MVISION Cloud Secure users can use Ionic DRM to automatically encrypt files generated inside your Sanctioned SaaS programs (for example: a report created in Salesforce or a document generated in Microsoft Office Online). Once encrypted, the files can only be viewed by authorized users through the Ionic plugin. Please follow these steps to configure Ionic DRM to protect your sensitive files on download
Define Rules in Ionic DRM Dashboard
- Navigate to the Ionic DRM Dashboard > Data Policy
- The Data Policy needs to have a rule which indicates the which users are allowed access and which users (if any) are specifically denied access.
Please consult Ionic’s help documents for instructions on building rules in their dashboard.
Set Service Level Properties on Skyhigh
- Navigate to Settings > Sanctioned Services > Service Management.
- For the service to be protected by Ionic DRM, click Add Properties.
cloud.access.policy.enabled = true
shn.drm.enabled = true
shn.ionic.data-marking = Ionic Data Marking
Define Rules in Skyhigh
Once configuration is complete in the Ionic Dashboard, you must create a rule in the MVISION Cloud to check for sensitive content such as SSN and pass the downloaded file to Ionic for encryption. Follow these steps to define the appropriate rule:
- Navigate to Policy > DLP Policies.
- Click Create Policy.
- Set type Proxy.
- Select the Service to be Managed (i.e., Salesforce).
- If you want all downloaded files to be protected by Ionic DRM, set the Rule Collaboration: Report Download for Salesforce or Download for other Secure CSPs
- If you want other conditional rules to determine encryption (for example, to only encrypt documents that contain Social Security Numbers), add the rules in addition to the rule. For example, to protect documents with Social Security Numbers, add the rule Data Identifier: SSN
- Because Ionic DRM’s plug-in cannot decrypt .xlsx files, set the exception rule for File Type: Microsoft Excel.
- Set the response Apply DRM.
Any file downloaded for the selected service (that matches any other rules) will be encrypted by Ionic DRM. Authorized users can view plain-text versions of the files through the Ionic Plugin