Data Loss Prevention (DLP) Policy Admin Overview

Data Loss Prevention (DLP) Policies are controls that Company Managers can enable in order to restrict what users can do in Venn's Blue Border™. You may choose to put these policies in place to prevent company information and files with sensitive data from being lost, misused, or accessed by unauthorized users. 

As a Company Manager, you can set Default DLP Policies, which are applied to all Venn users as a baseline. You can also create Policy Overrides, which allow you to set DLP Policies that supersede the default policy for a single user or a group of users.

Learn how to view and manage Data Loss Prevention Policies for your company.

How Data Loss Prevention Policies Work

Data Loss Prevention (DLP) Policies are controls that Company Managers can enable in order to restrict what users can do in Venn's Blue Border. As a Company Manager, you can manage your company's Data Loss Prevention (DLP) Policies on the DLP Policy page in Company Admin. Learn how to configure and manage Data Loss Prevention Policies for your company.

Your company's Default Policy sets the standard Data Loss Prevention (DLP) controls that apply to all Venn users by default. You can also create Policy Overrides, which allow you to set DLP Policies that supersede the default policy for a single user or a group of users. Policy Overrides can be created for an individual user by name, for a user group, or for an IP address.

For example, if you want to prevent contractors from copying and pasting company information from inside of Venn to outside, you could set up the following using the Move and Paste DLP Policy:

  • Default: Set your Move and Paste DLP Policy as unrestricted
  • Override: Create a policy override for your contractor group and set the Move and Paste DLP Policy to restricted for that group

If a user qualifies for more than one Policy Override, Overrides will be prioritized in the order in which they appear in the list of Overrides. Overrides listed higher on the list will supersede any Overrides listed lower on the list.

For example, if you normally do not want users to be able to print from Venn, but you want to make an exception so that people can print if they are in the office, but only if they are not contractors, you could set up the following using the Printing DLP Policy:

  • Default: Set your Printing DLP Policy as restricted
  • Override #1 (listed higher than Override #2): Create a policy override for your contractor group and set the Printing DLP Policy to restricted for that group
  • Override #2 (listed lower than Override #1): Create a policy override for your company network IP address range and set the Printing DLP Policy to unrestricted for that group

Available DLP Policies for Desktops and Laptops

Policy Description Setting

Network

Controls the routing of Blue Border internet traffic through the encrypted Private Company Gateway.

(Presented to users in the Badge as "Network Access.")

Restricted: Network traffic is protected by Private Company Gateway except for domains in the exception list configured by the Company Manager.

Unrestricted: Network traffic is not protected by Private Company Gateway.

Click here to learn more.

Printing

Controls printing from applications in Blue Border.

This policy does not restrict the ability to print to PDF.

Restricted: Users cannot print.

Unrestricted: Users can print to any printer.

Click here to learn more.

Screen sharing and capture

Controls the use of screen sharing and screen capture tools for applications running in Blue Border. 

This policy is only applicable on Windows.

Restricted: You cannot share any application screen unless your admin has enabled you to share with a business justification.

Unrestricted: You can share any application screen. 

Click here to learn more.

Move and Paste

Controls the use of drag/drop and copy/paste to move data out of Blue Border.

This policy does not restrict the ability to drag/drop and copy/paste to move data into Blue Border.

Restricted: Users are not allowed to move data outside of Blue Border.

Unrestricted: Users are allowed to move data outside of Blue Border.

Click here to learn more.

Browser policies

Controls the policy applied to browsers running in Secure Enclave.

(Not presented to users in the Badge.)

Restricted: Custom browser policies have been applied.

Unrestricted: No custom browser policies have been applied.

Click here to learn more.

Secure Enclave Registry

Controls the registry in Secure Enclave.

This policy is only applicable on Windows.

(Not presented to users in the Badge.)

Restricted: Custom registry settings have been applied for the Secure Enclave on Windows devices.

Unrestricted: No custom registry settings have been applied.

Click here to learn more.

Browser Uploads

Controls the ability to upload files to the internet in Blue Border browsers.

Restricted: Users are not allowed to upload files except to domains in the exception list configured by the Company Manager.

Unrestricted: Users are allowed to upload files to any domain.

Click here to learn more.

File storage and data control

Controls which file storage solution(s) are available in Venn, the default file save and download location, and whether or not users can save files to locations outside of Venn. 

(Presented to users in the Badge as "Browser downloads" and "Work file access.")

Restricted: Data is allowed to be saved or moved out of Venn.

Unrestricted: Data is not allowed to be saved or moved out of Venn.

Click here to learn more.

Account Access

Controls the accounts used to access software suites.

(Not presented to users in the Badge.)

Restricted: Access to Google Workspace and/or Microsoft 365 accounts is not allowed or limited to specific domains within Blue Border.

Unrestricted: Users are allowed to log in to any Google Workspace or Microsoft 365  business account in Blue Border.

Click here to learn more.

Available DLP Policies for Mobile Devices

Policy Description Settings
Passcode

Controls the ability to access the device without a passcode enabled.

Restricted: Requires a device to have a password enabled. For Apple devices, you will be required to set up an alphanumeric passcode with a minimum of 6 characters.

Unrestricted: Does not require a device to have a password enabled.

Network Access

Controls the routing of managed application internet traffic through the encrypted Private Company Gateway.

Restricted: Restricts the network used my managed applications to the Private Company Gateway.

Unrestricted: Network traffic is not restricted to the Private Company Gateway.

Copy and Paste

Controls the use of copy/paste to move data out of managed applications.

This policy does not restrict the ability to copy/paste to move data into managed applications.

Restricted: Restricts the use of copy and paste to move data out of managed applications.

Unrestricted: Use of copy and paste is not restricted.

Files and Data

Controls how files saved to Workplace Drive can be accessed.

This policy does not restrict the ability to copy or move files to managed applications from other unmanaged locations.

Restricted: Restricts access to the Workplace Drive to managed applications.

Unrestricted: Work files can be accessed from any location.

Screen Capture

Controls the use of screen capture tools, such as screen recording or screenshots, for managed applications.

Restricted: Restricts use of screen capture tools for managed applications. For Apple devices, screen capture is disabled for the entire device, including personal applications. 

Unrestricted: Use of screen capture tools is not restricted.

Untrusted apps

Controls installation of untrusted apps (unknown source).

This policy is only applicable on Android.

Restricted: Restricts the installation of untrusted apps (unknown source) on the entire device or just in the Work Profile.

Unrestricted: Does not restrict the installation of untrusted apps (unknown source).

Was this article helpful?