{"id":29880,"date":"2021-03-22T14:43:10","date_gmt":"2021-03-22T19:43:10","guid":{"rendered":"https:\/\/www.filecloud.com\/blog\/?p=29880"},"modified":"2025-04-16T07:36:11","modified_gmt":"2025-04-16T12:36:11","slug":"enforce-data-protection-in-filecloud-with-smart-dlp","status":"publish","type":"post","link":"https:\/\/www.filecloud.com\/blog\/enforce-data-protection-in-filecloud-with-smart-dlp\/","title":{"rendered":"Enforce data protection in FileCloud with Smart DLP"},"content":{"rendered":"<p><img decoding=\"async\" loading=\"lazy\" class=\"alignnone size-full wp-image-29898\" src=\"https:\/\/www.filecloud.com\/blog\/wp-content\/uploads\/2021\/03\/Smart-DLP.png\" alt=\"Smart DLP\" width=\"1136\" height=\"677\"><\/p>\n<p>\u00a0<\/p>\n<p><em>Info: This is the second post in the series \u201cSmart Classification, Metadata, and Smart DLP \u2013 the powerful combo\u201d <\/em>about <em>data classification and security in FileCloud. <\/em><\/p>\n<p>In the previous post, we explained<a href=\"https:\/\/www.filecloud.com\/blog\/2021\/03\/how-to-best-utilize-fileclouds-metadata\/\"> <u>the concepts and capabilities of File Cloud\u2019s metadata subsystem<\/u><\/a>, which allows users to describe data available in their system by assigning extensive sets of information to them. As we\u2019ve shown, metadata can be used to search for particular files or to grant or decline operations like download or share via the Smart DLP subsystem. In this post we\u2019ll discuss that particular subsystem alone, explaining how it works, and what protection it can give in real-world scenarios.<\/p>\n<p>\u00a0<\/p>\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_63 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title \" >Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/www.filecloud.com\/blog\/enforce-data-protection-in-filecloud-with-smart-dlp\/#Smart_DLP\" title=\"Smart DLP\">Smart DLP<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/www.filecloud.com\/blog\/enforce-data-protection-in-filecloud-with-smart-dlp\/#Affected_User_Actions\" title=\"Affected User Actions\">Affected User Actions<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/www.filecloud.com\/blog\/enforce-data-protection-in-filecloud-with-smart-dlp\/#Rule_Expression\" title=\"Rule Expression\">Rule Expression<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/www.filecloud.com\/blog\/enforce-data-protection-in-filecloud-with-smart-dlp\/#DLP_Action\" title=\"DLP Action\">DLP Action<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/www.filecloud.com\/blog\/enforce-data-protection-in-filecloud-with-smart-dlp\/#DLP_Mode\" title=\"DLP Mode\">DLP Mode<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/www.filecloud.com\/blog\/enforce-data-protection-in-filecloud-with-smart-dlp\/#Rule_Notification\" title=\"Rule Notification\">Rule Notification<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/www.filecloud.com\/blog\/enforce-data-protection-in-filecloud-with-smart-dlp\/#Rule_Expressions\" title=\"Rule Expressions\">Rule Expressions<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/www.filecloud.com\/blog\/enforce-data-protection-in-filecloud-with-smart-dlp\/#Request_related\" title=\"Request related\">Request related<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/www.filecloud.com\/blog\/enforce-data-protection-in-filecloud-with-smart-dlp\/#User_related\" title=\"User related\">User related<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/www.filecloud.com\/blog\/enforce-data-protection-in-filecloud-with-smart-dlp\/#File_related\" title=\"File related\">File related<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-11\" href=\"https:\/\/www.filecloud.com\/blog\/enforce-data-protection-in-filecloud-with-smart-dlp\/#Metadata_related\" title=\"Metadata related\">Metadata related<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-12\" href=\"https:\/\/www.filecloud.com\/blog\/enforce-data-protection-in-filecloud-with-smart-dlp\/#Share_related\" title=\"Share related\">Share related<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-13\" href=\"https:\/\/www.filecloud.com\/blog\/enforce-data-protection-in-filecloud-with-smart-dlp\/#Common_Use_Cases\" title=\"Common Use Cases\">Common Use Cases<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-14\" href=\"https:\/\/www.filecloud.com\/blog\/enforce-data-protection-in-filecloud-with-smart-dlp\/#Rule_Violations\" title=\"Rule Violations\">Rule Violations<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-15\" href=\"https:\/\/www.filecloud.com\/blog\/enforce-data-protection-in-filecloud-with-smart-dlp\/#Share_Crawler\" title=\"Share Crawler\">Share Crawler<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-16\" href=\"https:\/\/www.filecloud.com\/blog\/enforce-data-protection-in-filecloud-with-smart-dlp\/#In_Conclusion\" title=\"In Conclusion\">In Conclusion<\/a><\/li><\/ul><\/nav><\/div>\n<h2><span class=\"ez-toc-section\" id=\"Smart_DLP\"><\/span>Smart DLP<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>DLP stands for <a href=\"https:\/\/www.filecloud.com\/data-leak-prevention\/\">Data Leak Prevention<\/a>, which, simply put, protects your data from \u201cleaking\u201d by enforcing sets of rules on how data can be manipulated and retrieved. In FileCloud this can be achieved by creating rules in the Smart DLP subsystem. During program execution, these rules are evaluated and particular operations are allowed or blocked. Let\u2019s dive a little bit deeper into what is possible in FileCloud, version 20.3.<\/p>\n<p>When admins visit the Smart DLP screen, they see a list of all available DLP rules with details about each of them.<\/p>\n<p><img decoding=\"async\" loading=\"lazy\" class=\"alignnone size-full wp-image-29883\" src=\"https:\/\/www.filecloud.com\/blog\/wp-content\/uploads\/2021\/03\/Smart-DLP-1.png\" alt=\"DLP Rules\" width=\"1692\" height=\"542\"><\/p>\n<p>DLP rule definition is very powerful, allowing admins to really narrow use cases by specifying user actions, mode, the rule expression, the DLP action and mode, and notifications. Let\u2019s explain each area in more detail.<\/p>\n<p>\u00a0<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Affected_User_Actions\"><\/span>Affected User Actions<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>This property allows admins to specify which actions performed by users will be monitored and protected by the given DLP rule. FileCloud version 20.3 provides support for download, share and login operations.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Rule_Expression\"><\/span>Rule Expression<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>This is the heart of the DLP rule, and allows admins to specify the actual use case they want to prevent or monitor. The rule expression engine in File Cloud\u2019s Smart DLP is very flexible and allows combining multiple conditions into a single rule. We\u2019ll discuss available options in more details later.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"DLP_Action\"><\/span>DLP Action<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Provides two possible actions: DENY and ALLOW, which specify what should happen if the rule expression is matched. Based on that setting, the same rule can be used to either grant or prohibit a login or a download operation for the given user.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"DLP_Mode\"><\/span>DLP Mode<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>This property takes one of two available values, Enforce or Permissive, that specify how the system behaves when the rule is met. When the rule works in Enforce mode, it blocks <strong>any <\/strong>rule violation attempts.. For example, a 403 status is returned by the API if a user without permission tries to download a file, or a share operation is blocked if a user tries to share a protected file or tries to share it with non-permitted users. In addition, the violation attempt is logged. On the other hand, \u00a0Permissive mode performs logging and monitoring of violation attempts without blocking the actual operation. This allows admins to monitor and trace some potentially insecure patterns without enforcing policies that might be too restrictive.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Rule_Notification\"><\/span>Rule Notification<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Allows admins to provide custom messages that are displayed if a rule is violated. This is applicable only to the Download and Share actions.<\/p>\n<p><strong>\u00a0<\/strong><\/p>\n<h2><span class=\"ez-toc-section\" id=\"Rule_Expressions\"><\/span>Rule Expressions<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>FileCloud provides multiple predefined expressions that can be used as building blocks when creating more complex DLP rules. An important note is that the set of available predefined expressions depends on the user action the admin wants to allow or deny. The reason for that is simple \u2013 the required data for some of the flows may not be present. For example, when a user tries to log in we might not have any information apart from the request details and user\u2019s email or username, so we cannot use an expression that requires additional data. On the other hand, when protecting a download operation, additional information about the file being processed is present, so more expressions are available for use. Let\u2019s briefly review lists of available expressions grouped by the data they operate on.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Request_related\"><\/span>Request related<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<ul>\n<li><em>remoteIp<\/em> \u2013 returns the IP address that has been used to execute the action, for example, 43.12.34.123<\/li>\n<li><em>agent<\/em> \u2013 returns the user agent that has been used to execute the action<\/li>\n<li><em>inIpv4Range(low, high) <\/em>\u2013 checks whether the IP address used to perform the action is a part of the given range<\/li>\n<li><em>remoteCountryCode<\/em> \u2013 Returns the two character, uppercase ISO code of the country, for example, \u2018US\u2019<\/li>\n<li><em>inIpV4CdirRange(cdir) \u00ad<\/em>\u2013 Checks whether the IP address used to execute the action matches the given CDIR range, for example, \u201910.2.1.0\/24\u2019<\/li>\n<\/ul>\n<h3><span class=\"ez-toc-section\" id=\"User_related\"><\/span>User related<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<ul>\n<li><em>username <\/em>\u2013 returns the username of the user trying to execute the action<\/li>\n<li><em>email<\/em> \u2013 returns the email of the user trying to execute the action<\/li>\n<li><em>userType<\/em> \u2013 Returns the type of the user trying to execute an action. Available types are: \u2018Full Access\u2019, \u2018Limited Access\u2019, \u2018Guest Access\u2019<\/li>\n<li><em>inGroup(groupName)<\/em> \u2013 Checks if a user is a member of a given group<\/li>\n<li><em>isEmailInDomain(domains)<\/em> \u2013 Checks if a user\u2019s email matches any of the given, comma separated domains, for example, _user.inGroup(\u2018email.com,email.net\u2019) will return true for the following emails: <a href=\"mailto:accounts@email.com\">accounts@email.com<\/a>, <a href=\"mailto:johndoe@email.net\">johndoe@email.net<\/a>.<\/li>\n<\/ul>\n<h3><span class=\"ez-toc-section\" id=\"File_related\"><\/span>File related<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<ul>\n<li><em>path<\/em> \u2013 returns the path of the file being downloaded<\/li>\n<li><em>pathStartsWith(path)<\/em> \u2013 checks whether the file\u2019s path starts with the given string<\/li>\n<\/ul>\n<h3><span class=\"ez-toc-section\" id=\"Metadata_related\"><\/span>Metadata related<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<ul>\n<li><em>exists(metadata)<\/em> \u2013 checks whether the file (or any of the files if a folder is downloaded) has the given metadata attribute assigned<\/li>\n<li><em>existsWithValue(metadata, value) <\/em>\u2013 Similar to the previous expression, but checks for a specific value in the metadata attribute.<\/li>\n<li><em>existsWithCondition(metadata, operator, value)<\/em> \u2013 Checks whether the value exists and matches the expression. The following operators are supported: == (equals), != or &lt;&gt; (not equal), &gt; (greater than), &lt; (less than), &gt;=, (greater than or equal to) &lt;= (less than or equal to). For example, metadata.existsWithCondition(\u2018secure.risk_level\u2019, \u2018&gt;\u2019, 3) will return true when any of the files being downloaded contains the secure.risk_level attribute with a value greater than 3.<\/li>\n<\/ul>\n<h3><span class=\"ez-toc-section\" id=\"Share_related\"><\/span>Share related<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<ul>\n<li><em>path<\/em> \u2013 returns the path of the share location<\/li>\n<li><em>public<\/em> \u2013 checks whether the share is public or not<\/li>\n<li><em>_share<\/em>.<em>allowedUsers<\/em> \u2013 returns a list of emails of users allowed to access the share<\/li>\n<li><em>allowedGroups<\/em> \u2013 returns a list of groups allowed to access the share<\/li>\n<li><em>hasUsersFromDomain(domain)<\/em> \u2013 Checks if the allowed users list has any user whose email MATCHES any of the domains provided in the domain comma-separated list. This method is only applicable for the DENY rule<\/li>\n<li><em>onlyUsersFromDomain(domain)<\/em> \u2013 Checks if the allowed users list has any user whose email DOESN\u2019T MATCH any of the domains provided in the domain comma-separated list. This method is only applicable for the ALLOW rule<\/li>\n<li><em>pathStartsWith(path)<\/em> \u2013 returns true if the share location starts with the given path<\/li>\n<li><em>pathContains(text)<\/em> \u2013 returns true if the share path contains the given \u2018text\u2019<\/li>\n<li><em>pathMatches(pattern)<\/em> \u2013 returns true if the path matches the given pattern. This expression uses simplified regex syntax, allowing wildcards \u2018*\u2019 and single characters \u2018#\u2019<\/li>\n<\/ul>\n<p>\u00a0<\/p>\n<p>As mentioned earlier, FileCloud\u2019s Smart DLP supports three operations \u2013 login, download and share. The following groups of expressions are supported for each one:<\/p>\n<p><strong>Download<\/strong> \u2013 request, user, file, metadata<\/p>\n<p><strong>Share <\/strong>\u2013 user, metadata, share<\/p>\n<p><strong>Login<\/strong> \u2013 request, user<\/p>\n<p>\u00a0<\/p>\n<p>Rule expressions can be combined with each other with logical operators, which makes Smart DLP a very powerful tool. The diagrams below explain how DLP operates.<\/p>\n<p><img decoding=\"async\" loading=\"lazy\" class=\"alignnone size-full wp-image-29886\" src=\"https:\/\/www.filecloud.com\/blog\/wp-content\/uploads\/2021\/03\/Smart-DLP-2.png\" alt=\"Rule Expression\" width=\"881\" height=\"701\"><\/p>\n<p>Source <a href=\"https:\/\/www.filecloud.com\/supportdocs\/fcdoc\/latest\/server\/filecloud-administrator-guide\/governance-setup\/smart-dlp\/rule-expressions\">here<\/a>.<\/p>\n<p>\u00a0<\/p>\n<p>The following algorithm is used when evaluating the action:<\/p>\n<ol>\n<li>Check if the controlled action (Login, Share, Download) is being performed.<\/li>\n<li>If yes find ALL DLP rules matching that action.<\/li>\n<li>For each DLP rule that matches, evaluate the specified rule expression (simple or complex)<\/li>\n<li>If the rule expression returns true decide whether access is granted or denied based on the ALLOW\/DENY parameters. DENY behavior varies depending on whether the rule is enforcing or permissive. The former will break the chain of checks and block the action, and the latter will grant access for the given DLP rule, log the violation and continue with the next rule.<\/li>\n<\/ol>\n<p>\u00a0<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Common_Use_Cases\"><\/span>Common Use Cases<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>\u00a0<\/p>\n<p>Equipped with knowledge about the basic building blocks, we can start exploring some interesting possibilities that they provide when we start combining them.<\/p>\n<p>\u00a0<\/p>\n<ol>\n<li>Prevent login from outside the given country<\/li>\n<\/ol>\n<p>This scenario is pretty common since it is a part of many compliance policies (for example, ITAR). It can be achieved with the given rule:<\/p>\n<table>\n<tbody>\n<tr>\n<td width=\"113\"><strong>Affected action<\/strong><\/td>\n<td width=\"85\"><strong>DLP Action<\/strong><\/td>\n<td width=\"406\"><strong>Rule expression<\/strong><\/td>\n<\/tr>\n<tr>\n<td width=\"113\">LOGIN<\/td>\n<td width=\"85\">DENY<\/td>\n<td width=\"406\">_request.remoteCountryCode != \u2018US\u2019<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>\u00a0<\/p>\n<p>Note: As with almost all DLP rules this can be achieved alternately by negating the condition in the expression and changing the DLP Action to ALLOW. The new rule would\u00a0 ALLOW access if the country code equals `US`, whereas the original one says \u2013 DENY access from outside of the US.<\/p>\n<p>Note: The country code feature requires GeoIP service synchronization, which allows mapping IPs to the country code.<\/p>\n<ol start=\"2\">\n<li>Limit login to users from the company\u2019s domain via web browser only<\/li>\n<\/ol>\n<p>This scenario allows login only for users whose emails match the company\u2019s domain and only for the web browser client.<\/p>\n<table>\n<tbody>\n<tr>\n<td width=\"113\"><strong>Affected action<\/strong><\/td>\n<td width=\"85\"><strong>DLP Action<\/strong><\/td>\n<td width=\"406\"><strong>Rule expression<\/strong><\/td>\n<\/tr>\n<tr>\n<td width=\"113\">LOGIN<\/td>\n<td width=\"85\">DENY<\/td>\n<td width=\"406\">_user.isEmailInDomain(\u2018company.com\u2019) and _request.agent == \u2018Web browser\u2019<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>\u00a0<\/p>\n<ol start=\"3\">\n<li>Prevent sharing of internal files to external users<\/li>\n<\/ol>\n<p>This scenario prevents public sharing and private sharing to users that are not members of the Company group if documents are marked as internal (which can be done automatically with File Cloud\u2019s Smart Classification subsystem).<\/p>\n<table>\n<tbody>\n<tr>\n<td width=\"113\"><strong>Affected action<\/strong><\/td>\n<td width=\"85\"><strong>DLP Action<\/strong><\/td>\n<td width=\"406\"><strong>Rule expression<\/strong><\/td>\n<\/tr>\n<tr>\n<td width=\"113\">SHARE<\/td>\n<td width=\"85\">ALLOW<\/td>\n<td width=\"406\">_metadata.existsWithValue(\u2018Security.internal\u2019, false) or (_metadata.existsWithValue(\u2018Security.internal\u2019, true) and _user.inGroup(\u2018CodeLathe\u2019))<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>\u00a0<\/p>\n<ol start=\"4\">\n<li>List of allowed IPs for external downloads<\/li>\n<\/ol>\n<p>This scenario prevents downloads for users who are not a part of the internal user group unless the download is performed from the user\u2019s office location (known IP address).<\/p>\n<table>\n<tbody>\n<tr>\n<td width=\"113\"><strong>Affected action<\/strong><\/td>\n<td width=\"85\"><strong>DLP Action<\/strong><\/td>\n<td width=\"406\"><strong>Rule expression<\/strong><\/td>\n<\/tr>\n<tr>\n<td width=\"113\">DOWNLOAD<\/td>\n<td width=\"85\">ALLOW<\/td>\n<td width=\"406\">_user.inGroup(\u2018Internal\u2019) or (_user.inGroup(\u2018Trusted Company\u2019) and _request.remoteIp == \u201913.112.23.121\u2019)<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>\u00a0<\/p>\n<p>As we can see, Smart DLP allows us to create some really complex scenarios, like preventing sharing of files from folders that match the team folder path if the request is coming from outside the given IP range and the recipient is not a member of our domain.<\/p>\n<p>Also, see the examples in<u> How to secure documents with Smart DLP &amp; CCE<\/u><\/p>\n<p>\u00a0<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Rule_Violations\"><\/span>Rule Violations<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Smart DLP provides a way to report rule violations to admins. The main dashboard displays a widget showing current DLP statistics, including Active Downloads, Active Uploads, Active Shares, and Active Users, as well as violations. A detailed list of violations with the details of the operation that triggered each violation can be accessed in Smart DLP view for each rule.<\/p>\n<p>\u00a0<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Share_Crawler\"><\/span>Share Crawler<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>A more advanced topic worth mentioning is the Share Crawler. This process is executed on a daily basis as a part of the daily CRON and removes all shares that are blocked by the Enforcing share-related DLP rules. This removes shares that already existed when the given DLP rule was created.<\/p>\n<p>Note: This operation removes those shares physically if the rule operates in the Enforcing state. This operation cannot be reverted, so admins have to be careful when using it.<\/p>\n<p>\u00a0<\/p>\n<h2><span class=\"ez-toc-section\" id=\"In_Conclusion\"><\/span>In Conclusion<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Smart DLP is definitely a powerful and flexible tool that can be used to provide more security and data protection to your organization. In the previous article we showed the capabilities of the metadata subsystem, which can be utilized by DLP to enforce monitoring and control over file sharing and downloads. The next article from the series will explain how the two subsystems can be linked with the Smart Classification subsystem, which allows content-based classification of files. Stay tuned.<\/p>\n<p>\u00a0<\/p>\n<p>\u00a0<\/p>\n<p>Also, see:<br \/>\nSmart DLP<\/p>\n<p><a href=\"https:\/\/www.filecloud.com\/smart-dlp-intelligent-data-leak-protection-to-secure-enterprise-content\/\">Intelligent Data Leak Protection \u2013 Secure Your Enterprise Content<\/a><\/p>\n<p><a href=\"https:\/\/blog.netwrix.com\/2019\/07\/16\/10-best-practices-essential-for-your-data-loss-prevention-dlp-policy\/\">10 Best Practices Essential for Your Data Loss Prevention (DLP) Policy<\/a><\/p>\n<p>\u00a0<\/p>\n<p>\u00a0<\/p>\n","protected":false},"excerpt":{"rendered":"<p>How FileCloud\u2019s intelligent data leak prevention capabilities work to protect enterprise content with information on how to configure DLP.]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[20],"tags":[259,1605,1608,997,1602],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v20.13 (Yoast SEO v20.13) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Enforce data protection in FileCloud with Smart DLP - FileCloud blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.filecloud.com\/blog\/enforce-data-protection-in-filecloud-with-smart-dlp\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Enforce data protection in FileCloud with Smart DLP\" \/>\n<meta property=\"og:description\" content=\"How FileCloud\u2019s intelligent data leak prevention capabilities work to protect enterprise content with information on how to configure DLP.]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.filecloud.com\/blog\/enforce-data-protection-in-filecloud-with-smart-dlp\/\" \/>\n<meta property=\"og:site_name\" content=\"FileCloud blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/tonidopage\" \/>\n<meta property=\"article:published_time\" content=\"2021-03-22T19:43:10+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-04-16T12:36:11+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.filecloud.com\/blog\/wp-content\/uploads\/2021\/03\/Smart-DLP.png\" \/>\n<meta name=\"author\" content=\"Team FileCloud\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@getfilecloud\" \/>\n<meta name=\"twitter:site\" content=\"@getfilecloud\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Team FileCloud\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"9 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.filecloud.com\/blog\/enforce-data-protection-in-filecloud-with-smart-dlp\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.filecloud.com\/blog\/enforce-data-protection-in-filecloud-with-smart-dlp\/\"},\"author\":{\"name\":\"Team FileCloud\",\"@id\":\"https:\/\/www.filecloud.com\/blog\/#\/schema\/person\/8a8df071f564aa2c10fa07d6ce60c935\"},\"headline\":\"Enforce data protection in FileCloud with Smart DLP\",\"datePublished\":\"2021-03-22T19:43:10+00:00\",\"dateModified\":\"2025-04-16T12:36:11+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.filecloud.com\/blog\/enforce-data-protection-in-filecloud-with-smart-dlp\/\"},\"wordCount\":1955,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.filecloud.com\/blog\/#organization\"},\"keywords\":[\"dlp\",\"DLP Action\",\"DLP Mode\",\"Metadata\",\"Rules\"],\"articleSection\":[\"FileCloud\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.filecloud.com\/blog\/enforce-data-protection-in-filecloud-with-smart-dlp\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.filecloud.com\/blog\/enforce-data-protection-in-filecloud-with-smart-dlp\/\",\"url\":\"https:\/\/www.filecloud.com\/blog\/enforce-data-protection-in-filecloud-with-smart-dlp\/\",\"name\":\"Enforce data protection in FileCloud with Smart DLP - FileCloud blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.filecloud.com\/blog\/#website\"},\"datePublished\":\"2021-03-22T19:43:10+00:00\",\"dateModified\":\"2025-04-16T12:36:11+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.filecloud.com\/blog\/enforce-data-protection-in-filecloud-with-smart-dlp\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.filecloud.com\/blog\/enforce-data-protection-in-filecloud-with-smart-dlp\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.filecloud.com\/blog\/enforce-data-protection-in-filecloud-with-smart-dlp\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.filecloud.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Enforce data protection in FileCloud with Smart DLP\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.filecloud.com\/blog\/#website\",\"url\":\"https:\/\/www.filecloud.com\/blog\/\",\"name\":\"FileCloud blog\",\"description\":\"Topics on Private cloud, On-Premises, Self-Hosted, Enterprise File Sync and Sharing\",\"publisher\":{\"@id\":\"https:\/\/www.filecloud.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.filecloud.com\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.filecloud.com\/blog\/#organization\",\"name\":\"FileCloud\",\"url\":\"https:\/\/www.filecloud.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.filecloud.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.filecloud.com\/blog\/wp-content\/uploads\/2016\/02\/filecloud_logo_comparison.jpg\",\"contentUrl\":\"https:\/\/www.filecloud.com\/blog\/wp-content\/uploads\/2016\/02\/filecloud_logo_comparison.jpg\",\"width\":155,\"height\":40,\"caption\":\"FileCloud\"},\"image\":{\"@id\":\"https:\/\/www.filecloud.com\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/tonidopage\",\"https:\/\/twitter.com\/getfilecloud\",\"https:\/\/www.linkedin.com\/company\/codelathe\",\"https:\/\/www.pinterest.com\/filecloud\/filecloud\/\",\"https:\/\/www.youtube.com\/channel\/UCbU5gTFdNCPESA5aGipFW6g\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.filecloud.com\/blog\/#\/schema\/person\/8a8df071f564aa2c10fa07d6ce60c935\",\"name\":\"Team FileCloud\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.filecloud.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/b5818ab931b69298f500d8a184fd2384?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/b5818ab931b69298f500d8a184fd2384?s=96&d=mm&r=g\",\"caption\":\"Team FileCloud\"},\"sameAs\":[\"http:\/\/www.filecloud.com\"],\"url\":\"https:\/\/www.filecloud.com\/blog\/author\/admin\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Enforce data protection in FileCloud with Smart DLP - FileCloud blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.filecloud.com\/blog\/enforce-data-protection-in-filecloud-with-smart-dlp\/","og_locale":"en_US","og_type":"article","og_title":"Enforce data protection in FileCloud with Smart DLP","og_description":"How FileCloud\u2019s intelligent data leak prevention capabilities work to protect enterprise content with information on how to configure DLP.]","og_url":"https:\/\/www.filecloud.com\/blog\/enforce-data-protection-in-filecloud-with-smart-dlp\/","og_site_name":"FileCloud blog","article_publisher":"https:\/\/www.facebook.com\/tonidopage","article_published_time":"2021-03-22T19:43:10+00:00","article_modified_time":"2025-04-16T12:36:11+00:00","og_image":[{"url":"https:\/\/www.filecloud.com\/blog\/wp-content\/uploads\/2021\/03\/Smart-DLP.png"}],"author":"Team FileCloud","twitter_card":"summary_large_image","twitter_creator":"@getfilecloud","twitter_site":"@getfilecloud","twitter_misc":{"Written by":"Team FileCloud","Est. reading time":"9 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.filecloud.com\/blog\/enforce-data-protection-in-filecloud-with-smart-dlp\/#article","isPartOf":{"@id":"https:\/\/www.filecloud.com\/blog\/enforce-data-protection-in-filecloud-with-smart-dlp\/"},"author":{"name":"Team FileCloud","@id":"https:\/\/www.filecloud.com\/blog\/#\/schema\/person\/8a8df071f564aa2c10fa07d6ce60c935"},"headline":"Enforce data protection in FileCloud with Smart DLP","datePublished":"2021-03-22T19:43:10+00:00","dateModified":"2025-04-16T12:36:11+00:00","mainEntityOfPage":{"@id":"https:\/\/www.filecloud.com\/blog\/enforce-data-protection-in-filecloud-with-smart-dlp\/"},"wordCount":1955,"commentCount":0,"publisher":{"@id":"https:\/\/www.filecloud.com\/blog\/#organization"},"keywords":["dlp","DLP Action","DLP Mode","Metadata","Rules"],"articleSection":["FileCloud"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.filecloud.com\/blog\/enforce-data-protection-in-filecloud-with-smart-dlp\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.filecloud.com\/blog\/enforce-data-protection-in-filecloud-with-smart-dlp\/","url":"https:\/\/www.filecloud.com\/blog\/enforce-data-protection-in-filecloud-with-smart-dlp\/","name":"Enforce data protection in FileCloud with Smart DLP - FileCloud blog","isPartOf":{"@id":"https:\/\/www.filecloud.com\/blog\/#website"},"datePublished":"2021-03-22T19:43:10+00:00","dateModified":"2025-04-16T12:36:11+00:00","breadcrumb":{"@id":"https:\/\/www.filecloud.com\/blog\/enforce-data-protection-in-filecloud-with-smart-dlp\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.filecloud.com\/blog\/enforce-data-protection-in-filecloud-with-smart-dlp\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.filecloud.com\/blog\/enforce-data-protection-in-filecloud-with-smart-dlp\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.filecloud.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Enforce data protection in FileCloud with Smart DLP"}]},{"@type":"WebSite","@id":"https:\/\/www.filecloud.com\/blog\/#website","url":"https:\/\/www.filecloud.com\/blog\/","name":"FileCloud blog","description":"Topics on Private cloud, On-Premises, Self-Hosted, Enterprise File Sync and Sharing","publisher":{"@id":"https:\/\/www.filecloud.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.filecloud.com\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.filecloud.com\/blog\/#organization","name":"FileCloud","url":"https:\/\/www.filecloud.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.filecloud.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.filecloud.com\/blog\/wp-content\/uploads\/2016\/02\/filecloud_logo_comparison.jpg","contentUrl":"https:\/\/www.filecloud.com\/blog\/wp-content\/uploads\/2016\/02\/filecloud_logo_comparison.jpg","width":155,"height":40,"caption":"FileCloud"},"image":{"@id":"https:\/\/www.filecloud.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/tonidopage","https:\/\/twitter.com\/getfilecloud","https:\/\/www.linkedin.com\/company\/codelathe","https:\/\/www.pinterest.com\/filecloud\/filecloud\/","https:\/\/www.youtube.com\/channel\/UCbU5gTFdNCPESA5aGipFW6g"]},{"@type":"Person","@id":"https:\/\/www.filecloud.com\/blog\/#\/schema\/person\/8a8df071f564aa2c10fa07d6ce60c935","name":"Team FileCloud","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.filecloud.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/b5818ab931b69298f500d8a184fd2384?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/b5818ab931b69298f500d8a184fd2384?s=96&d=mm&r=g","caption":"Team FileCloud"},"sameAs":["http:\/\/www.filecloud.com"],"url":"https:\/\/www.filecloud.com\/blog\/author\/admin\/"}]}},"_links":{"self":[{"href":"https:\/\/www.filecloud.com\/blog\/wp-json\/wp\/v2\/posts\/29880"}],"collection":[{"href":"https:\/\/www.filecloud.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.filecloud.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.filecloud.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.filecloud.com\/blog\/wp-json\/wp\/v2\/comments?post=29880"}],"version-history":[{"count":13,"href":"https:\/\/www.filecloud.com\/blog\/wp-json\/wp\/v2\/posts\/29880\/revisions"}],"predecessor-version":[{"id":36383,"href":"https:\/\/www.filecloud.com\/blog\/wp-json\/wp\/v2\/posts\/29880\/revisions\/36383"}],"wp:attachment":[{"href":"https:\/\/www.filecloud.com\/blog\/wp-json\/wp\/v2\/media?parent=29880"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.filecloud.com\/blog\/wp-json\/wp\/v2\/categories?post=29880"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.filecloud.com\/blog\/wp-json\/wp\/v2\/tags?post=29880"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}