This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Data control scenario

I have a rule setup to block users from uploading office documents, archives, or pdf's to any browser. The goal is to stop them from using their personal email to send files out. This works perfectly.

The problem that I will most likely run into is a web based application that we use. This a database driven application used to manage underwriting files. The users need to be able to attach files to the record using an upload function.

How do I not allow users to upload files to their personal email but still allow them to use the web based application?

Thanks,

Chuck

:24647


This thread was automatically locked due to age.
Parents
  • Hi,

    I feel this might be a little tricky using Data Control as the software has no idea of the context the user is operating in.  There just aren't really any differentiators here as I would assume: 

    • The location and even the files for potential "upload" are the same? (Rules out exclusions in rules)
    • So the content of the files could be the same?  
    • Therefore the File types are the same.
    • The browser is the same (I assume it would be too difficult to enforce one browser for work and another for private browsing? ).

    The only way I could see it working with data control, is to work at the "destination" (browser level).  If the web based application could be launched in such a way, that the browser was "wrapped" by another process, then it would probably be ok, you would just need to be sure that users didn't access the work application with the "unwrapped" browser, so not ideal.

    The other differentiator here could be the location? I assume the work application is an intranet site, whereas they are using Gmail, Hotmail, etc for personal emails.  So you relaly need to just filter on external web traffic?.  In which case it might be worth looking into a gateway solution.  Sophos have a web applicance and a virtual web appliance that could probably do this, some info here: http://www.sophos.com/en-us/products/web/web-protection-appliances.aspx .  You could try the virtual appliance to see if that would do it.  Even if the work site was a external cloud service you can probably setup white listed sites so those aren't filtered.  Maybe a quick call to Sophos to talk about the capabilities of the web appliance, virtual or appliance might be the quickest route here unless someone else on the forum has more knowledge of the web appliance?

    Regards,

    Jak

    :24659
Reply
  • Hi,

    I feel this might be a little tricky using Data Control as the software has no idea of the context the user is operating in.  There just aren't really any differentiators here as I would assume: 

    • The location and even the files for potential "upload" are the same? (Rules out exclusions in rules)
    • So the content of the files could be the same?  
    • Therefore the File types are the same.
    • The browser is the same (I assume it would be too difficult to enforce one browser for work and another for private browsing? ).

    The only way I could see it working with data control, is to work at the "destination" (browser level).  If the web based application could be launched in such a way, that the browser was "wrapped" by another process, then it would probably be ok, you would just need to be sure that users didn't access the work application with the "unwrapped" browser, so not ideal.

    The other differentiator here could be the location? I assume the work application is an intranet site, whereas they are using Gmail, Hotmail, etc for personal emails.  So you relaly need to just filter on external web traffic?.  In which case it might be worth looking into a gateway solution.  Sophos have a web applicance and a virtual web appliance that could probably do this, some info here: http://www.sophos.com/en-us/products/web/web-protection-appliances.aspx .  You could try the virtual appliance to see if that would do it.  Even if the work site was a external cloud service you can probably setup white listed sites so those aren't filtered.  Maybe a quick call to Sophos to talk about the capabilities of the web appliance, virtual or appliance might be the quickest route here unless someone else on the forum has more knowledge of the web appliance?

    Regards,

    Jak

    :24659
Children
No Data