LocalZone™ runs in the background while you work, and is comprised of two components that keep your data safe: the LocalZone™ Border and Badge, and the Data Loss Prevention (DLP) policy.
LocalZone™ Border and Badge
The LocalZone™ application isolation technology allows for work and personal apps to run in separate windows on the same device without being aware of each other. Each app you run will be enclosed by the patented LocalZone™ blue border and badge. And, if you have multiple documents open in the same app, each document will have its own border and badge.
This functionality also protects against malware "seeing" your work apps running in the Zone because network traffic is channeled through the Private Company Gateway, which you'll learn about in the next module.
Data Loss Prevention (DLP) Policy
Venn is committed to protecting the privacy of employees. Venn does this by setting DLP controls to secure data transmission via your work applications. The Venn platform transparently exposes all the usage it tracks about your login and network activity, so you are 100% clear on what is being monitored. Any app that runs outside the LocalZone™ is considered personal and is not managed or monitored by the organization.
DLP for Windows and macOS
Clicking the LocalZone™ badge reveals a snapshot of what data transmission controls your company is enforcing within that application.
The following enforcements will be enabled or disabled based on your company's policy. The gray lock indicates that the enforcement is enabled and you are unable to perform that task.
- Browser uploads: You are/are not allowed to upload files to a protected browser.
- Move and paste: You are/are not allowed to move data out of the LocalZone™. When you try to move data outside of the LocalZone™, you will get a popup message saying the Paste is blocked by your organization.
- Printing: You can print to any printer.
- File downloads: Downloaded files are saved to your Secure Downloads folder. This is always set to Restricted, for consistency across platforms. You can always move a file out of Secure Downloads to another location within LocalZone™.
- Work file access: If Restricted, you can only save files to the Workplace drive. If Unrestricted, you can save files to any location, such as OneDrive or Dropbox.
- Screen sharing & capture: This option might be set as restricted to protect data, such as during video meetings. To request a one-time exception to share your window:
- Click Share window.
- Enter your reason in the box provided for auditing purposes and click Share window to close.
DLP for Android
In the DLP Policy tab under Policies, you will find the enforcements listed. Tap each policy for more detail. The following describes what these policies mean when they are set to Restricted.
- Passcode: Your device must have a passcode enabled. If you do not have one set, you will be asked to create a passcode (6-digits at minimum). This passcode is separate from your Workplace 6-digit PIN.
- Network Access: Restricts the network used by managed applications to the Private Company Gateway (PCG). You'll learn about the PCG in the next module.
- Copy and Paste: You are unable to move data out of managed applications.
- Restrict Files to Managed Applications: This controls the location where work files can be stored. When restricted, work files are only accessible from within managed applications. When unrestricted, files can be accessed and stored at any location.
- Screen Capture: This controls the use of screen capture tools for managed work applications only, such as screen recording or screen shooting, and does not restrict personal use of these tools.
DLP for iOS
In the DLP Policy tab under Policies, you will find the enforcements listed. Tap each policy for more detail. The following describes what these policies mean when they are set to Restricted.
- Passcode: Your device must have a passcode enabled. If you do not have one set, or you only have a 4-digit passcode, you will be asked to create a 6-digit passcode (at minimum) for your device. This passcode is separate from your Workplace 6-digit PIN.
- Network Access: Restricts the network used by managed applications to the Private Company Gateway (PCG). You'll learn about the PCG in the next module.
- Copy and Paste: You are unable to move data out of managed applications.
- Restrict Files to Managed Applications: This controls the location where work files can be stored. When restricted, work files are only accessible from within managed applications. When unrestricted, files can be accessed and stored at any location.
- This includes a restriction for file sharing using AirDrop.
- Screen Capture: This controls the use of screen capture tools for your entire device, such as screen recording or screen shooting. If this is set to restricted, you will be unable to record your screen for work, as well as for personal use.
In the next module, you'll learn how the Private Company Gateway keeps your work inside LocalZone™.