Video Screencast Help
Protect Your POS Environment Against Retail Data Breaches. Learn More.

TechTip: Business-Friendly File Blocking Using Enterprise Vault

Created: 17 Mar 2009 • Updated: 25 Mar 2009
Language Translations
Swathi Turlapaty's picture
+2 2 Votes
Login to vote

Many businesses find themselves at risk when users host inappropriate or illegal files on corporate property. This practice can leave the company liable to criminal charges in the worst cases, or, at the very least, these files can consume too much valuable storage space. But many administrators find that a blanket implementation of Enterprise Vault’s active file blocking can inadvertently cause disruptions in the workplace.

This TechTip outlines how to gradually introduce passive then active file blocking that will reclaim disk space, protect a company’s interests, and ensure that workers have access to the data they need. Passive file blocking allows the creation and copying of unauthorized files, but a message of the violation is sent to EV administrators. Active file blocking will not allow the creation, storage, or copying of files to any enterprise storage device. By carefully using both blocking techniques, EV administrators can get the best results with the least disruption.

Analyze, categorize

The first step is to run EV’s File System Archiving Report to see if there are specific file types that are taking up unnecessary server resources and which may violate copyright or business computing standards, such as .mp3, .wma, or .jpg files. Once the file types are identified, a memo should be sent out to all employees instructing them to remove all such files from company servers. Next, EV administrators should implement passive file blocking, with notifications of violations sent only to the Enterprise Vault staff. These internal notifications will help administrators further categorize where most violations are occurring and enable them to better understand the nature of the problem. For example, perhaps passive blocking notifications are coming in for a particular group of users, and after investigation, it turns out that the group produces a number of .jpg and .mp3 files for the company’s Web site. Or perhaps a team of sales reps are downloading and accessing sales training videos in .mpg format. These groups can be accommodated without abandoning file blocks.

Make accommodations

Once EV administrators determine which individuals need particular file types, a group or groups with specific file permissions can be set up under EV. After accommodating these exceptions, administrators should then continue with passive file blocking and note the frequency of violation notifications. At this point, administrators can then contact users who are in violation to determine if their file usage is legitimate, or instruct users to remove the designated file types.

Administrators should give users sufficient time to comply, but then broadcast a corporate memo that Offense Notifications will begin to be sent out to users not in compliance-- with copies sent to management.

By giving users ample time to comply with the policies and to contact IT with any requests for retaining file types for their work, administrators reduce the number of help desk calls they receive, and also avoid the risk of disrupting legitimate business.

Enable active blocking

The final step is to enable active file blocking, preventing users from downloading, copying, or saving files that do not meet business standards and criteria. As an additional precaution, EV administrators can then implement file signature scanning, to make sure that users are not merely spoofing the system by renaming banned files with accepted file extensions.

This step-by-step introduction of Enterprise Vault active file blocking should reclaim storage resources and protect companies from potential damages, while ensuring that legitimate business computing can continue with all the appropriate files and data.

Related Links