Understanding DLP in Veritas Alta SaaS Protection

Description

1. Analysis -- You can see a detailed dashboard for each tag.
2. Search -- You can use tags in your search criteria.
3. Blocking -- By assigning 'Tag Behaviors', your tags can block certain actions.
4. Policies -- You can leverage tags in other policies. For instance, an indexing policy may exclude items with the tag 'Confidential'.

DLP Tags can be applied to items when:

1. RegEx -- a regular expression or query string is matched, and/or
2. Tagging Policy -- a tagging policy's selection criteria is matched.

Optionally, DLP Tags can be configured to have one or more Tag Behaviors.  Tag Behaviors will be enforced on the items that have the particular DLP Tag that associates the Tag Behavior, either through RegEx or Tagging Policy. Tag Behaviors include:

1. Legal Hold -- This assigns a legal hold status, which blocks any deletion and also counts towards the statistics of data on legal hold in Veritas Alta SaaS Protection.
2. Prevent eDiscovery Export -- This blocks export in eDiscovery cases.
3. Prevent User Retrieval -- This blocks any end user from retrieving the item, either through the Veritas Alta SaaS Protection User Portal or a stub, and also works to prevent sharing (both internal and external).
4. Prevent Deletion -- This blocks deletion even when evaluating true in retention policies. 

To create a DLP Tag, see How to Create Tagging Policies and Apply DLP Tags.

To create a RegEx and use it with a DLP Tag, see How to Detect and Tag Private/Sensitive Data in Veritas Alta SaaS Protection.

To create a Tagging Policy and use it with a DLP Tag, see How to Create Tagging Policies and Apply DLP Tags.

Data-level Access Rights Mapping

1. The Source ACL is discovered during the archive’s collection process. As content is archived the ACL information is analyzed and captured in Veritas Alta SaaS Protection.
2. The Sharing ACL is an additional access rights granted through Veritas Alta SaaS Protection’s optional sharing feature. For instance, a Sharing ACL record is generated whenever a user generates a sharing link to an item or folder from the Veritas Alta SaaS Protection User Portal.

Veritas Alta SaaS Protection maintains both sets of ACL information on all items and folders, and attempts to resolve each ACL member to a principal object (user identity or group) from the latest directory synchronization. By maintaining a mapping of the ACL members of folders and items to actual identities, Veritas Alta SaaS Protection delivers low-level identity-awareness in the context of eDiscovery (e.g. custodian search) and policies that leverage custodian and/or data owner clauses.

Of course, not all ACL members will successfully resolve to a principal object. This may occur because the ACL member is external to your organization, is no longer present in the directory, or has yet to synchronize to the directory. In this case, Veritas Alta SaaS Protection creates shadow profiles (called shadow users) to resolve to, which it will later reconcile with the actual identity should they later show up in the directory.

Thus, to see what a particular user or group has access to, or what data is owned by a particular identity, you can either query this with an eDiscovery search or create a statistics-only (Preview mode) policy that runs to provide a dashboard view of what they have access to.

Activity Intelligence