CA DataMinder can detect when a user tries to drag or copy files into sync folders such as DropBox. It also detects when a user tries to upload a file to a file sync website such as DropBox.com.
Note: When you drag and drop a file into a sync folder in Windows Explorer, CA DataMinder copies the file instead of moving it.
File Sync Methods: Application versus Web site
File sync providers such as DropBox typically provide two sync methods:
The CFSA can protect files being synced using this method.
The Client Network Agent (CNA) can protect files being synced using this method.
CA DataMinder provides Data In Motion protection for both file sync methods.
How Does CA DataMinder Protect Files Being Copied to Sync Folders?
(Not applicable to files being uploaded to a file sync website.)
First, the CFSA checks the local machine policy in real time to determine whether the file sync application is under policy control. By default, CA DataMinder can apply policy to files being synced to:
If the file sync application is not under policy control, CA DataMinder allows the file to be synced.
But if the file sync application is under policy control, CA DataMinder checks whether the user is using a policy-enabled application to copy the file.
These are applications that the CFSA can integrate with to apply user policy. If a user copies a file using a policy-enabled application and the target handling is set to ‘Apply user policy’, the CFSA applies Data In Motion triggers to the file.
If the application is not policy-enabled, the CFSA blocks the file. From the user's viewpoint, the sync folder is set to Read Only.
Important! The only policy-enabled applications recognized by the CFSA in the current release are: Windows Explorer (including drag and drop copying); DOS commands such as copy and xcopy; Wordpad.exe; and Notepad.exe.
The file sync method affects which CA DataMinder endpoint agent handles the policy analysis.
If an employee uses a Windows Explorer plug-in to copy files to a sync folder, the CFSA detects the sync operation and applies Data In Motion triggers.
Verify that the Client File System Agent is selected in the Which Files Sources? setting.
If an employee uploads a file to a file sync web site, the Client Network Agent detects the sync operation and applies Data In Motion triggers.
Verify that the Client Network Agent for File is selected in the Which Files Sources? setting.
In both cases, DIM triggers can analyze the text content to detect key phrases or check whether the file matches a particular document classification. They can use XML Attribute data lookup commands to detect file attributes such as size, date created, date last modified, and the file author.
If a trigger fires, you can configure control actions to block the file sync operation.
Alternatively, if the user is using a file sync application, you can set up triggers to warn the user. Or you can allow the file sync operation but categorize or encrypt the file (the user must supply a decryption password).
If no control trigger fires, the user is allowed to copy or upload the file.
|
Copyright © 2014 CA.
All rights reserved.
|
|