New SharePoint Features Supporting Compliance
Regulated industries often choose SharePoint as a center of their collaboration environment. This platform is noted for a variety of document management features that support compliance, including data encryption, access control, two-factor authentication, audit trail and more. To see these SharePoint features in action, you can have a look at our article on HIPAA compliance for healthcare organizations.
To keep up with the changes in compliance regulations (HIPAA, GLBA, GDPR, etc.), Microsoft announced several new compliance capabilities for SharePoint Online at the Ignite 2019 conference that was held on November 4-8. The majority of these features will be effective from the end of 2019.
Let’s have a look at the most important SharePoint compliance updates.
Automated detection and labelling of sensitive data
Sensitivity labels are assigned to emails and documents in order to protect confidential data. These labels help control access to sensitive information as well as manage data encryption and sharing inside and outside an organization.
Microsoft is going to bring Office 365 sensitivity labels to Office 365 Groups. And since SharePoint (just like Teams and Planner) depends on groups, this change will affect the platform, too. It will enable SharePoint to:
- Index protected content. Before this update, SharePoint could only index a labelled document’s metadata but not its content. And now, applying security labels with an Office 365 app (e.g., Word), allows SharePoint to index labelled document content that is encrypted. Thus, users who have relevant permissions can search SharePoint sites for this content. What’s more, labelled documents downloaded from SharePoint remain encrypted because the protection settings are part of the document metadata.
- Auto-classify with sensitivity labels. Labelling used to be purely manual, but the update makes it possible to detect sensitive information in SharePoint and label it automatically. So, even if users forget to label sensitive data, the AI engine will spot and label these files. To enable automated labelling, users will need to create a relevant policy in the Microsoft 365 compliance center and select rules according to which sensitivity of files will be evaluated by the engine.
Restricting internal communication between certain user groups
SharePoint Online will soon support Office 365 information barriers that help to prevent certain groups of users from communicating and sharing documents with each other inside an organization. For example, a bank can impose an information barrier between traders and brokers. To implement these barriers, information segments are made in the Microsoft 365 compliance center. After this, an admin creates information barrier policies to block communication and collaboration between these segments.
Setting expiration periods for external access
SharePoint is going to enable expiration periods for external access to content. Thus, organizations will be able to define how long a link to SharePoint content will stay valid for external users. For example, a 30-day expiration period for external access to a SharePoint site is set. After this period expires, an external user will lose access to this SharePoint site. However, depending on business needs, external access can be extended or revoked at any time.
Face compliance challenges?
Our specialists will help you master new SharePoint compliance features to ensure high-level security of your company data and abide by federal, state and internal regulations.