Data Loss Prevention - Periodic Document Encryption

One of the features of Data Loss Prevention (DLP) is Periodic Document Encryption. With Periodic Document Encryption, you can specify criteria for locking files and folders on client computers from the CommCell Console. When a file or folder is locked, its contents are encrypted. The only way to open and read a locked document is to unlock it using the correct passkey, which is a user-defined password set on the client where the file was created.

Periodic Document Encryption can be configured on a client or client group from the CommCell Console. See Configuring Periodic Document Encryption.

DLP Scan Operations

After Periodic Document Encryption has been enabled and configured on a client or client group, a scan of the client is performed according to the Data Loss Prevention (DLP) settings. During a DLP scan, the following Periodic Document Encryption operations are performed on the client:

  • Unlocked files and folders that meet the criteria specified in DLP settings are locked.
  • Newly created files folders that meet the criteria specified in DLP settings are locked.
  • Unlocked files that are open and in-use are skipped.

DLP scan settings can be configured from the Periodic Document Encryption settings. See Periodic Document Encryption Settings.

Secure Files on a Lost or Stolen Client

By default, Periodic Document Encryption is configured to function seamlessly from the client owner's perspective. However, if a client is ever lost or stolen, you can select an option in the Periodic Document Encryption settings to require the correct user-defined passkey to be entered before locked files can be opened and read. This prevents unauthorized users from accessing data in locked files.

To prevent unauthorized access to locked files when a device is lost or stolen, see Securing Files on a Lost or Stolen Client.