In HubStor, data loss prevention (DLP) capabilities are native to the
storage. In this article, we'll provide an overview of what can be
achieved with HubStor's DLP features.
Tagging and Blocking
HubStor includes the concept of DLP Tags. DLP Tags can be leveraged in the following ways:
- Analysis -- You can see a detailed dashboard for each tag.
- Search -- You can use tags in your search criteria.
- Blocking -- By assigning 'Tag Behaviors', your tags can block certain actions.
- Policies -- You can leverage tags in other policies. For instance, an indexing policy may exclude items with the tag 'Confidential'.
DLP Tags can be applied to items when:
- RegEx -- a regular expression or query string is matched, and/or
- Tagging Policy -- a tagging policy's selection criteria is matched.
Optionally, DLP Tags can be configured to have one or more Tag
Behaviors. Tag Behaviors will be enforced on the items that have the
particular DLP Tag that associates the Tag Behavior, either through
RegEx or Tagging Policy. Tag Behaviors include:
- Legal Hold -- This assigns a legal hold status,
which blocks any deletion and also counts towards the statistics of data
on legal hold in HubStor.
- Prevent eDiscovery Export -- This blocks export in eDiscovery cases.
- Prevent User Retrieval -- This blocks any end user
from retrieving the item, either through the HubStor User Portal or a
stub, and also works to prevent sharing (both internal and external).
- Prevent Deletion -- This blocks deletion even when evaluating true in retention policies.
To create a DLP Tag, see HOW TO CREATE DLP TAGS.
To create a RegEx and use it with a DLP Tag, see HOW TO DETECT AND TAG PRIVATE/SENSITIVE DATA IN HUBSTOR.
To create a Tagging Policy and use it with a DLP Tag, see HOW TO CREATE TAGGING POLICIES AND APPLY DLP TAGS.
Data-level Access Rights Mapping
There are two types of access control lists (ACL) maintained by
HubStor for use in its authorization layer: Source ACL and Sharing ACL.
- The Source ACL is discovered during the archive’s
collection process. As content is archived the ACL information is
analyzed and captured in HubStor.
- The Sharing ACL is an additional access rights
granted through HubStor’s optional sharing feature. For instance, a
Sharing ACL record is generated whenever a user generates a sharing link
to an item or folder from the HubStor User Portal.
HubStor maintains both sets of ACL information on all items and
folders, and attempts to resolve each ACL member to a principal object
(user identity or group) from the latest directory synchronization. By
maintaining a mapping of the ACL members of folders and items to actual
identities, HubStor delivers low-level identity-awareness in the context
of eDiscovery (e.g. custodian search) and HubStor policies that
leverage custodian and/or data owner clauses.
Of course, not all ACL members will successfully resolve to a
principal object. This may occur because the ACL member is external to
your organization, is no longer present in the directory, or has yet
to synchronize to the directory. In this case, HubStor creates shadow
profiles (called shadow users) to resolve to, which it will later
reconcile with the actual identity should they later show up in
Thus, to see what a particular user or group has access to, or what
data is owned by a particular identity, you can either query this with
an eDiscovery search or create a statistics-only (Preview mode) policy
that runs to provide a dashboard view of what they have access to.
All activities performed by any user are always recorded in HubStor. This is not configurable.
Within the 'Tagging
' tab you can query and export activity audit information pertaining to end users. See HOW TO INTERROGATE USER ACTIVITIES IN HUBSTOR
Additionally, with the 'Administration
' tab you can
query and export on other activity types, including system activity and
administrative / privileged user activity. See HOW TO USE AUDITING IN HUBSTOR
How to Create Tagging Policies and Apply DLP Tags
In this article, we'll walk through creating a Tagging Policy that applies one or more Tags. To understand what can be achieved with Tags in HubStor, see UNDERSTANDING DLP IN HUBSTOR. For instructions on creating tags, see HOW TO CREATE DLP TAGS. To ...
How to Interpret HubStor Invoices
First, thank you for being a HubStor customer! This article shows you how to dissect and reverse engineer the numbers in a HubStor invoice. Before we walk through a few examples, here are some essentials you need to know: HubStor invoices are posted ...
Understanding Legal Hold in HubStor
In HubStor, there are multiple ways that legal hold can be applied. By User Holds placed within a Discovery case. See CREATE AND CONFIGURE AN EDISCOVERY CASE. By search results added to a Discovery case. See PERFORM SEARCHES AND ADD RESULTS TO A ...
Overview of the HubStor Connector Service (HCS)
The HCS is software that is deployed behind your firewall to provide policy-based archiving to your HubStor cloud tenant. The HCS runs on a Windows VM, uses a service account, and can be installed and configured in minutes. With the HCS installed, ...
How to Install and Configure the HubStor Connector Service (HCS)
If you have access to the HubStor Admin Portal, you can download the HubStor Connector Service installer by going to 'Administration' and then 'Tools & Utilities'. Step 1 -- Run the Installer Open the HCS installer file ...