Create Encryption and Decryption Policies in the CloudSOC Gateway.

book

Article ID: 170856

calendar_today

Updated On:

Products

CASB Security Standard CASB Security Premium CASB Security Advanced CASB Audit CASB Gateway CASB Gateway Advanced

Issue/Introduction

CloudSOC/CASB/Elastica

Create encryption and decryption policies within the CloudSOC/Elastica Gateway.

Resolution

Prerequisites:

To configure the CloudSOC/Elastica Gateway to encrypt and decrypt files, establish the following conditions:

  • KeySecure version 8.1.0 to 10
  • AWS/KeySecure 64-bit

 

To create Protect policies that specify the conditions under which files are encrypted or decrypted as they pass through the CloudSOC/Elastica Gateway:

  1. Log on to CloudSOC using administrator credentials.
  2. On the left side navigation bar, choose Protect > Policies​.
  3. Near the upper right corner of the Protect page, Choose +New > Policy​.
  4. In the Policy Details area, enter a name and description.
  5. For Policy Type, choose "File Transfer via Gatelets"​.
  6. In the Define Rules area, set the Transfer Type for the policy. Choose Upload​, Download​, or both.
  7. (Optional) In the Content Inspection area, choose one or more ContentIQ profiles as matches or as exceptions. This step is done if encrypting documents based on selected profile matches is desired.
    Note: ​Although the policy encrypts documents based on content inspection, content inspection cannot be used as a criterion for decrypting them. In this case create a separate policy that specifies decryption for downloaded documents based on criteria other than content inspection.
  8. In the Define Response area, use the Encryption checkboxes to choose the encryption and decryption options as appropriate. If the Encryption tools are absent from the Define Response area, it might mean that the CloudSOC account is not configured for file encryption. Confirm that the CloudSOC and the key server are configured. If both Download and Upload are selected for Transfer Type, mark both the Encrypt file upload ​and Decrypt file download ​checkboxes.
    Note: ​The "Block file transfer on errors" checkboxes are marked by default; we recommend that these settings are used for maximum security. These settings block file transfers if the gateway cannot encrypt or decrypt the file. Reasons for encryption or decryption failures include: Files larger than maximum supported size, incorrect key server settings, and KeySecure connection failure.
  9. Configure other policy settings as appropriate.
  10. Review the policy carefully. Confirm that the policy meets the desired result. Then move the Policy Status slider at the top of the page to the right so that it reads "Enabled​".
  11. Click Save​.
  12. On the Policies tab, click the new policy to review its schematic. In the Responses area, the actions now include Encryption.