DLP policy priority
DLP policies are prioritized based on the top-bottom order in which they are listed.
The DLP policy system is based on a few main principles:
- When more policies apply to a user's action, the highest policy rule setting overrides all lower policy rule settings.
- It's recommended to use general and less strict policies in the lower part of your policy list, and more specific or strict policies in the upper part of your policy list.
- If you need to create an exception for a user, you simply
createsa new policy with an overriding setting, assign it to the user, and place it above the more general policy.
You can learn more about
Here's an example of a recommended company configuration of DLP policies:
DLP policy types
A. General policy
General policies affect and manage entire communication channels, e.g. all e-mail messages, all uploads, all external devices, etc.
Tip: General policies are great for setting general limitations of what is allowed and what is not, and they are best used at the bottom of your DLP policy list.
B. Data policy
Data policies manage and protect specific data categories, for example:
- regulatory compliance data, such as personal identification numbers, credit cards numbers, HIPAA-related terms, etc.
- custom keywords or regular expressions
- already classified data, e.g. files labeled as "Internal", "Sensitive", etc.
- data classified by
Safetica,e.g. files stored in a shared network location, intranet downloads, CRM exports, etc.
Tip: Data policies are best used in the upper part of your policy list, where they can override general policies.
C. Application policy
Application policies manage applications and how they are allowed to work. They are applied to application categories. To manage a single application, create a new application category and apply your policy to it.
Tip: Application policies are best used in the upper part of your policy list - mixed with data policies, and sorted by your preferred priority.