Sergiy Serdyuk - Fotolia

Use document fingerprinting to protect Exchange 2013 content

With document fingerprints, enterprises have a way to protect important content in confidential and completed forms.

Data loss prevention keeps sensitive business information out of the wrong hands -- inside or outside a company. A great deal of sensitive data is in standardized documents or forms that end users complete and send as attachments. In part three of our series, our Exchange Server 2013 DLP checklist outlines some ways DLP can protect the vital content of completed document forms.

Organizations use document forms for a wide range of purposes -- employee information, patient data for HIPAA compliance, new sales initiatives or product development plans, for example. All of these forms can contain sensitive information and should be subject to data loss prevention (DLP) policies.

Document fingerprinting is an Exchange Server 2013 feature that converts selected document forms into information types subject to DLP policies and transport rules. Once "fingerprinted," DLP can spot those document forms and take action. It can prevent forms from being emailed from one authorized end user to another within the company or from an internal source to an external source.

Consider several potential issues when implementing document fingerprinting, which isn't designed to penetrate document protection like passwords or encryption. Therefore, protected documents aren't suited to fingerprinting. It's acceptable to include images in forms, but you cannot fingerprint forms that only use images. For example, you can insert an image of a new product into a form, but the form must include common text to form the fingerprint.

Finally, DLP must be able to spot the underlying fingerprint, so forms must contain all the text used to create the fingerprint. If an end user deletes any of the text used in the original fingerprint, they will no longer match and DLP won't be able to identify the form and take action. In this same vein, new or changed forms will need to be re-fingerprinted, and policies and transport rules may need to be tweaked accordingly.

Next Steps

This is part three in a series about implementing data loss prevention features in Exchange Server 2013.

Part one covers DLP templates and part two covers transport rules.

Stay tuned for part four, which covers policy tips.

This was first published in August 2014

Dig deeper on Microsoft Exchange Server 2013

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

1 comment

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchWindowsServer

SearchEnterpriseDesktop

SearchCloudComputing

SearchSQLServer

Close