XQ provides the capability to add Metadata Labels to XQ encrypted data through the use of policies. (For a general overview see here.) Once a label has been created and applied to data, Data Access policies can be created to restrict access to that data by:
- Geolocation
- IP address
- Group
To start using Labels, go to the policies section of the XQ Dashboard and create a new Data Loss policy. The condition for labeling can be anything that you choose: key words, recipient domains, patterns, etc.
In the action, ensure that you select ‘Label Metadata’ and add a label (if you don’t already have labels in the system, you can create them here).
Once you have created the data loss policy, labels will be available for creating data access policies.
Data Access Policies with Labels
As with Labeling data, Data Access policies with Labels can be used with both email and Vault data. Here is an example of a data access policy that blocks access to files labeled ‘secret’ from the Sales Group:
Note: In order to have group restrictions available, you will need to have an Identity Provider integration configured (MS Entra or Okta).
In this example, the Sales group member will be blocked from accessing the data and will be given the message ‘This data is not available.’ when they attempt to access.
Blocking Based with Labels and Location or IP
Another common scenario is to block access to data with certain labels by Location. For example, in an export controlled ITAR environment, you may want to ensure that any data with the ITAR label will not be accessible outside of the United States. This policy can be configured as follows:
One important element in this configuration is the condition set to ‘All’. This is important because we want to ensure that only data with this Label AND is being accessed from outside (‘not from’) the USA is being blocked; other data will still be accessible outside the USA.
Again in this example, we’ve included a Notification to the user, but you can also notify an admin of violations to this policy if that better fits with your organizational policies.