention investments Microsoft made, and it looks like it closes exactly the gap that most companies will be facing (many are already struggling with this) when maturing their enterprise search capabilities.
Is short, Sensitive Information Types are defined in Enterprise Search, using Regular Expression and patterns to recognize certain types of data; like social security numbers etc. When the search engine finds a document it indexes the content and identifies instances of a Sensitive Information Type in the document if present. This makes the document surface in SharePoint’s eDiscovery portal, from where you can take any action needed.
This technology is still in Preview and I have not seen it in production use so far. But Data Loss Prevention has been a huge investment area for Microsoft for some time now, so my expectations are high and the need for this functionality is obvious.
Microsoft’s Bill Bear have posted this article in TechNet explaining more details on Sensitive Information Types in Microsoft SharePoint Server 2014 Preview : http://blogs.technet.com/b/wbaer/archive/2015/08/26/sensitive-information-types-in-sharepoint-server-2016-it-preview.aspx