|
|
|
What defines what action is taken by CA DLP after detecting unauthorized activity.
After identifying the user and checking the circumstances to confirm that intervention is required, CA DLP can take several possible actions.
For example, it can block Spencer Rimmel’s unauthorized email or simply warn him, allowing him to reconsider or rectify what he is doing. Or it can quarantine his email, only releasing it when it has been viewed and approved by Spencer Rimmel’s manager. Alternatively, it can cause the email to be encrypted before it is sent.
CA DLP can also block or warn users if they attempt unauthorized Web activity, such as visiting a prohibited Web site and uploading a sensitive document.
Likewise, CA DLP can block or warn users from printing a confidential file or copying it to a USB device or network share. Or it can encrypt the file before it is copied. Alternatively, if CA DLP is scanning a file system (or Exchange Public Folders or a SharePoint site), it can delete, replace or move any unauthorized files or documents that it discovers.
Alternatively, for emails and files, the action taken by CA DLP may be to categorize them, allowing them to be easily retrieved from an archive at a later date.
What also defines how CA DLP notifies a user if it decides to block or warn them, or if it quarantines an email. Typically, users see a pop-up advisory or they receive an explanatory email. The wording is easily customizable to reflect the circumstances that caused the blocking or warning. For example, Spencer Rimmel may see an advisory explaining that his email was blocked because "You are not authorized to send messages to spencer777@hotmail.co.uk pertaining to the Unipraxis acquisition". (In this example, Spencer was trying to send an unauthorized email to his own Hotmail account.)
To define what actions CA DLP takes when it intervenes, you must edit the control actions in your user policies.
| Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |