Content Safeguards can protect your repository from data leaks by restricting public links to sensitive files. Administrators can create Content Safeguards policies in Secure & Govern that restrict links to a minimum security level, based on sensitive content matching, risk score, and location. These policies are then enforced in the Egnyte Collaborate source.
There are two types of Content Safeguard policies, Block and Warn. Under Warn policies, all link security levels for the file or folder will be available as options in the dropdown, but less secure links may have a warning message stating the link type is “Not Recommended”. Under Block policies, certain link types for files or folders may not be available since the links must meet minimum security requirements defined by your Administrator such as password-protected links.
Enabling this feature, with a blocking policy, will impact link creation for Collaborate users. Users will be required to use the mandated minimum security level when creating new links. Access to existing links will also be restricted according to the policy. If you enable this feature, we recommend notifying users in advance with an email. You can find a link to the email template and additional information about helping Collaborate users and answers to frequently asked questions in the Additional Resources section.
Skip Ahead to...
This feature works for Egnyte Collaborate sources only. Creating link restriction policies will not impact sharing for non-Collaborate sources.
How Content Safeguard Policies Work
- Folder/File links - Content Safeguard policies block file links only. Users still can create folder links, but recipients won't be able to download or preview files matching the policy
- Creating/Applying New Policy Changes - Creating or modifying Content Safeguards is not a real-time process. After any policy creation or change, Secure & Govern needs to scan through and stamp all the files, that match the policy, Collaborate. This may take hours or even days. Currently, we can stamp up to 100K files per hour
- Newly added files - This is not a real-time process. Secure & Govern must scan and stamp the new files that match any existing Content Safeguard policy. This may take up to 1 hour.
Manage Content Safeguards
Create an Access Control Policy
- Go to the Settings page, open the Content Safeguards tab, and click Add Policy.
- Specify the policy name and description.
- Specify whether to apply based on "ALL of the following criteria" or "ANY of the following criteria".
- Restrict files based on Content Classification policy match, risk score, or location.
Content Classification: Files matching the selected policies will be restricted.
Risk Score: Files that fall within the selected Risk Score range will be restricted.
Location: Files within the specified folders will be restricted. When a top-level folder is selected, all of the sub-folders are automatically selected. The sub-folders included can be adjusted.
Choose the baseline restriction that will be applied to the included files.
Block ALL Links Policy
When turning "Off" the "Allow sharing content with links", NO links can be shared for the files that match the Content Safeguard policy.
Users can still create folder links for files that have been blocked under a Content Safeguard policy. However, when a recipient opens a folder link, none of the files can be accessed.
- Click Create Policy.
Do not use this feature to set default link security standards across the entire Egnyte Collaborate source. Instead, customize the share settings in Collaborate.
View, Edit, and Delete Active Access Control Policies
- Go to the Settings page and open the Content Safeguards tab. All active policies will appear in this list along with the number of files restricted under the policy.
- To edit or delete a policy, click the three dots on the right-hand side of the policy.
For Content Safeguard policies, based on file classification, any files that receive link security level restrictions will retain them even if the file is moved or copied unless the policy is deleted.
When creating a link to a file, all link security levels for the file will be available as options in the dropdown. However, any link option that doesn’t meet the allowed link security levels for the file, will have a warning message stating the link type is “Not Recommended”. You can still create a file link using the less secure method but will be required to enter a justification.
When creating a link to a folder, you will see a warning message stating the link type is “Not Recommended”. You can still create a folder link using the less secure method but will be required to enter a justification. All files within the folder will be viewable by link recipients.
When creating a link to a file, only the allowed link security levels for the file will be available as options in the drop-down. Link creators can select their desired security level and create the link. Recipients must meet the security requirements to access the file with the link.
Links to folders are not restricted. Instead, link recipients can access the folder but cannot access any files in the folder that are restricted under a Content Safeguard policy with security requirements higher than the folder links. Link creators will see a warning when they create folder links that files within their folder matching Content Safeguard policies will not be viewable or downloadable by link recipients.
Other Link Options
When preview-only links are enforced via a Content Safeguard policy, link recipients can preview the file, but will not be able to download the file. Preview-only links are enforced when selecting "No" in the "Allow downloads" restriction section.
When encrypted links are enforced via a Content Safeguard policy, link recipients must have the FileGuard client installed to view a file. Encrypted links are enforced when selecting "Yes, encrypted" in the "Allow downloads" restriction section.
Installing FileGuard Client:
Want to learn more? Need guidance communicating these changes to users? These resources can help.