Once you select content classification policies, Egnyte Protect will start surfacing locations matching these policies in the Sensitive Content tab.
Filtering the locations list
You can narrow down the list of sensitive locations using filters from the collapsable Filters pane. Once you apply these filters, only locations matching all these filters will be displayed.
The available filters in the Sensitive Content tab are:
- the matched classification policies
- the Risk score of the folder
- the time when the details of the location, such as the Risk score or the matched classification policies, were last updated
- whether the location contains any unpermitted sensitive content
Exporting the locations list
You can export the list of sensitive locations shown in the Sensitive Content tab as a CSV file. From the export dropdown, you can either export the complete list of locations or just the filtered list of locations currently shown in the tab.
Permitting sensitive content
While you can permit an entire folder tree to contain sensitive content from the Source settings page, you can permit individual folders from the Sensitive Content tab. For example, you may want to permit just a folder to contain files with PCI-DSS content but not permit any of its sub-folders to do so. You can do this easily from the Sensitive Content tab.
1) In the Sensitive Content tab, turn on the toggle to display only those locations with unpermitted content. This toggle is turned on by default.
2) Click on the location’s row to bring up its details. You can see the classification policies that have matched against content in the location.
2) By default, no sensitive content is permitted in the location. If you want to permit content matching a policy, you can turn on the toggle for that policy.
3) Once you’ve permitted a policy for this location, any new files matching this policy are considered to permitted in the location.
4) If you’ve permitted all the detected policies for a location, it will be hidden from your view as the location now only contains permitted content. Any new files matching the currently permitted policies will not bring the location back. However, if content matching some new unpermitted policy is found in the location, the location will come back to the view.
5) To view all locations with sensitive content, regardless of whether the content is permitted or not, turn off the toggle.
Using the above actions, you can reduce the risk of sensitive content exposure in your sources. The Sensitive Content tab is also periodically refreshed to reflect any changes you make in your sources. When you take actions outside Egnyte Protect, such as moving identified sensitive content to more secure folders, the list of locations with unpermitted sensitive content will get automatically shrunk down.
Remediating unpermitted sensitive content
You can also choose to shrink the footprint of unpermitted sensitive content in an Egnyte Connect source from the Sensitive Content tab. For example, files with sensitive employee information that belong in the Human Resources folder may have been accidentally copied to several publicly shared folders. To avoid a potential leak of this information, you may choose to either delete these files or move them to a location within the Human Resources folder.
1) In the Sensitive Content tab, turn on the toggle to display only those locations with unpermitted content.
2) Multi-select locations that contain any unpermitted sensitive content that can be remediated together.
3) The Details pane will show the number of such files and the type of unpermitted sensitive content.
4) Click on the Fix button in the Details pane.
5) If you wish to simply move these files to Trash, click on the Delete Sensitive Files option. Confirm the remediation to move all files with unpermitted content in the selected locations to Trash.
6) You may choose to leave stub files behind in the folders to explain the missing content. These stubs are text files with the same names as the deleted files, but with just a simple message indicating the remediation.
7) Alternatively, you may choose the option to move these files with unpermitted content to another location.
In this case, you'll need to select the destination folder for these files. Note that the folder you select will be automatically permitted to contain the type of content in these files. For example, if you choose to move files matched by the PCI-DSS policy, the destination folder will be now automatically permitted to contain PCI-DSS content.
8) Confirm the remediation to move the files to the selected destination. Again, you may choose to leave behind stub files explaining the remediation.
9) Once you confirm either action, the unpermitted content will be removed from the selected locations. These locations will be removed from your view as they now only contain permitted sensitive content, if any. However, if some unpermitted content is found again in any of these locations, such locations will come back to the view.