DLP policies in Cisco Cloudlock monitor the content of files in the environment. Filetypes supported are listed below followed by any exceptions.
csv (Comma Separated Values)
doc (Microsoft Word '97+)
docx (Microsoft Word 2007+)
eml (RFC822 Email File)
html (Hyper Text Markup Language)
pdf (Portable Document Format)
ppt (Microsoft Powerpoint '97+)
pptx (Microsoft Powerpoint 2007+)
rtf (Rich Text File)
tsv (Tab Separated Values)
url (Uniform Resource Locator)
xls (Microsoft Excel '97+)
xlsx (Microsoft Excel 2007+)
zip (Zip Archives)
When a file is attached to a field or other object, it is uploaded and stored in the platform and at that point becomes subject to monitoring by relevant policies.
Cloudlock examines the first 1,000 rows and 50 columns, and a maximum of 10,000 total cells in a single spreadsheet document. Blank cells are still counted as data and the value is "null."
Cloudlock supports scanning of pdf for content and context only when digitally created. Pdfs that are typically scanned in via a scanner which creates an "image" of the document can only be monitored for exposure and file name.
Only up to 100 of the files within a zip file are scanned and only up to 5MB TOTAL of the zip file's contents are scanned. Cloudlock supports up to 10 levles of zip file nesting (a zip within a zip within a zip). Zip files are currently only supported in DLP policies.
Attachments are not supported.
In the Google platform, native Google Docs do not have "filetypes" per se (they have no filename extensions, for example), but they are monitored by Cloudlock. Only objects stored in Google Drive are monitored by Cloudlock; GMail attachments that are not stored in Google Drive — like any other file or document stored outside Drive — are not monitored.
Currently, Cloudlock supports Classic and New Sites through context only policies. For example: when permissions for the site changes (i.e. editing rights) the policy will flag as an incident. Exposure is not detected through publishing, however.
Individual files larger than 15MB are not examined.
Updated 2 years ago