Skip to content
Contact us Customer portal Sign in
  • There are no suggestions because the search field is empty.

Volume-aware policies

Tailor protection to the needs and behavior patterns of individual users.

 


Introduction: What are volume-aware policies

Volume-aware policies tailor protection to the needs and behavior patterns of individual users. The key is reaction to anomaly-high behavior that is personalized to the company and to every employee there.  

Unlike traditional policies, which are inflexible and only allow or block operations without nuance, volume-aware policies adapt to how individual users interact with sensitive data. They use Volume-awareness and take into consideration standard or anomalous user behavior. Volume-aware policies tie together data policies, data classification, and data destinations.

 

Volume-aware policies in action

Want to see volume-aware policies in action? Watch the video below to learn how they work and protect your company from data loss in Safetica:

 

 

 


Benefits of volume-aware policies

  • Tailored protection: Assess user’s behavior patterns to provide a tailored DLP approach.
  • Granular control: Easily remediate unwanted and risky user behavior without disrupting the work of others and impacting the business.
  • Individual focus: Address each user individually based on their unique behavior.
  • Intelligent remediation: Use Volume-awareness mode to set up what amount of sensitive data a user can handle before the policy action becomes stricter. 

 

 


How volume-aware policies work

Volume-aware policies react to user’s behavior. If a user works with a larger volume of sensitive data than their peers in the company, the policy and its action will gradually become stricter.

When you turn on Volume awareness in a data policy, you can see that the texts change a little. You are no longer setting what will happen but the strictest remediation that will be used.

For a blocking policy, this will be the Block action. The blocking policy will start as Not set (user activities are not even audited), and after a user works with a certain amount of sensitive data, the action changes to Log. If the amount of sensitive data the user works with increases even more, the policy action will change to Notify, and then to Block.

✍️This way, the user's activities will not be blocked right away but only after they handle a certain amount of sensitive data. The work of other users will remain unaffected.

When you select the Block action, the policy will go from Notify to Block. It will not go through Block (with override).

When you select the Block (with override) action, the policy will go from Notify to Block (with override). It will never go to pure blocking.

If you set the v to Notify, the policy will only go from Not set to Log and then to Notify. It will never go further than that.

Example: Employees in the HR department typically handle around 50 CVs with sensitive info per day. This is considered normal for the company, so they should be allowed to work with such a number of files and sensitive data on a daily basis. If there is a sudden deviation – for example, one employee tries to transfer 5000 CVs – that is an anomalous activity that should be addressed. This is where volume-aware policies come in.

The company can use a blocking volume-aware policy to protect sensitive data in CVs because it detects such deviations and addresses them specifically for individual users without affecting the normal work of others.

✍️The amount of sensitive data that makes the policy action stricter is counted for every user by Safetica based on predefined thresholds, the activities of other users in the company, and Volume awareness mode.

With a single action (e.g., a huge bulk operation or handling a super sensitive file with thousands of sensitive information pieces), a user can overreach several thresholds so that the policy may go from Not set to Blocking immediately.

Example: A salesperson is communicating with customers. Suddenly, they download the whole customer database with thousands of customers and their info, and then they try to copy it to USB. A blocking volume-aware policy would then skip all actions (Log, Notify) and go straight to blocking.

✍️When a volume-aware policy is made stricter for a user, an insight appears in Insights.

Volume-aware policies go back to Not set at midnight.

 

 


How to set up volume-aware policies

There are 2 steps you need to take to set up volume-aware policies:

  1. Configure Volume awareness mode for individual users
  2. Create a volume-aware policy

 

1. Configure Volume awareness mode for individual users

First of all, select Volume awareness mode for individual users. This has an impact on the amount of sensitive data they can handle before the volume-aware policy becomes stricter:

  1. Go to Safetica console > Users and click the relevant user.
  2. In the Volume awareness section, choose from:
    1. Standard – The default mode that covers usual user behavior.
    2. Mild – A more benevolent mode that allows the user to handle larger amounts of sensitive data (e.g., an accountant who's sending a lot of financial info as part of their job needs to be allowed more flexibility).
  3. To see which Volume awareness mode is selected for which user, see the Volume awareness column in the Users table.
  4. In the Users table, you can also select multiple users and change their Volume awareness in one go by clicking Set Volume awareness to.  

✍️You can also set up Privileged access in every user’s detail.

 

Example: HR employees work with a lot of sensitive data as part of their jobs, so the admin decides to allow them more flexibility than employees in other departments. The admin changes the Volume awareness mode of all HR team members to Mild.

 

 

2. Create a volume-aware policy

✍️Learn more about creating data policies here.

❗Limitations

  • Volume-aware policies are only available for data policies.
  • Volume-aware policies do not support the following data destinations: Git, M365 file sharing, print, and virtual print.
  • The options Block copy to clipboard and Block screen capture are not supported.
  • For volume-aware policies, the Insight triggering must be set to Default.

 

 When creating a volume-aware policy:

  • Select one or more data classifications. The Volume awareness toggle will be disabled if no classification is selected.
  •  In Policy action, toggle the Volume awareness switch.
  • Select the strictest action (Log, Notify, Block (with override), or Block) to which the policy will gradually get based on how the user handles sensitive data.
  • You can see whether a policy has Volume awareness or not in the Policy action column in the list of data policies.