Allow downloading files from authorized partners only

Overview:

The purpose of this example is to create a Smart DLP rule that allows downloading of files from authorized partners of your company initiated from a specific public IP address or a list of public IP addresses.

In the example, a FileCloud group is named after the partner company, "Company XYZ", and contains users from this company.

Another FileCloud group named "Internal" contains all the internal users from your company.

Configuration Steps:


1. Create Smart DLP Rule

  • Open the FileCloud Admin portal, and in the navigation panel, click Smart DLP.
  • Add a new DLP rule.
  • Configure the rule to allow downloads from users in the group "Company XYZ" when requests are initiated from a specific IP or multiple specific IPs. In the second image below, multiple specific IPs would appear as _request.remoteIp in ['IP1', 'IP2', 'IP3'])
  • In the image below, (_user.inGroup('Internal')) allows downloads from users in group "Internal" initiated from any IP.




2. Test Smart DLP rule

  • As a user in the "Internal" group, log in to the FileCloud user portal. 
  • Share a file with a user from the group "Company XYZ".
  • Log in to the user portal as a user from the group "Company XYZ" from a public IP that is allowed by the DLP rule.  Confirm that the file downloads successfully.
  • Log in to the user portal as a user from the group "Company XYZ" from a public IP that is not allowed by the DLP rule. Confirm that file download is forbidden.