DLP Data Insight
I have a few questions regarding DLP’s Data Insight component:
1) How is the tracking of classification done on the files?
a) Imagine the following scenario –
File A on folder A is classified as “Confidential IT” with DLP platform via Indexed Documents
User A sends file A to user B (via e-mail, file copy, etc…)
User B attempts to send this information to outside of the company
Does file A retain the classification it originally had as “Confidential IT” or is the classification lost since it was passed from User A to User B?
b) Imagine the following scenario –
If we are using manual tagging of files to classify the type of information and assuming User B is malicious and is trying to send information to outside of the company.
User A creates File A and adds the tag “Confidential IT File” to the file, which is then saved in a shared area of the department classified by DLP as “Confidential IT”.
User B who also has access to the same shared area of the department but not to send confidential information outside of the company, edits File A and removes only the tag “Confidential IT File”.
After doing this, the file is no longer classified as Confidential since it has no tag, so User B should have no problem in sending this information outside.
Is there a way to prevent this problem from occurring? What is the best way to do it?
Thanks to anyone that can provide some knowledge on this.