Data Protection and SSL

Question

Hi, I was wondering if anyone could tell me whether or not Data Protection works with SSL-encrypted traffic on the endpoints. For example, will a properly configured Data Protection policy prevent designated sensitive information from being transmitted from an endpoint to an external source if the mechanism providing the transport is encrypted via SSL? I had a customer recently ask about this and wasn't sure what to tell them. I also searched through the associated guides and haven't found confirmation of this.

Any insight on this would be appreciated.

Thanks!

This thread was automatically locked due to age.

QC · Accepted Answer

Hello JSWVLCM, as said, DLP prevents that files (about to be copied, attached, uploaded) are read. It can not prevent that contents are pasted and subsequently transmitted. DLP uses the on-access scanning component (BTW, AFAIK the defined on-access exclusions still apply to DLP as well). As we know, there're always ways to sneak out data. A near ideal solution would require a tightly controlled endpoint (to block portable applications), scanning on the gateways (which is also possible for TLS), and a defined set of permitted protocols. Christian :54535