Welcome to
Help Desk

Product Updates
Training
Support
Ideas Contact Support

Content Safeguards - Best Practices

Follow

Egnyte Secure & Govern now provides two different types of Content Safeguard Policies. These are Restriction Policies and Exception Policies. In this article, use cases for Content Safeguard Exception and Restriction policies will be provided to assist with your implementation of these policies across your organization.

For detailed information on Content Safeguard Exception policies, see Content Safeguard Exception Policies

For detailed information regarding Content Safeguard Restriction policies, see Content Safeguard Restriction Policies 

General Information

Exception Policies

Content Safeguard Exception policies will only be applied to newly created links. None of the Content Safeguard restrictions will be changed for existing links.

Currently, Content Safeguard Exceptions policies can only be used to control group-based link expiry. This will be expanded to support all link controls in the future.

Restriction Policies

Content Safeguard Restriction policies will always be applied to newly created links. Most Content Safeguard Restriction policy restrictions will not impact existing links.  However, when enabling this feature with link-type blocking restrictions, existing Links can be impacted. For example, existing public links that are accessible by “Anyone” (aka “Public Links”) are blocked and will be restricted according to the policy criteria settings shown below.

 

Users with those links will not be able to access them unless they have a password, are a domain user, or are a specified recipient. Anyone not meeting the criteria will no longer be able to access the content via the link.

If you enable this feature, we recommend notifying users in advance with an email.

Supported Sources

Content Safeguards are currently supported for Egnyte Collaborate sources only.

 

Planning

Content Safeguards can protect your repository from data leaks by allowing customers to set the Egnyte Collaborate default link sharing restrictions to be more or less restrictive depending on your needs. Before implementing Content Safeguard policies, first define a sharing link policy. Consider the following when defining a link sharing policy.

Link Sharing Policy Considerations

  • Can the same link restrictions be applied across all files/folders or will some files/folders require different restrictions?
    • Document the types of files/folders where default link restrictions should be applied across the organization
    • Document the types of files/folders where more restrictive link sharing is required
      • Why do these folders/files require more restriction?
      • What type of restrictions are needed?
    • Document the types of files/folders where less restrictive link sharing is required
      • Why do these folders/files require less restriction?
      • What type of restrictions/exceptions are needed?
  • Can the same link restrictions be applied to all users or will some users/groups require different restrictions?
    • Document the default link restrictions that should be applied across the organization
    • Document the users/groups that require special link restrictions
    • Document the special link restrictions that are required for these users/groups

Implementation

Once the corporate link sharing policy has been defined and documented, the policy rules should be implemented for your Egnyte Collaborate content sources. Basic link sharing policy implementation steps are explained below.

Link Sharing Policy Implementation

  • Step 1: Configure default link restriction settings within Egnyte Collaborate based on your company’s file sharing policy.
    • Goal: Configure defaults to be most restrictive
  • Step 2: Based on your file sharing policy, determine the Content Safeguard Restriction policies that need to be created to ensure your most important files/folders are secure.
    • Goal: Minimize the number of policies
  • Step 3: Based on your file sharing policy, determine the Content Safeguard Exception policies that need to be created to ensure your special user/groups can share files/folders per their defined business needs.
    • Goal: Minimize the number of policies

Use Cases & Examples

Content Safeguard Restriction and Exception policies have different purposes. These policies should only be created when your corporate link sharing policy can’t be achieved by using default link sharing settings within Egnyte Collaborate.

Restriction Policies

Content Safeguard Restriction policies should only be used to enforce more restrictive link sharing than what is being enforced by your default link sharing settings. Restrictions will impact all users/groups across your organization that have access to the files/folders defined in the policy’s configuration criteria settings. Criteria settings are used to define the scope of the policy. The following policy criteria settings are supported for Restriction Policies.

Restriction Example

In this example, company “ABC” has a default policy which allows password protected links to be shared for all folders and files. However, their corporate sharing policy states that files within the “HR Folder” can only be shared with domain users for up to 2 days or up to 3 times and these files can not be downloaded.

In order to enforce this more restrictive link sharing requirement, a Content Safeguard Restriction policy is needed to override the default settings. The following steps should be taken.

1. Go to the Settings page, click the Content Safeguards dropdown, choose Restrictions.

2. Select “Add Restriction” to create a new Content Safeguard Restriction policy

3. Enter policy name and description

     

4. Go to Policy Criteria and click-on configure “Selected Location”

          

5. The folder tree window appears. Select “HR Folder” and “Save”

Content safeguard restrictions - folder selection.png

6. Go to the Content Safeguard policy “Restrictions” section and apply the following restrictions.

        

Only domain users link types are allowed, link expiry only allows up to 2 days or 3 clicks and downloads are set to “No” to meet the corporate policy requirements.

7. Select “Create Restriction.” The policy is created and you’ll be sent to the main view where you can see the policy is “calculating matches”

8. Once the policy has completed processing, the new Content Safeguard policy will be enforced on the “HR Folder”

 

Exception Policies

Content Safeguard Exception policies should only be used to enforce less restrictive link expiry sharing than what is being enforced by your default link sharing settings and/or your Content Safeguard Restriction policies. that Exception Policies will override Content Safeguard Restriction policies. Exceptions will only impact the users/groups and folders defined in the policy’s configuration criteria settings. Criteria settings are used to define the scope of the policy. The policy criteria settings will depend on whether or not the Exception policy is related to an existing Restriction policy.

Currently, Content Safeguard Exceptions policies can only be used to control group-based link expiry. This will be expanded to support all link controls in the future.

If a Content Safeguard Exception policy is related to an existing Content Safeguard Restriction policy, only the “Any Group” criteria will be available. This is because the scope of the Exception policy will be defined by the scope of the Restriction policy.

If a Content Safeguard Exception policy is not related to an existing Content Safeguard Restriction policy, both the “At any location” and “Any Group” criteria will be available. This is because the scope (folders) of the Exception needs to be defined.

Exception Example

Using the previous Restriction example, company “ABC” has a default policy which allows password protected links to be shared for all folders and files. The customer now also has a Content Safeguard Restriction policy which, for files in the HR Folder, only allows domain users to share links for up to 2 days or 3 clicks and also prevents the files from being downloaded.

However, the company now has a business need to allow the “HR Admin” group to share files for up to 7 days or up to 5 times.

In order to enforce this less restrictive link sharing requirement, a Content Safeguard Exception policy is needed to override the customer’s default and Content Safeguard Restriction policy settings. The following steps should be taken.

1. Go to the Settings page, click the Content Safeguards dropdown, choose Exceptions.

2. Select “Add Exception” to create a new Content Safeguard Exception policy

3. Enter policy name and description

4. Select the “HR Folder Policy” as the Related Restriction

5. Go to Policy Criteria and click-on configure “Any Group”

           

6. The User Group window appears. Select “HR Admin” group and “Save”

7. Go to the Content Safeguard policy “Exceptions” section and apply the following exceptions.

Now only the HR Admin group will have link expiry set to allow up to 7 days or 5 clicks for files in the HR folder only. All other groups will still have link expiry set to allow up to 2 days or 3 clicks for files within the HR folder.

8. Select “Create Exception”, the policy is created. The policy will take effect after Secure & Govern has scanned and tagged the files defined by the scope of policy.

           

9. Once the policy has completed processing, the new Content Safeguard policy will be enforced on the “HR Folder” for the “HR Admin” group

Do not use Content Safeguards to set default link security standards across the entire Egnyte Collaborate source. Instead, customize the default share settings in Egnyte Collaborate.

 

 

Was this article helpful?
0 out of 0 found this helpful

For technical assistance, please contact us.