Restricting access policies are dynamic, context-sensitive rules that strictly govern who, what, when, where, and how can do with specific data based on its classification.
How Restrictive Policies work in DCSM:
1
Classification is the basis of the entire system
Data is tagged with metadata indicating its level of sensitivity (e.g., "Highly Confidential", "Confidential", "Internal Use", "Public"). Classification can be manual (user/administrator) or automatic (DLP, content analysis).
2
Classification-Based Policy Definition
Policies are bound directly to data through its classification labels. These policies travel with the data wherever it resides (on-premises server, SharePoint cloud, USB drive, email attachment).
3
ABAC-based control (Attribute-based access control)
Policies take into account not only who (user/role/group), but also:
Where:
Network address, geolocation, trusted device/network?
When:
Working hours, weekends, specific hours?
On what:
Work laptop, personal smartphone, public terminal?
How:
Is editing, copying, printing, forwarding allowed? Can I unclassify?
Eric Schmidt, former CEO of Google