The Data Loss Prevention (DLP) policy monitors or blocks content based on the rules configured for the policy. The rules use data identifiers and data classifications, which describe the type of data to be monitored or blocked. The file and form types supported by the DLP policy are listed here.
Data identifiers describe the content the Data Loss Prevention Policy monitors or blocks. Data identifiers can describe Personal Information Identifiers (PII) that may identify an individual, such as financial account numbers, medical records, passport or government identification numbers, or credit card numbers. Data identifiers can also describe certain content an organization may wish to monitor or block within its network traffic, such as discriminatory or aggressive content. Umbrella provides a collection of built-in data identifiers (see Built-in Data Identifiers and Individual Data Identifiers), and you can create custom identifiers based on the built-in data identifiers (see Copy and Customize a Data Identifier).
Data classifications are groups of data identifiers combined for the purpose of monitoring or blocking closely related content. For example, you can create a data classification that encompasses medically related content by including the built-in identifiers for ICD codes, drug names, prescription names, health conditions, and national drug code names. The classification, when applied to a rule in the Data Loss Prevention Policy, will monitor or block content matching those identifiers.
There are three ways to establish a data classification to apply to a data loss prevention rule:
- You can create a custom data classification from scratch. (See Create a Data Classification Without a Template.)
- You can create a custom data classification based on a built-in data classification template provided by umbrella. (See Create a Data Classification Using a Template).
- You can apply a pre-defined data classification template provided by Umbrella.
Umbrella provides four different built-in data classification templates. You can apply these directly to your DLP rules or copy them and customize the copies to create your own data classifications. Each of the built-in data classification templates has a different set of built-in data identifiers associated with it. The four pre-defined data classification templates are described in Built-In Data Classification Templates.
Updated 3 months ago