How Can FileCloud Help Enterprises Meet Data Governance Requirements?
FileCloud Governance offers complete content life cycle management with flexible retention and archival schedules. FileCloud’s Smart DLP and Classification capabilities offer data leak protection and help enterprises comply with data security regulations like HIPAA, FINRA, ITAR, GDPR, CCPA, and others.
Due to increasingly strict privacy requirements, it is important for organizations to be able to monitor neglectful or malicious activity that can result in the loss of confidential data. The data leak or loss can occur at endpoints due to user actions, during transit, or while at rest.
Leak prevention for data at rest relies on encryption technologies and physical security of media, whereas endpoint leak prevention refers to the ability to prevent data leak from an application’s endpoint (e.g. the recipient of a data transfer).
Metadata, Smart Classification, and Smart DLP are all part of FileCloud’s advanced security technology that helps organizations to meet data governance requirements. However, there are distinct differences between these features that affect how they are used and how they interact with one another.
Technically, metadata is defined as data about data. With FileCloud, the metadata feature allows the adding of additional information about files. This additional metadata helps in classifying and finding documents as well as in data leak protection
Administrators can create custom metadata sets that make sense for their business vertical to better classify and protect their enterprise data.
FileCloud defines two levels of metadata definition:
- Attribute – defines a single piece of information that the user can specify for file or folder.
- Metadata set – a group of related attributes with additional properties and settings. It works as a container for attributes.
A metadata set is a logically-grouped set of attributes that can be attached to a single file object.
Metadata can be created, edited, and applied with no dependencies.
The Smart Content Classification Engine (CCE) further refines how files are organized and tracked by FileCloud. With one or more sets of initial metadata, classification can be added to automatically add or alter metadata.
For example, with files containing PII data (email address, name), CCE will mark PII security level as “GDPR” in case you want to abide by EU and make sure you comply with the EU standards
Smart Classification relies on metadata in order to operate. A minimum of one set of metadata is required to run CCE; using more than one rule allows for a greater degree of classification.
CCE scans every file and folder on the FileCloud installation. However, the parameters of the CCE rule determine which files undergo classification.
Smart Data Leak Prevention (DLP) applies user-created rules in order to strictly control who can access the FileCloud installation, in addition to restricting which files and folders they can download or share. DLP rules can control access based on many different parameters, including user name, IP address, file path, and applied metadata. Smart DLP can also return information about who is attempting to access the FileCloud installation.
- Deny users of group “accounting” from downloading or sharing files marked PII.
- Allow users with emails from the domain “example.com” to log in to the FileCloud installation and share files but deny users the ability to download files
- Deny downloads of files with metadata attribute “GDPR” set to “YES”
- Return the usernames, IP addresses, user agents, and file paths for everyone accessing the FileCloud installation.
DLP can operate with or without metadata or prior classification.
FileCloud Data Leak Prevention
Data leak prevention (DLP) is a FileCloud feature that enables administrators to closely control the degree to which users can access, edit, download, and transfer their organization’s files and folders.
While DLP can be useful for many different kinds of data, it can be especially critical for the secure handling of Personal Identification Information (PII), Personal Health Information (PHI), and Payment Card Information (PCI). DLP also offers greater security to organizations that are required to operate in compliance with HIPAA or GDPR.
Creating Data Leak Prevention Rules
To create and edit DLP rules, follow the steps below:
- Access FileCloud’s Admin Portal > Governance > Smart DLP
- To add or create a new rule, click on Add DLP Rule and complete all of the required fields.
- Rule Name: A name that identifies the DLP rule.
- Affected User Actions: User actions that trigger the DLP rule (download, share, or login).
- Rule Expression: Criteria for triggering the DLP rule. A minimum of one expression is required in order to create a DLP rule.
- DLP Action: Allow or deny the user action if the parameters of the rule expression are triggered.
- When you are finished defining the rule, click “Create” to save it. The rule will immediately go into effect.
FileCloud is a powerful enterprise file services platform that helps you to meet all your data governance requirements. Get your free trial here today.