4
Solution Brief citrix.com ShareFile Enterprise DLP integration This solution brief describes how ShareFile Enterprise DLP integration enables content-aware file sharing restrictions
| Date post: | 17-Aug-2015 |
| Category: |
Documents |
| Upload: | mark-howell |
| View: | 2 times |
| Download: | 0 times |
Solution Brief
citrix.com
ShareFile Enterprise DLP integrationThis solution brief describes how ShareFile Enterprise DLP integration enables content-aware file sharing restrictions
Solution Brief
citrix.com
ShareFile Enterprise Data Loss Prevention Integration
2
The loss of sensitive data and other forms of enterprise information, such as Intellectual Property, can lead to significant financial losses and reputational damage. To address these business risks enterprises have turned to Data Loss Prevention (DLP) solutions and other content-aware technologies to support data security initiatives.
ShareFile Enterprise Edition supports integration with several market-leading Data Loss Prevention (DLP) products enabling content-aware sharing restrictions. Documents stored in your on-premises StorageZone can be examined by any third-party DLP security suite that supports the Internet Content Adoption Protocol (ICAP), a standard network protocol for inline content scanning.
Sharing and access privileges can then be adjusted based on the results of the DLP scan and your preferences for how strictly you want to control access. This means you can maintain a single point of policy management for data inspection and security alerts. If you already use an ICAP-compliant solution for scanning outgoing e-mail attachments or web traffic, you can point the ShareFile StorageZones Controller to the same server.
Benefits of ShareFile Enterprise DLP integration
• Apply the same security policies to files across your organization• Protect your investment in industry-leading DLP infrastructure• Take appropriate action when users attempt to share sensitive data
How ShareFile integration to DLP worksDLP integration with ShareFile is built using a flexible, policy-based system that offers granular access and sharing controls based on a new classification attribute that will be associated with each file. The system uses the DLP scan results to classify every version of every file in your StorageZone.
• Scanned: OK – Files that were scanned by a DLP system and passed OK• Scanned: Blocked – Files that were scanned by a DLP system and were found to contain
sensitive data• Unscanned: Files that have not yet been scanned (in cases where files exist before DLP
is configured, or when the external DLP system is unavailable or slow to respond)
Solution Brief
citrix.com
ShareFile Enterprise Data Loss Prevention Integration
3
The ShareFile platform then enforces different access and sharing restrictions for each data classification.
• Whether employees can download or share the file• Whether 3rd-party users can download share the file• Whether anonymous users can download the file
These settings constrain the normal permissions and sharing controls available to users as they interact with their ShareFile data and collaborate with others. For example, if a user attempts to share a file in a way that is prohibited by DLP policies, the platform prevents them from doing so. For files that are cleared by the DLP policy, the user can still enforce security controls such as blocking anonymous access to a shared file.
This flexibility allows you to manage the trade-offs between security controls and usability as best fits your organization. If a document is flagged as sensitive, you could still allow sharing between employees but block sending to anyone outside your organization. Or you could take a stricter approach and block all users (even the owner of the file) from downloading or sharing the file with anyone. If you block downloads, an employee would not be able to access ShareFile from an unmanaged device, get the file and share it by other means.
For any files that are not yet scanned, you can configure the same sets of constraints. This means ShareFile could take an “innocent until proven guilty” or “guilty until proven innocent” approach based on your practices for impeding the flow of information.
When the StorageZones Controller sends files to the DLP system for scanning, it includes metadata indicating the owner of the file and the folder path where the file resides in ShareFile. This allows the DLP server to log incidents and create notifications with enough detail to be actionable.
How to enable Data Loss Prevention in ShareFileEnabling DLP in ShareFile is easy and can be completed in 3 simple steps:
1. Enable DLP capabilities on your ShareFile account Send an email to [email protected] to request or confirm that your ShareFile account is enabled for Data Loss Prevention.
2. Enable DLP on your StorageZones Controller server Next, install or upgrade to StorageZones Controller version 3.2 or later. When you create or modify the StorageZone, you’ll see a new option to Enable DLP integration.
3. Configure the allowed actions for each file classification Finally, you configure preferences on how to constrain the normal sharing and download behavior for files based on their DLP classification.
0715/PDF/10363
Corporate HeadquartersFort Lauderdale, FL, USA
Silicon Valley HeadquartersSanta Clara, CA, USA
EMEA HeadquartersSchaffhausen, Switzerland
India Development CenterBangalore, India
Online Division HeadquartersSanta Barbara, CA, USA
Pacific HeadquartersHong Kong, China
Latin America HeadquartersCoral Gables, FL, USA
UK Development CenterChalfont, United Kingdom
About CitrixCitrix (NASDAQ:CTXS) is leading the transition to software-defining the workplace, uniting virtualization, mobility management, networking and SaaS solutions to enable new ways for businesses and people to work better. Citrix solutions power business mobility through secure, mobile workspaces that provide people with instant access to apps, desktops, data and communications on any device, over any network and cloud. With annual revenue in 2014 of $3.14 billion, Citrix solutions are in use at more than 330,000 organizations and by over 100 million users globally. Learn more at www.citrix.com.
Copyright © 2015 Citrix Systems, Inc. All rights reserved. Citrix, ShareFile and StorageZones are trademarks of Citrix Systems, Inc. and/or one of its subsidiaries, and may be registered in the U.S. and other countries. Other product and company names mentioned herein may be trademarks of their respective companies.
Solution Brief
citrix.com 4
ShareFile Enterprise Data Loss Prevention Integration
ConclusionShareFile is a powerful service that can be fully integrated with existing security infrastructure and policies. Organizations can enforce and extend existing DLP policies for sensitive and confidential data by integrating ShareFile with existing data loss prevention systems.
ShareFile integrates with popular DLP systems and is supported in customer-managed StorageZone deployments. Enterprises, especially those in highly regulated industries, need to be able to control file sharing based on the content inside the file. ShareFile’s DLP integration enables that content-aware sharing control.
Additional resourcesShareFile ShareFile Technical Overview