Create Policies

Objective: Create DLP policies using your RegEx data classifications

Now that we’ve created data classifications, it’s time to create policies that implements them. DLP policies differ from classifications in that they contain additional logic about what to do when a positive match is encountered. For instance, in some cases you may simply want to disover and tag the data while in others you might want to raise an incident with your SOC or perhaps even quarantine the file.

In other words, by separating the classification from the policy, it becomes usable in many different contexts.


Create a DLP policy for French Social Security Numbers

  1. Access your DLP policies from the Policy heading, select DLP Policies and then DLP Policies. Navigate to DLP Policies Navigate to DLP Policies
  2. From the Action drop-down menu, select Create New Policy. Create DLP Policy Create DLP Policy
  3. Provide a name for the DLP policy such as “RegEx - French SSN” (hint: you want the name to describe that it’s RegEx-based and is for French SSNs - so that we can find and use it later)
  4. Leave deployment type at API, do not select a Service Instance, and do not add a user filter.

Note that Lightning Link and Reverse Proxy deployment types are for *real time* enforcement of DLP policies when data is in motion to or from a sanctioned cloud service (as you could define in by clicking the **Select Service Instances** button). This is out of scope for this lab, but ask your instructor for more information if you would like see these in action.
  1. Click Next to continue

Set Rules for Your DLP Policy

  1. In the first IF statement, select Classification.
  2. In the side panel, under the unassigned category, select the classification you created for French Social Security Numbers Create DLP Policy Create DLP Policy
  3. Click Done to return to the policy rules.
  4. Click the THEN button directly under your first rules.
  5. Assign the Incedent Severity to Minor
  6. Click Next to continue to the DLP Responses

Review Available Policy Responses

  1. At the bottom of your policy click the THEN button.
  2. Review the list of available responses but do not select any of them.

The automatic responses available to you will depend on how the DLP policy is deployed. For example for an S3 bucket or file storage such as Onedrive or SharePoint, files can be moved to a secure quarantine area pending investigation. We do NOT want to do this in our lab because we will be comparing and contrasting different DLP strategies on against the same dataset.
  1. After reviewing the list, click Cancel then Next

Review Your French SSN DLP Policy

  1. Verify that your DLP policy resembles the screenshot below and click Save DLP Policy Review DLP Policy Review

Repeat the steps above to create DLP policies for Credit Card Number and UK Drivers License number classification.

  1. When finished, verify that your DLP policy list resembled the screenshot below: DLP Policy List DLP Policy List