Data destinations is a catalog of destinations that can be used to add more granularity to policies.
In Data destinations, you can manage automatically-detected destinations (such as external devices, printers, websites, network paths, or e-mail domains) to which data was transferred in the last 30 days. You can organize them into groups, decide which are Untrusted or Safe, and use them in policies for more granular control.
Data destinations management is based on a simple system with 3 columns:
You can drag-and-drop destinations to move them between columns, add destinations into existing groups, and create new groups. The order of destinations within columns does not represent priority, so you can order them as you want.
Click a destination to see its details (e.g. when it was last used and by whom, its ID numbers, etc.). There are different details depending on the type of destination (e.g. external device, email domain, website, physical or network printer, or network path). Based on these details, you can decide whether the destination is safe or untrusted.
Unassigned destinations
Your “inbox” with destinations that were auto-detected in the last 30 days.
By clicking a destination from this list, you can view its specifics and determine which user moved data there.
To save a destination either as Safe or Untrusted and control it via policies, just drag-and-dropping it into the appropriate column.
You can also apply policies specifically to selected destination groups.
Use the Unassigned destinations search bar to find specific destinations.
Untrusted destinations
Destinations that are not part of a secure company perimeter, and you need to control them in a specific way. Items added here can be controlled by granular data policies.
Example: A company blocks uploads of files to all websites. The marketing department, however, needs to upload various media to their online content management system.
When the blog URL (e.g. blog.company.com) is detected and appears under Unassigned destinations, the admin can move it to Untrusted destinations and create a new specific data policy for the Marketing team, for whom upload to blog.company.com is allowed.
Safe destinations
Trusted destinations that are part of a secure company perimeter (e.g. company emails or emails of business partners, a file share within company intranet, company USBs, etc.). Items added here can be easily added as exceptions within data policies.
It is best practice to assign company devices and domains into Safe destinations.
Example: A company has an “Block non-company USB drives” policy that allows file transfer to company USBs (since they are considered safe), but blocks transfers to all other USBs.
When a new company USB is used for the first time, it will appear in Unassigned destinations. The admin can then move it to Safe destinations, and the “Block non-company USB drives” policy will start applying to it.