Data Loss Prevention helps the organization in monitoring, tracking, and preventing business data on the cloud, IT enables the IT admin of the organization to set up policies. Admin can track or restrict functions like sharing, downloading, copying, etc. for a single user, particular OUs, or the entire organization.
To create a new policy, Navigate to Home -- Policies --DLP, Click on Add option & you implement the new policy.
Title: Name your policy to identify it later when you want to make changes quickly.
Description: Short description for helping understand the policy if more than one admin is managing the account
Enabled: For some reason, if you want the policy to be disable for some time and re-enable it, you can check/uncheck “Enabled” option as shown above.
Valid Always: You can decide the validity of the policy with valid Always button. Toggling this you can say whether you want a policy for a stipulated time or a policy which is always applied
Valid From and Valid To: If Valid Always is off, then you will have to provide the date range for which the policy needs to be applied. This way admin need not manually turn off the policy.
Agent Based DLP:
Block Personal Gmail :
Restrict users from accessing their personal Gmail accounts while in the corporate network. This ensures that no data sharing occurs between a user’s personal and business Gmail accounts
Track / Block users from –
- Downloading documents or other files from the drive
- Downloading email attachments from their business emails
- Sharing files or any other data from the Google drive
- Accessing their personal Gmail in the business network
- Using Clipboard functions (Copy / Paste) data from Google drive
- Printing corporate files, documents, etc. from Google Drive
- Taking screenshots or Print screen of the business data stored on the drive
Session Timeout :
For Idle Timeout interval : Admin can set the hours and minutes for this policy, It the machine is idle for the particular time, the user gels logout automatically
For Session duration : Here the admin can set the session logout for users and CUs. The machine will get automatically logout from the CFB.
Note: Session Time Out settings will be effective if the chrome extensions settings applied from Settings→ Preferences→ Chrome Extension
Office 365 & github :
Restrict users from accessing their personal accounts while in the corporate network. This ensures that no data sharing occurs between a user’s personal and business accounts
Block USB Access :
Restrict users to access external USB devices to ensure no business data is being transferred for unauthorized use
Agent Less DLP:
Compliance Rule ( Email DLP ) :
Compliance policies and keep a check on its adherence. Design compliance policies with our pre-designed templates to best suit your needs for PCI, PHI, PII, HIPAA, and others.
- Downloading of Documents: DLP in the cloud solution allows to set policy on downloading of the document. It means whenever someone tries to download a document stored on Google Drive, and it can easily be tracked or controlled.
- Deletion of Document: If someone deletes any document stored on Google Drive, then this policy keeps a complete record of it. For example, who has deleted the document and which document is deleted.
- Sharing Outside the Organization: Sharing of any document outside the organization can easily be handled by setting such policies. Moreover, the DLP solution by cloudcodes is capable of revoking the external access also.
- Taking Screenshots: An organization can set a policy also to restrict users from taking screenshots. No one is allowed to take a screenshot of the work going on in a particular system.
It also permits the organization to define actions, which is to be taken when such type of violations are detected. For ex , if it is found that a document is shared outside the organization, the IT can define policies to revoke the external access.
You can implement this policy on specific user’s or OU’s or entire domain ( all User)
***********************************************************************