Adding "Data Control" destinations

Hi Jay,

Qc has already provided a good response but I'll also add my product manager thoughts. The endpoint data control functionality is primarily designed as a education tool for end users. On the endpoint it excels at providing a relatively simple control to monitor common data exit points, checking the file content and flagging up to an end user if the content looks sensitive (the user can then make an audited call on whether to proceed or not). As a by product of this analysis data control will often uncover broken business processes or poor data management practices... and occasionally deliberate malicious mishandling or extraction of data. On the email gateway the most common use case for data control is to enforce file based encryption for sensitive data being sent out of the organization (usually deployed with an Outlook plugin that enables manual marking of files for encryption).

We are constantly reviewing our definition of "common data exit points" and have recently added support for additional monitored applications (Chrome, Skype,Lync). We've also had quite a bit of internal discussion about cloud storage services like DropBox replacing the role of USB keys (so three years ago!) and the need to make it easier for our customers to allow controlled use of these services. So we're open - positively welcome - customer suggestions on improving what we look for and where we look for it. 

There are tools out there that will enable you to monitor for sensitive data within FTP and SSH protocols today but they are often very expensive and complex to set up. If you have the time I'd recommend raising a request to monitor these protocols via our UTM (network security gateway) on the Astaro feature request forum: http://feature.astaro.com/forums/17359-astaro-security-gateway-feature-requests. The UTM is the place we'd be most likely to add this functionality.

Best regards,

John

Product Manager

Hi Jay,

Qc has already provided a good response but I'll also add my product manager thoughts. The endpoint data control functionality is primarily designed as a education tool for end users. On the endpoint it excels at providing a relatively simple control to monitor common data exit points, checking the file content and flagging up to an end user if the content looks sensitive (the user can then make an audited call on whether to proceed or not). As a by product of this analysis data control will often uncover broken business processes or poor data management practices... and occasionally deliberate malicious mishandling or extraction of data. On the email gateway the most common use case for data control is to enforce file based encryption for sensitive data being sent out of the organization (usually deployed with an Outlook plugin that enables manual marking of files for encryption).

We are constantly reviewing our definition of "common data exit points" and have recently added support for additional monitored applications (Chrome, Skype,Lync). We've also had quite a bit of internal discussion about cloud storage services like DropBox replacing the role of USB keys (so three years ago!) and the need to make it easier for our customers to allow controlled use of these services. So we're open - positively welcome - customer suggestions on improving what we look for and where we look for it. 

There are tools out there that will enable you to monitor for sensitive data within FTP and SSH protocols today but they are often very expensive and complex to set up. If you have the time I'd recommend raising a request to monitor these protocols via our UTM (network security gateway) on the Astaro feature request forum: http://feature.astaro.com/forums/17359-astaro-security-gateway-feature-requests. The UTM is the place we'd be most likely to add this functionality.

Best regards,

John

Product Manager