Data Loss Prevention

 View Only

  • 1.  Block all documents

    Posted Jun 09, 2015 03:27 AM

    Hi,

    I am going to implement DLP to a customer. Customer is asking whether DLP can block all documents (sensitive and non-sensitive) in their company. And they doesn't care (don't want to give the location) of the documents. Technically, can this be done by DLP?

    Their intention is to stop unintended loss or the possibility that they forgot to specify the document in DLP.

    Thank you.

     



  • 2.  RE: Block all documents

    Posted Jun 09, 2015 04:17 AM

    Hi,

     

    "block all documents", what do you exactly mean by that? Do you mean blocking document types i.e. in emails? That would be possible with a simple FileType-Policy that blocks any desired file-type.

    Or do you mean block existing (known) documents? Thats also possible, with an even more simple IDM-Policy. You just let the system "fingerprint" a set of documents which then are protected by DLP.

     

    May you could give us some more details on the desired business case.

    Greetings,

    Lukas

     



  • 3.  RE: Block all documents

    Trusted Advisor
    Posted Jun 09, 2015 08:21 AM

    Hello,

     If it is in email, of course you can do it (technically speaking). It can be done for email with attachment / all Office document (or many other file types) // .... But you must be sure that it is compatible with normal company activity as most of the times people need to send some document to third parties.

     If you want to deploy such DLP policy, sounds great to also provide a "Security Exception" system which will give capability to any employee to be removed from this policy after some validation and for some business reasons. You may switch to a monitoring policy in this case.

     

     Regards.



  • 4.  RE: Block all documents

    Posted Jun 09, 2015 11:25 AM

    Hi,

    Thank you for the response.

    Basically the customer wants to block all document from being accessed (such as copy, move, save to USB) internally and emailed externally. The documents are office documents which as suggested by you guys, can either be specified by file types or IDM policy. The customer doesn't care if they cannot do their work for a week, as long as they know their document is blocked from unauthorized access.

    Once all documents are blocked from any kind of access, customer then wants the document to be allowed one by one to only authorized person.

    To me, it sounds like it requires massive effort to allow the document to authorized person later since I need to create rule for not only sensitive documents, but also non-sensitive documents.

    Thanks.

     



  • 5.  RE: Block all documents

    Posted Jun 09, 2015 12:04 PM

    Hi,

     

    in order to solve this challenge you need to implement a process that involves interaction with the user and the person authorized to accept handling specifc files.

     

    Youre right, it requires some effort, may have a look at a solution my boss provided on a different topic, but which shows very clear the topics you have to address when setting up block/release policies:

    https://www-secure.symantec.com/connect/forums/need-some-help-questions-dar-incidents-which-i-can-ask-end-user#comment-8553561

     

    Regards,

    Lukas