In the Mo

One of the concepts for building collaborative capabilities into tools is to support the need for collaboration “in the flow” of what the user is doing, as opposed to taking them out to another or separate application. If collaborative activity is part of the work process, that activity should be supported where the user is working, e.g., in whatever tools they are using.

In a play on words that I’ve only just thought about, one of the concepts in the information security area could be called “in the mo,” short for “in the moment.” If a user is about to break – intentionally or unintentionally – a security policy or a compliance mandate, catching that “in the mo” and warning the user that their soon-to-be-actioned item has a violation in it can give pause for reflection, and therefore a way to stop the violation from taking place at all. Many years ago (2005’ish) there was an information rights management vendor that would provide a proactive warning via pop-up that a particular action would violate a policy if it was carried through.

This background discussion is a long way of saying that I was pleased to read that Microsoft is bringing proactive policy violation warnings to Word, Excel, and PowerPoint in Office 2016:

Over the last few years we’ve added DLP to Exchange, Outlook, OneDrive for Business and SharePoint. Now we’re bringing these same classification and policy features to Word, Excel and PowerPoint. With these new capabilities, IT admins can centrally create, manage and enforce policies for content authoring and document sharing—and end users will see policy tips or sharing restrictions when the apps detect a potential policy violation.

Of course, there are times when you don’t want to alert a user that the system can see they are doing the wrong thing. If a disgruntled employee is sending confidential documents by email to a competitor, warning them that they will violate a policy is the wrong course of action. You will want to intercept that transmission however, to prevent it from getting to the said competitor, and then use such evidence to take appropriate action against the employee. Warning them that you know will provide a tip off, and they’ll just use other forms of sharing confidential documents, e.g., a thumb drive, a share from OneDrive for Business, etc.

Categories: Miscellaneous