Data Loss Prevention (DLP) Policies are controls that Company Managers can enable in order to restrict what users can do in Venn's Blue Border™. You may choose to put these policies in place to prevent company information and files with sensitive data from being lost, misused, or accessed by unauthorized users.
As a Company Manager, you can set Default DLP Policies, which are applied to all Venn users as a baseline. You can also create Policy Overrides, which allow you to set DLP Policies that supersede the default policy for a single user or a group of users.
Learn how to view and manage Data Loss Prevention Policies for your company.
How Data Loss Prevention Policies Work
Data Loss Prevention (DLP) Policies are controls that Company Managers can enable in order to restrict what users can do in Venn's Blue Border. As a Company Manager, you can manage your company's Data Loss Prevention (DLP) Policies on the DLP Policy page in Company Admin. Learn how to configure and manage Data Loss Prevention Policies for your company.
Your company's Default Policy sets the standard Data Loss Prevention (DLP) controls that apply to all Venn users by default. You can also create Policy Overrides, which allow you to set DLP Policies that supersede the default policy for a single user or a group of users. Policy Overrides can be created for an individual user by name, for a user group, or for an IP address.
For example, if you want to prevent contractors from copying and pasting company information from inside of Venn to outside, you could set up the following using the Move and Paste DLP Policy:
- Default: Set your Move and Paste DLP Policy as unrestricted
- Override: Create a policy override for your contractor group and set the Move and Paste DLP Policy to restricted for that group
If a user qualifies for more than one Policy Override, Overrides will be prioritized in the order in which they appear in the list of Overrides. Overrides listed higher on the list will supersede any Overrides listed lower on the list.
For example, if you normally do not want users to be able to print from Venn, but you want to make an exception so that people can print if they are in the office, but only if they are not contractors, you could set up the following using the Printing DLP Policy:
- Default: Set your Printing DLP Policy as restricted
- Override #1 (listed higher than Override #2): Create a policy override for your contractor group and set the Printing DLP Policy to restricted for that group
- Override #2 (listed lower than Override #1): Create a policy override for your company network IP address range and set the Printing DLP Policy to unrestricted for that group
Available DLP Policies for Desktops and Laptops
Policy | Description | Setting |
---|---|---|
Network |
Controls the routing of Blue Border internet traffic through the encrypted Private Company Gateway. (Presented to users in the Badge as "Network Access.") |
Restricted: Network traffic is protected by Private Company Gateway except for domains in the exception list configured by the Company Manager. Unrestricted: Network traffic is not protected by Private Company Gateway. |
Printing |
Controls printing from applications in Blue Border. This policy does not restrict the ability to print to PDF. |
Restricted: Users cannot print. Unrestricted: Users can print to any printer. |
Screen sharing and capture |
Controls the use of screen sharing and screen capture tools for applications running in Blue Border. This policy is only applicable on Windows. |
Restricted: You cannot share any application screen unless your admin has enabled you to share with a business justification. Unrestricted: You can share any application screen. |
Move and Paste |
Controls the use of drag/drop and copy/paste to move data out of Blue Border. This policy does not restrict the ability to drag/drop and copy/paste to move data into Blue Border. |
Restricted: Users are not allowed to move data outside of Blue Border. Unrestricted: Users are allowed to move data outside of Blue Border. |
Browser policies |
Controls the policy applied to browsers running in Secure Enclave. (Not presented to users in the Badge.) |
Restricted: Custom browser policies have been applied. Unrestricted: No custom browser policies have been applied. |
Secure Enclave Registry |
Controls the registry in Secure Enclave. This policy is only applicable on Windows. (Not presented to users in the Badge.) |
Restricted: Custom registry settings have been applied for the Secure Enclave on Windows devices. Unrestricted: No custom registry settings have been applied. |
Browser Uploads |
Controls the ability to upload files to the internet in Blue Border browsers. |
Restricted: Users are not allowed to upload files except to domains in the exception list configured by the Company Manager. Unrestricted: Users are allowed to upload files to any domain. |
File storage and data control |
Controls which file storage solution(s) are available in Venn, the default file save and download location, and whether or not users can save files to locations outside of Venn. (Presented to users in the Badge as "Browser downloads" and "Work file access.") |
Restricted: Data is allowed to be saved or moved out of Venn. Unrestricted: Data is not allowed to be saved or moved out of Venn. |
Account Access |
Controls the accounts used to access software suites. (Not presented to users in the Badge.) |
Restricted: Access to Google Workspace and/or Microsoft 365 accounts is not allowed or limited to specific domains within Blue Border. Unrestricted: Users are allowed to log in to any Google Workspace or Microsoft 365 business account in Blue Border. |
Available DLP Policies for Mobile Devices
Policy | Description | Settings |
---|---|---|
Passcode |
Controls the ability to access the device without a passcode enabled. |
Restricted: Requires a device to have a password enabled. For Apple devices, you will be required to set up an alphanumeric passcode with a minimum of 6 characters. Unrestricted: Does not require a device to have a password enabled. |
Network Access |
Controls the routing of managed application internet traffic through the encrypted Private Company Gateway. |
Restricted: Restricts the network used my managed applications to the Private Company Gateway. Unrestricted: Network traffic is not restricted to the Private Company Gateway. |
Copy and Paste |
Controls the use of copy/paste to move data out of managed applications. This policy does not restrict the ability to copy/paste to move data into managed applications. |
Restricted: Restricts the use of copy and paste to move data out of managed applications. Unrestricted: Use of copy and paste is not restricted. |
Files and Data |
Controls how files saved to Workplace Drive can be accessed. This policy does not restrict the ability to copy or move files to managed applications from other unmanaged locations. |
Restricted: Restricts access to the Workplace Drive to managed applications. Unrestricted: Work files can be accessed from any location. |
Screen Capture |
Controls the use of screen capture tools, such as screen recording or screenshots, for managed applications. |
Restricted: Restricts use of screen capture tools for managed applications. For Apple devices, screen capture is disabled for the entire device, including personal applications. Unrestricted: Use of screen capture tools is not restricted. |
Untrusted apps |
Controls installation of untrusted apps (unknown source). This policy is only applicable on Android. |
Restricted: Restricts the installation of untrusted apps (unknown source) on the entire device or just in the Work Profile. Unrestricted: Does not restrict the installation of untrusted apps (unknown source). |