Data Leak Prevention allows you to have control over important organizational documents. It helps you adhere to data protection policies while providing remote access to external partners and users working remotely.
Data leak prevention is managed with a policy-based prevention mechanism. You can create and configure policies. You can then apply a policy to a Netfolder or a file in the Netfolder. When a policy is applied to a file, the file will adhere to the configuration set in the policy. The policy is assigned a set of operations that will be restricted on a file in a Netfolder.
A policy will have a set of file operation restrictions. These file operations are restricted to the files to which the policy is applied.
Go to Filr Admin Console > Management > Data Leak Prevention.
The following tabs are available under Data Leak Prevention.
NOTE:This feature is available only under the Advanced Edition license.
You can create and maintain multiple policies across different Zones. To create a policy, perform the following:
Click Create Policy on the right-top corner. The Create Policy widget is displayed.
Enter the name of the policy.
Select any colour from the dropdown menu next to the title field. These colours are used to organise sensitive files.
By default, the policy is Enabled. Click Disabled to disable the policy.
Under Configure Restrictions, the file operations are listed in the left pane. Use the arrow buttons to move a file operation from the left to the right pane and vice versa. When a file operation is added from the left to the right pane, the file operation restrictions are defined for a policy. Those operations are restricted for a file when you apply this policy to a file.
When a policy is applied to a Netfolder, you can set the enforcement type that warns the user about the content sensitivity and then allows or restricts the user from performing the file operation configured in the policy.
Select one of the following Enforcement types:
Restrict (Default): Restricts the user from performing the file operation.
Warn: A warning dialog is displayed when a user tries to perform the restricted file operation. If the user chooses to proceed, they are allowed to perform the operation.
Click Create. The policy is created.
The list of policies is displayed in the Policies tab. A system-generated policy called ‘Confidential’ is available, and the ‘Share Externally’ file operation restriction is mapped to this policy. When this policy is applied to a file, sharing the file with any external user is restricted (Share with external users, Share public, and Share with file links).
Table 3-13 Policies
|
Field, Option, or Button |
Information and/or Action |
|---|---|
|
|
|
|
|
|
The Modify option allows you to modify an existing policy.
To modify the policy, perform the following:
Go to Filr Admin Console > Management > Data Leak Prevention > Policies
Choose Modify from the Options menu of the policy. Modify Policy Widget is displayed.
Make the required changes and click Modify.
If you disable a policy that is already applied to the file, the policy will istill be applied to the file but restrictions will not be applicable to the file. Hence, users can perform the restricted file operations that are configured in the policy.
You can delete a policy. Deleting a policy will remove it from all Netfolders and files where it is currently applied.
To delete a policy,
Go to Filr Admin Console > Management > Data Leak Prevention > Policies.
Choose Delete from the Options menu of the policy.
A warning dialog is displayed.
Click Delete.
The Manage Netfolders tab lists all the Netfolders of your organization. You can enable DLP for any netfolder listed here.
You can select a DLP policy and apply it to a Netfolder for which DLP is enabled.
The built-in administrator is a moderator by default. The Moderators section allows you to select the users having access to the Netfolder and make them Moderators. If the DLP is enabled for a Netfolder and the policy is not applied at the Netfolder level, then a moderator can apply policies to files and manage them in the Netfolders.
To enable DLP for a Netfolder, perform the following:
Go to Filr Admin Console > Management > Data Leak Prevention > Manage Netfolder.
Select the Netfolder from the Netfolders drop-down list. The Netfolders to which you have access are displayed in the drop-down list. You can click the close button to clear the selection made.
Slide the Enable DLP for this Netfolder toggle button to enable the DLP feature for the Netfolder.
Select a policy from the Policy drop-down menu. You can click the close button to clear the selection made.
NOTE:If you apply a policy to a Netfolder, you cannot add Moderators. Hence, an Administrator or a Moderator cannot manage policies in that Netfolder.
Slide the Enable Netfolder Moderators toggle button to allow you to add moderators to the netfolder.
Click Add or Remove Moderators. The Add or Remove Moderators dialog box is displayed.
Enter the usernames or the names of a group to be added as moderators for the Netfolder. Type the first three alphabets of a username based on the data entered, and the system will search and list the users who have access to the Netfolders.
A Netfolder can have up to ten moderators.
Click Save to add the selected users as moderators. The names added will appear in the Existing Moderators section as tags. You can click the close button on a user's tag to remove them from this section.
Click Save the changes made under the Manage Netfolder tab.
Click Discard if you do not want to save the changes made.
NOTE:
When DLP is enabled and the policy is applied to a Netfolder, the policy is applied to all the files in that Netfolder. An Administrator or a Moderator cannot modify the policy at files level.
An Administrator or a Moderator can manage the policy at files level in the Netfolder. When DLP is enabled and a policy is not applied to a Netfolder, an administrator or a moderator can apply the policy to files in the Netfolder.
For more information, see OpenText Filr 24.4 - Frequently Asked Questions.