Power Apps brings the prowess of app development to your fingertips, yet it also bears the onus of data security. Data Loss Prevention (DLP) policies are essential in preventing sensitive data from being inadvertently shared or leaked. In Power Apps, these policies help control and monitor the flow of information, ensuring that critical data is not exposed to unauthorised users.
Understanding the DLP implications of existing data flows is crucial. When applying DLP policies, we must ensure that we don’t break any apps or workflows. Therefore, a thorough analysis of existing apps and workflows is essential.
Start by classifying connectors. Decide which connectors are safe for business data (Business group) and which ones are not (Non-Business group) and which ones should be blocked.
Next, define the scope of the policy. Determine whether the policy will be at the environment level (specific to a certain environment) or at the tenant level (applies across all environments). Are there environments that should be excluded from the policy? Consider excluding certain environments, like test environments, from more restrictive DLP policies.
Determine the policy hierarchy. Be aware that multiple DLP policies applied to one environment might complicate the connector space. It’s often better to have a minimal number of policies per environment.
Set up a base policy covering all environments, limiting connectors to those necessary for everyday business operations. Develop more permissive policies for environments requiring broader access to connectors, like development or testing environments. We recommend managing DLP policies centrally at the tenant level and using environment policies for categorising custom connectors or in exceptional cases.
DLP policies are not set and forget. Reviewing DLP policies is an essential part of maintaining data security and compliance. At a minimum, conduct an annual review of your DLP policies to ensure they align with current company policies, compliance requirements, and industry best practices. For organisations in rapidly changing industries or those subject to strict regulatory controls, a more frequent review schedule (every six months or quarterly) may be necessary.
In addition, there are common business events that may warrant a DLP review:
While DLP policies serve as effective guardrails for safeguarding business data, it’s crucial to actively monitor all apps and workflows. A good tool for that is Microsoft Power Platform Center of Excellence (CoE) which we’ll explore later in this series.
At Deptive, we are dedicated to delivering Power Apps solutions that meet the highest security standards, ensuring peace of mind for you and your users. By partnering with us, you leverage our expertise in creating secure, robust, and efficient Power Apps tailored to your unique business needs.
If you’re looking to develop secure and powerful Power Apps, or if you want to enhance the security of your existing solutions, reach out to us. Let’s work together to create secure, efficient, and innovative Power Apps solutions.
Contact us today to learn more about our services and how we can help secure your digital future.
Deptive - Commercial Bay
11-19 Customs Street West St
Commercial Bay Tower, Level 17, Room 1715
We also have a virtual office in Wellington.
0800 000 141
PO Box 34797,
Birkenhead, Auckland 0746