Data Protection on Autopilot
What Are DLP Policies
Power Platform DLP (Data Loss Prevention) policies are created and enforced to ensure that an organisations data is secured. DLP policies are put in place to stop data sharing, prevent data leakage and lock up any unauthorised access.
DLP policies consists of business and non-business assigned connectors. When creating a new DLP policy, admins are required to name the policy and identify what connectors need to be secured, accessible and blocked.
Why Do Are DLP Policies Needed?
As an admin of Power Platform, you manage user access, environments, licensing etc. Whilst you would love to ensure that citizen developers can experiment and explore the Power Platform Ecosystem, you still have an obligation to ensure your organisations data is secured. By creating a DLP policy, you can lock up pre-built and custom data connectors, ensuring that when developers are building in the platform, those connectors will be blocked or restricted. For example, if a company adds the SharePoint connector to the blocked group, users will not be able to use the SharePoint connector within the platform.
DLP Policy Types
Before you start blocking access willy nilly, it’s important to understand the consequences of the 3 types of DLP policies:
- Business: Connectors that can access sensitive data are grouped here and ensure that this data cannot be shared amongst other connector groups.
- Non-Business: This is the group where all your general connectors or unassigned connectors will sit in, i.e, your default group.
- Blocked: Lastly, any connectors you don’t want users and developers accessing will be moved to the blocked group.
Further more, based on specific connectors, admin can also manage individual actions and triggers as well.
In line with a topic we touched on a while back, admins can also apply DLP Policies per environments. When designing required policies, it’s crucial to scope the possible impact your policy may have on other users across your tenant. It may be ideal to block certain connectors in your production environment, but allowing them in developer or sandbox environments may be beneficial to adoption or development if there is no risk of leaking sensitive data.