Egnyte Secure & Govern now provides two different types of Content Safeguard Policies. These are Restriction Policies and Exception Policies. In this article, Content Safeguard Restrictions policies will be discussed in detail. For detailed information regarding Content Safeguard Exception policies, see Content Safeguard Exception Policies.
Content Safeguard Restriction Policies
Content Safeguards can protect your repository from data leaks by restricting public links to sensitive files. Administrators can create Content Safeguards policies in Secure & Govern that restrict links to a minimum security level, based on sensitive content matching, risk score, and location. These policies are then enforced in the Egnyte Collaborate source.
There are two types of Content Safeguard Restriction policies, Block and Warn.
Warn Policies
Warn policies provide access to all link security levels in the dropdown menu for files or folders. Less secure links under Warn policies may display a warning message stating the link type is "Not Recommended”.
Block Policies
Block policies restrict certain link types for files or folders, as these links must meet minimum security requirements defined by the Administrator, such as password protection.
Enabling this feature, with a blocking restriction, will impact link creation for Collaborate users. Users will be required to use the mandated minimum security level when creating new links. Access to existing links will also be impacted when blocking link type options. In the following example, existing public links that are accessible by “Anyone” are blocked and will be restricted according to the policy criteria settings. In this example, any existing links, accessible by “Anyone”, will not be accessible.
Existing links will remain unaffected by restrictions from other Content Safeguard Restriction policies. If you activate this feature, it's advisable to inform users in advance through an email. You can access an email template and find more information on supporting Collaborate users and addressing frequently asked questions in the Additional Resources Additional Resources section.
Skip Ahead to...
Supported Sources
How Content Safeguard Policies Work
Manage Content Safeguards
Content Safeguard Policy Types
Links
Additional Resources
Supported Sources
This feature works for Egnyte Collaborate sources only. Creating link restriction policies will not impact sharing for non-Collaborate sources.
How Content Safeguard Restriction Policies Work
Folder-Only Restriction Policies
These policies are configured using only location (folders)
- Folder/File Links - Content Safeguard policies restrict folder and file links. Users can only create folder and file links based on the policy configuration
- Creating/Applying New Policy Changes - Creating or modifying Content Safeguard policies will occur in real-time for folder-only policies.
- Newly Added Files/Subfolders - This is a real-time process for folder-only policies. Secure & Govern will automatically stamp the new files and subfolders that match any existing Content Safeguard policy.
Folder-only policy processing improvement only applies to “who a link is shared with”. Link expiry and download controls will still be managed at the file level which requires file level scanning
Combined Restriction Policies
These policies are configured using any combination of restrictions including content classification, risk score and location (folders)
- Folder/File links - Content Safeguard policies control both folder and file links. Users are only allowed to create folder and file links according to the settings specified in the policy configuration.
- Creating/Applying New Policy Changes - Creating or modifying Content Safeguard policies is not a real-time process. After any policy creation or change, Secure & Govern needs to scan through and stamp all the files that match the policy in Egnyte Collaborate. This may take hours or even days. Currently, we can stamp up to 100K files per hour
- Newly added files/subfolders - This is not a real-time process. Secure & Govern must scan and stamp the new files that match any existing Content Safeguard policy. This may take up to 1 hour.
The new folder-only restriction policy processing only supports “blocking” restrictions. It doesn’t support “warning” restriction policies.
Manage Content Safeguards
Create an Access Control Policy
- Go to the Settings page, click the Content Safeguards dropdown, choose Restrictions and click Add Restriction.
- Specify the policy name and description.
- Specify whether to apply based on "ALL of the following criteria" or "ANY of the following criteria".
- Restrict files based on Content Classification policy match, risk score, or location.
Content Classification: Files matching the selected policies will be restricted.
Risk Score: Files that fall within the selected Risk Score range will be restricted.
Location: Files within the specified folders will be restricted. When a top-level folder is selected, all of the sub-folders are automatically selected. The sub-folders included can be adjusted.
Content Safeguard Policy Types
Choose the baseline restriction that will be applied to the included files.
Warn Policy
Block Policy
Block ALL Links Policy
When turning "Off" the "Allow sharing content with links", NO links can be shared for the files that match the Content Safeguard policy.
Users can still create folder links for files that have been blocked under a Content Safeguard policy. However, when a recipient opens a folder link, none of the files can be accessed.
Do not use this feature to set default link security standards across the entire Egnyte Collaborate source. Instead, customize the share settings in Collaborate.
View, Edit, and Delete Active Access Control Policies
- Go to the Settings page and open the Content Safeguards tab. All active policies will appear in this list along with the number of files restricted under the policy.
- To edit or delete a policy, click the three dots on the right-hand side of the policy.
For Content Safeguard policies, based on file classification, any files that receive link security level restrictions will retain them even if the file is moved or copied unless the policy is deleted.
Links
Create Links
Warn Policy
When generating a link for a file, you can choose from all available link security levels in the dropdown. However, if the selected link option doesn't meet the allowed security levels for the file, a warning message will indicate that the link type is "Not Recommended." Nevertheless, it is still possible to create a file link using the less secure method.
When generating a link for a folder, a warning message will appear, indicating that the link type is "Not Recommended." Despite this, it is still possible to create a folder link using the less secure method, but you will need to provide a justification. It's important to note that all files within the folder will be visible to those who receive the link.
Egnyte Collaborate - Warning Policy View
The following example demonstrates a Content Safeguard Warning policy that only allows a user to share the link using any type of link access. However, only “Specific Recipients” is recommended per the Content Safeguard policy.
Block Policy
When creating a link to a file, only the allowed link security levels for the file will be available as options in the drop-down. Link creators can select their desired security level and create the link. Recipients must meet the security requirements to access the file with the link.
Links to folders are not restricted. Instead, link recipients can access the folder but cannot access any files in the folder that are restricted under a Content Safeguard policy with security requirements higher than the folder links. Link creators will see a warning when they create folder links that files within their folder matching Content Safeguard policies will not be viewable or downloadable by link recipients.
Egnyte Collaborate - Blocking Policy View
The following example demonstrates a Content Safeguard Blocking policy that only allows a user to share the link to “Specific Recipients”. All other sharing links access types have been blocked and are not allowed.
Other Link Options
Link Expiry
When link expiration is enforced via a Content Safeguard policy, link creators will only be allowed to create new links based on the enforced policy settings
Preview-Only Links
When preview-only links are enforced via a Content Safeguard policy, link recipients can preview the file, but will not be able to download the file. Preview-only links are enforced by selecting "No" in the "Allow downloads" restriction section.
Additional Resources
Want to learn more? Need guidance communicating these changes to users? These resources can help.