Role of DLP Administrator

DLP provides various auditing tools: automatic notifications to data owners when transmission of protected data was attempted; user notifications and self-handling portal; tracking and logging, event details, charts, graphs, filtered lists, and reports from the Logs & Monitor view.

Before you begin your audit, configure your DLP policy. First, define Data Types.

To create and refine the DLP policy:

• Deploy out-of-the-box Data Loss Prevention with a basic policy. This policy provides strong detection capabilities from Day-1.
• You can customize pre-defined Data Types to improve policy accuracy. Some provided Data Types are placeholders for dictionaries of proprietary information. These Data Types are flagged for your attention. Integrate your organization's data with your DLP policy to make it more accurate for your needs.
• Choose Data Types.

  Become familiar with the wide range of provided Data Types. Enable and disable the rules in the DLP policy that suit your needs.

• Create your own Data Types with the easy to use wizard.

  Enforce confidentiality guidelines of your organization. Ensure that information belonging to Data Owners stays within their control. Enforce data protection by using your Data Types in DLP rules.

• Monitor incidents and communicate to data owners.

  The DLP gateway catches attempted transmissions of protected data and logs incidents. You can see these incidents in the Logs & Monitor Logs view. You will decide, with the Data Owners, what incidents also require notification to the Data Owners. As you monitor the incidents, create guidelines to fine tune the DLP policy.

• Refine the policy.

  When an email or FTP upload is held because it matches a rule in the Data Loss Prevention policy, it disrupts users. Sometimes this is the best preventative action, but in other situations it is unnecessary. Monitor user actions to see whether users agree that the data should not have been sent or that users have reasons for the transmissions.

• Maintain policy over time.

  Generate Data Owner reports and audit user actions. Look at the logs that the Logs & Monitor Logs view provides and make sure the DLP policy works smoothly and prevents transmission of protected data.

DLP Permissions for Administrator Accounts

You can assign a DLP administrator full DLP permissions or a subset of permissions.

With full permissions, a DLP administrator can:

• See all fields of the logs in the Logs & Monitor Logs view.
• See the captured data (the actual email, FTP files and HTTP posts).
• Send or discard quarantined user emails.

An alternative to assigning a full set of permissions is to configure a subset. This gives you the flexibility to assign only some of the permissions. For example, permissions to only see the fields of the logs but not to see the captured data or send or discard quarantined emails.

Configuring Full DLP Permissions

To configure full permissions:

1. In SmartConsole, select Manage & Settings > Permissions & Administrators.
2. Double-click the administrator account or click New create a new administrator user account.

   The Administrator Properties window opens, and shows the General page.

3. In Permission Profile, click the drop-down menu and then click New.

   The Permissions Profile Properties window opens.

4. In Enter Object Name, enter the name for the DLP admin profile.
5. Make sure Read/Write All is selected.
6. From the navigation tree, click Monitoring and Logging.
7. Select these options:
   • DLP logs including confidential fields
   • View/Release/Discard DLP messages
8. Click OK.
9. Close the administrator window and publish the changes.

Configuring a Subset of Permissions

To configure a subset of permissions for the DLP administrator:

1. In SmartConsole, select Manage & Settings > Permissions & Administrators.
2. Double-click the administrator account or click New create a new administrator user account.

   The Administrator Properties window opens, and shows the General page.

3. In Permission Profile, click the drop-down menu and then click New.

   The Permissions Profile Properties window opens.

4. In Enter Object Name, enter the name for the DLP admin profile.
5. Select Customized and click Edit.
6. From the navigation tree, click Access Control.
7. In the Additional Policies section, configure Read or Write permissions for Data Loss Prevention.
8. From the navigation tree, click Monitoring and Logging.
9. Select one or more of these options:
   • DLP Logs including confidential fields - Permissions to view all fields of DLP logs in the Logs & Monitor Logs view. When this check box is cleared, an administrator sees the text **** Confidential **** and not the actual content of fields defined as confidential.
   • View/Release/Discard DLP messages - Permissions to view emails and related incidents from within the Logs & Monitor Logs view. With this permission, administrators can also release (send) or discard quarantined emails from within the Logs & Monitor Logs view.

     Note - If you select all of these options with Write permissions, the administrator has full DLP permissions.

10. Click OK.
11. Close the administrator window and publish the changes.