home

Security Service Edge

Mobile Endpoint SecuritySecurity Service Edge
Mobile Endpoint SecuritySecurity Service Edge

Lookout Product Documentation

Find answers about using and optimizing Lookout products.

Show Contents

Security Service Edge

Configuring Lookout Cloud Security Platform for Policy Management

Create Content Digital Rights Templates

Content Digital Rights configurations provide streamlined template management for efficient and consistent application of content classification, customization, and protection options. Templates for content digital rights can be created and the settings applied to multiple policies. The templates can be accessed and managed through a Content Digital Rights page under the Protect menu in the Management Console.

Content Digital Rights captures all aspects of content classification and protection, in these components.

Where encryption is applied, documents will be tracked by the CDR ID used to encrypt, instead of the ID of the policy triggered for encryption.

You can apply a template to multiple policies.

Once you have created a CDR template, you can modify it but cannot delete it as long as you are still using it.

  1. Select Protect > Content Digital Rights and click New.
  2. Enter a Name (required) and a Description (optional) for the CDR template.
  3. Select the Type of documents to which this template will apply:
    • Structured -- Policy applies to structured objects.
    • Documents with Encryption -- Policy applies to documents to be encrypted.
    • Documents without Encryption -- Policy applies to documents that are not to be encrypted.
  4. Click Next to add CDR elements.
  5. For each component to include, click the toggle to enable it.

    • Watermark Text

      Enter the text for the watermark. Then, select the formatting options for the watermark.

    • Token Obscurity

      Select Mask, Redact, or Document Highlighting.

      IMPORTANT The Mask and Redact actions permanently delete the selected characters, to prevent unauthorized leaks of data. Masking and redaction cannot be undone once a policy is saved.

      Notes regarding API policy enforcement for Redact, Mask, Watermark/Encrypt actions

      In Salesforce reports (Classic and Lightning versions), the Mask action is not applied to report name, filter criteria, and keyword search. As a result, these items are not masked in the report object.

      When an API Protect policy is created with Redact/Mask/Watermark/Encrypt as an action, the policy action is not taken if a file created in Google Drive is renamed and then updated with DLP content.

    • Encrypt

      If the policy will provide an encryption action, select these items to apply specific directions for encryption:

      • An encryption key.

      • Content expiration - by date, by time, or no expiration.

        • If you selected By Date, select a date from the calendar.
        • If you selected By Time, select minutes, hours, or days, and a quantity (for example, 20 minutes, 12 hours, or 30 days).

      • An offline access option.

        • Always (default)
        • Never
        • By Time. If you select By Time, select hours, minutes, or days, and a quantity.
  6. Add permission objects, which define the scope (internal or external), users and groups, and permission levels.
    1. Click New and select permission options.

    2. Scope -- Select Internal or External.
    3. Type -
      • For Internal scope, select Users, Groups, or Recipients.
      • For External scope, select Users, Domains, or Recipients.

        The Recipients type applies only to cloud applications that have the Email protection mode selected when the cloud application is onboarded.

      Depending on the Type you choose, the next field will be labeled as follows.

      • For Internal scope, either Users (for users) or Source (for groups). If you selected Recipients, this next field does not appear. If you selected Source, check the names of groups to include.
      • For External scope, either Users (for users) or Domains. If you selected Recipients, this next field does not appear.
      • Enter or select the user, source, or domain information.
      • For Users (Internal or External scope) - Click the pen icon, choose All or Selected. For Selected, enter one or more valid user email addresses, each separated by a comma. Click Save.

      • For Source (Internal scope) - Select a source for the group or groups. From the Groups List

        box that appears, check one or more groups, or all groups. Click Save.

      • For Domains (External scope) - Enter one or more domain names.
      • Permissions - Select Allow (full permissions) or Deny (no permissions).
  7. Click Save.
    The permission object is added to the list.
  8. Click Next to view a summary of the CDR template and click Confirm to save it.
    The template is listed on the Content Digital Rights page. When you assign this template to policies you create, those policy names will appear in the Assigned Policies column.

Last updated: November 20, 2024

lookout-footer

Legal Privacy Policy Cookie Policy Transparency Report Compliance Info Compliance Info (Gov)

© 2024 Lookout, Inc. LOOKOUT®, the Lookout Shield Design®, LOOKOUT with Shield Design® and the Lookout multi-color/multi-shaded Wingspan Design® are registered trademarks of Lookout, Inc. in the United States and other countries. DAY OF SHECURITY®, LOOKOUT MOBILE SECURITY®, and POWERED BY LOOKOUT® are registered trademarks of Lookout, Inc. in the United States. Lookout, Inc. maintains common law trademark rights in EVERYTHING IS OK, PROTECTED BY LOOKOUT, CIPHERCLOUD, and the 4 Bar Shield Design.