HubStor Inc.

Understanding DLP in HubStor

In HubStor, data loss prevention (DLP) capabilities are native to the storage.  In this article, we'll provide an overview of what can be achieved with HubStor's DLP features.

Tagging and Blocking

HubStor includes the concept of DLP Tags.  DLP Tags can be leveraged in the following ways:
  1. Analysis -- You can see a detailed dashboard for each tag.
  2. Search -- You can use tags in your search criteria.
  3. Blocking -- By assigning 'Tag Behaviors', your tags can block certain actions.
  4. Policies -- You can leverage tags in other policies. For instance, an indexing policy may exclude items with the tag 'Confidential'.

DLP Tags can be applied to items when:

  1. RegEx -- a regular expression or query string is matched, and/or
  2. Tagging Policy -- a tagging policy's selection criteria is matched.

Optionally, DLP Tags can be configured to have one or more Tag Behaviors.  Tag Behaviors will be enforced on the items that have the particular DLP Tag that associates the Tag Behavior, either through RegEx or Tagging Policy. Tag Behaviors include:

  1. Legal Hold -- This assigns a legal hold status, which blocks any deletion and also counts towards the statistics of data on legal hold in HubStor.
  2. Prevent eDiscovery Export -- This blocks export in eDiscovery cases.
  3. Prevent User Retrieval -- This blocks any end user from retrieving the item, either through the HubStor User Portal or a stub, and also works to prevent sharing (both internal and external).
  4. Prevent Deletion -- This blocks deletion even when evaluating true in retention policies. 

To create a DLP Tag, see HOW TO CREATE DLP TAGS.

To create a RegEx and use it with a DLP Tag, see HOW TO DETECT AND TAG PRIVATE/SENSITIVE DATA IN HUBSTOR.

To create a Tagging Policy and use it with a DLP Tag, see HOW TO CREATE TAGGING POLICIES AND APPLY DLP TAGS.

Data-level Access Rights Mapping

There are two types of access control lists (ACL) maintained by HubStor for use in its authorization layer: Source ACL and Sharing ACL.
  1. The Source ACL is discovered during the archive’s collection process. As content is archived the ACL information is analyzed and captured in HubStor.
  2. The Sharing ACL is an additional access rights granted through HubStor’s optional sharing feature. For instance, a Sharing ACL record is generated whenever a user generates a sharing link to an item or folder from the HubStor User Portal.

HubStor maintains both sets of ACL information on all items and folders, and attempts to resolve each ACL member to a principal object (user identity or group) from the latest directory synchronization. By maintaining a mapping of the ACL members of folders and items to actual identities, HubStor delivers low-level identity-awareness in the context of eDiscovery (e.g. custodian search) and HubStor policies that leverage custodian and/or data owner clauses.

Of course, not all ACL members will successfully resolve to a principal object. This may occur because the ACL member is external to your organization, is no longer present in the directory, or has yet to synchronize to the directory. In this case, HubStor creates shadow profiles (called shadow users) to resolve to, which it will later reconcile with the actual identity should they later show up in the directory.

Thus, to see what a particular user or group has access to, or what data is owned by a particular identity, you can either query this with an eDiscovery search or create a statistics-only (Preview mode) policy that runs to provide a dashboard view of what they have access to.

Activity Intelligence

All activities performed by any user are always recorded in HubStor.  This is not configurable. 

Within the 'Tagging' tab you can query and export activity audit information pertaining to end users.  See HOW TO INTERROGATE USER ACTIVITIES IN HUBSTOR.

Additionally, with the 'Administration' tab you can query and export on other activity types, including system activity and administrative / privileged user activity. See HOW TO USE AUDITING IN HUBSTOR.

    • Related Articles

    • How to Create Tagging Policies and Apply DLP Tags

      In this article, we'll walk through creating a Tagging Policy that applies one or more Tags.  To understand what can be achieved with Tags in HubStor, see UNDERSTANDING DLP IN HUBSTOR. For instructions on creating tags, see HOW TO CREATE DLP TAGS. To ...
    • How to Interpret HubStor Invoices

      First, thank you for being a HubStor customer! This article shows you how to dissect and reverse engineer the numbers in a HubStor invoice. Before we walk through a few examples, here are some essentials you need to know: HubStor invoices are posted ...
    • Understanding Legal Hold in HubStor

      In HubStor, there are multiple ways that legal hold can be applied. By User Holds placed within a Discovery case. See CREATE AND CONFIGURE AN EDISCOVERY CASE. By search results added to a Discovery case. See PERFORM SEARCHES AND ADD RESULTS TO A ...
    • Overview of the HubStor Connector Service (HCS)

      The HCS is software that is deployed behind your firewall to provide policy-based archiving to your HubStor cloud tenant. The HCS runs on a Windows VM, uses a service account, and can be installed and configured in minutes. With the HCS installed, ...
    • How to Install and Configure the HubStor Connector Service (HCS)

      If you have access to the HubStor Admin Portal, you can download the HubStor Connector Service installer by going to 'Administration' and then 'Tools & Utilities'. Step 1 -- Run the Installer Open the HCS installer file ...