Enterprise wise DLP Solution

Halo experts,

I want to implement Data Leak Prevention (DLP) system in my company. But my requirement is to implement such a way that normally all documents can be copied outside company through pendrive. But if required, some documents will be encrypted which may be rout / float inside company but if copied outside company network, those will become unreadable.

Is it possible? If possible what is the best solution?

With Regards,
Soumen Roy
Soumen RoySenior ManagerAsked:
Who is Participating?
 
Rob KnightConsultantCommented:
Hi,

ADRMS does this by requiring a key from the ADRMS server for protected documents - if that key is not available, then the document cannot be opened.

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh831364(v=ws.11)
0
 
Rob KnightConsultantCommented:
Hi,

if you're.a Windows user with AD, then there is ADRMS - Active Directory Rights Management System or Azure Information Protection if using Office 365 (there will be a licence cost here unless you have Security Plus).

I believe you would then need to set the default global or scoped template to one with no protection.

Other solutions exist such as Vitrium (
https://www.vitrium.com)
0
 
Soumen RoySenior ManagerAuthor Commented:
@Rob Knight27:

Thanks for your information. I don't know ADRMS. I will explore that opportunity. But just to make sure, that will provide copy protection of any type of documents outside office network?

My target is, within office network all files can be shared freely or can be copied. But once anyone copy that from office network to outside through pendrive or may be with some other means, those files will not be readable. ADRMS provides that, right?

With Regards,
Roy
0
Prepare for an Exciting Career in Cybersecurity

Help prevent cyber-threats and provide solutions to safeguard our global digital economy. Earn your MS in Cybersecurity. WGU’s MSCSIA degree program curriculum features two internationally recognized certifications from the EC-Council at no additional time or cost.

 
Soumen RoySenior ManagerAuthor Commented:
Thanks. But as far as I know, my company ITS policy sites not allow you access any cloud service apart from its own internal cloud. I think this should not be an issue for deploying such encryption?

Regards,
Roy
0
 
Rob KnightConsultantCommented:
Hi,

You can use internal ADRMS or Azure, you don't have to use the Cloud version.
1
 
Soumen RoySenior ManagerAuthor Commented:
Excellent then. I think it will work for us. I can encrypt all type of files by this process? I mean to say, we are using many files outside Microsoft platform e.g. Bentleys, Autodesk etc etc. Those will be converted with this solution?

One more thing. We are not using outlook as our mail server. We use Lotus Domino and Lotus notes as mail client. Attachment of those mails will also be protected?

Regards,
Roy
0
 
McKnifeCommented:
ADRMS is not just some server role that you install. 1st of all, it needs CALs. If your CAL suite isn't an enterprise suite by chance, you would need to purchase those, for example, google "T98-02811" (MS Windows Rights Management Services (RMS) 2016 License 1-User CAL Open-NL) - one needed for each user.

DLP is a huge topic and you should make sure you have fully understood what risks there are, what ways data can take to leave the company. The most simple ways like e-mail, dropbox, printing, filming the screen and such need to be taken into account. Better hire someone to assess that.

Reading about your USB requirement, which partly went "make files readable on corporate machines but unreadable elsewhere", I thought of my own article: https://www.experts-exchange.com/articles/25879/A-new-aspect-to-securing-USB-data-SID-protectors.html
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.