Content Safeguards - FAQ

Egnyte Secure & Govern now provides two different types of Content Safeguard Policies. These are Restriction Policies and Exception Policies.

Content Safeguards can protect data by restricting approved link types to files containing sensitive content. If Content Safeguards have been enabled for your source, link sharing to some of your files may be restricted to a minimum link security level based on policies created by your Administrator.

There are two types of Content Safeguard policies, Block and Warn. Under Warn policies, all link security levels for the file or folder will be available as options in the dropdown, but less secure links may have a warning message stating the link type is “Not Recommended”. Under Block policies, certain link types for files or folders may not be available since the links must meet minimum security requirements defined by your Administrator such as password-protected links. 

Frequently Asked Questions:

How do Content Safeguard Restriction policies work?

Folder-only Restriction Policies

These policies are configured using only location (folders)

• Folder/File links - Content Safeguard policies restrict folder and file links. Users can only create folder and file links based on the policy configuration
• Creating/Applying New Policy Changes - Creating or modifying Content Safeguard policies will occur in real-time for folder-only policies. 
• Newly added files/subfolders - This is a real-time process for folder-only policies. Secure & Govern will automatically stamp the new files and subfolders that match any existing Content Safeguard policy. 

Combined Restriction Policies

These policies are configured using any combination of restrictions including content classification, risk score and location (folders)

• Folder/File links - Content Safeguard policies restrict file links only. Users still can create folder links, but recipients may not be able to download or preview files matching the policy.
• Creating/Applying New Policy Changes - Creating or modifying Content Safeguard policies is not a real-time process. After any policy creation or change, Secure & Govern needs to scan through and stamp all the files that match the policy in Egnyte Collaborate. This may take hours or even days. Currently, we can stamp up to 100K files per hour.
• Newly added files/subfolders - This is not a real-time process. Secure & Govern must scan and stamp the new files that match any existing Content Safeguard policy. This may take up to 1 hour.

How do Content Safeguard Exception policies work?

• Folder/File links - Content Safeguard policies restrict file links only. Users still can create folder links, but recipients may not be able to download or preview files matching the policy
• Creating/Applying New Policy Changes - Creating or modifying Content Safeguard policies is not a real-time process. After any policy creation or change, Secure & Govern needs to scan through and stamp all the files that match the policy in Egnyte Collaborate. This may take hours or even days. Currently, we can stamp up to 100K files per hour
• Newly added files/subfolders - This is not a real-time process. Secure & Govern must scan and stamp the new files that match any existing Content Safeguard policy. This may take up to 1 hour.

Why is sharing restricted for some of my files?

Share links for files can be restricted based on policies defined by your Administrator(s) in Secure & Govern.  For more details about the restriction policies in place on your account, please contact your Administrator. 

What do I need to do when creating a folder/file link?

Warn Policy

When creating a link to a file, all link security levels for the file will be available as options in the dropdown. However, any link option that doesn’t meet the allowed link security levels for the file, will have a warning message stating the link type is “Not Recommended”. Users can still create a file link using the less secure method.

When creating a link to a folder, you will see a warning message stating the link type is “Not Recommended”. Users can still create a folder link using the less secure method. All files within the folder will be viewable by link recipients.

Block Policy

When creating a link to a file, only the allowed link security levels for the file will be available as options in the dropdown. Select your desired type of link, and you’re set. When creating a link to a folder, you will see a reminder that files with sensitive content in the folder won’t be viewable or downloadable by link recipients.

What happens to my existing links when Content Safeguards are set up?

Warn Policy

Existing links will NOT be restricted under the Content Safeguard Warn policies, meaning that all links will still be accessible by your link recipients. However, recipients may receive a warning message indicating the link type is “Not Recommended”. Use the instructions below to check your link.

Block Policy

Existing links will also be restricted under the Content Safeguard Block policies, meaning that links which were previously accessible to your link recipients may no longer be accessible because they do not meet the minimum-security requirements set by the Content Safeguard policy. Use the instructions below to check your link.

Why can I still create an "Anyone Access" folder link when I have applied a Content Safeguard Blocking policy that only allows "Password only" links?

Folder-only Policies

These policies are configured using only location (folders)

Folder links are managed the same as file links. This is because the Content Safeguard policy applies to all files within a folder or folders.

Example:

A blocking Content Safeguard policy is applied to the "HR" folder which only allows files to be shared via a link with a password. This policy applies to ALL the files in the "HR" folder. Two scenarios are explained below.

• User’s could only create folder and file links with password or link types that are more restrictive

 

Combined Policies

These policies are configured using any combination of restrictions including content classification, risk score and location (folders)

Folder links are managed differently than file links. This is because not every file, within a folder, may match the Content Safeguard policy. Content Safeguard policies are designed to restrict file sharing. A user can still share a folder with "Anyone Access". However, when a recipient opens the folder link, they will only be able to access files within a folder link when:

1. Files are NOT restricted by a Content Safeguard policy
2. When the folder link adheres to the Content Safeguard policy set against the files within the folder (see example below)

Example:

A blocking Content Safeguard policy is applied to the "HR" folder which only allows files to be shared via a link with a password. This policy applies to ALL the files in the "HR" folder. Two scenarios are explained below. 

• Scenario 1: User creates a folder link with "Anyone Access"
  • In this scenario, a recipient could open the folder link, but would NOT be able to open or download any of the files within the folder since the folder link doesn't meet the minimum requirements of the Content Safeguard policy.
• Scenario 2: User creates a folder link that requires "Password Access"
  • In this scenario, a recipient could open the folder link and will be allowed to access or download any of the files within the folder since the folder link does meet the minimum requirements of the Content Safeguard policy.

If a new subfolder is added does it automatically apply the existing Content Safeguard policy?

Folder-only Policies

These policies are configured using only location (folders)

Yes, Content Safeguard policy applies to all new files and subfolders under included folders in real time.

Combined Policies

These policies are configured using any combination of restrictions including content classification, risk score and location (folders)

What if my link recipients cannot access my link?

This likely means your link has been disabled because it does not meet the security requirements set by the Content Safeguard policy. If the link has been restricted under an access control policy, the following message will be displayed upon link access: “Access to the file has been restricted by the Administrator.” We recommend that you investigate inaccessible links via the Web UI.

How can I check if my link is working?

Use the web UI to access the link. If the link works, your link will also work for link recipients. If the link does not work and you instead see the following message: “Access to the file has been restricted by your Administrator,” your link has been disabled because it does not meet the security requirements.

What should I do if my link has been disabled by a Content Safeguard policy?

1. If the link is a file link, try increasing the link’s security level.
   
   
2. If the link is a file link and the link recipient is not a registered Connect user, the link recipient can be added as a Standard User to the Connect source to access links with a higher security level than "Public."
   
   
3. Use the Web UI to create a new link. When creating a link, only the allowed link security levels will be available as options in the drop-down. Select your desired type of link, and you’re set.
   
   
4. Contact your Administrator if you still need help or have additional questions.

Some of my files are marked as "Access restricted for link recipients", but I can still access them. Is this expected?

Yes, the “Access restricted for link recipients” message indicates that certain files may be restricted for recipients who have received links to the folder. You're still able to view these files if you already have permission to that file or folder.