Data Loss Prevention (DLP) App
Data loss prevention (DLP) is a security mechanism that helps prevent sensitive data from being unduly shared, misused, lost, or accessed by unauthorized users. The Data Loss Prevention App is free for Enterprise workspaces and works best with the most recent version of Rocket.Chat.
To install the Data Loss Prevention App,
- Navigate to Administration > Workspace > Apps > Marketplace.
- Search for the Data Loss Protection app.
- Click Install.
After installing the app, you need to configure the rule set for its functionality.
To configure DLP,
- On the DLP App Info screen, navigate to Settings.
- Configure the following settings as needed:
- Rules for Blacklisting message: Takes in an array of regular expressions defining the rules. Add each Regular Expression on a new line.
- Content control type: Choose to ignore channels or select targeted channels to monitor.
- Channels: List channels separated by commas to apply the Channel Filter rule.
- Censor only Sensitive Information: If enabled, only the sensitive information is replaced by multiple hashtags (######)
- Custom Blacklisted Message title: Set the title of a temporal message that replaces the blacklisted message pending when it gets approved by the moderator.
- Custom Pending approval message: Set the temporal message that replaces the blacklisted message pending when it gets approved by the moderator. Click More info button under the blacklisted message in the room to see it.
- Custom Rejected Message: This message is displayed in place of the blacklisted message when a moderator rejects a blacklisted message.
- Click Save Changes. The Data Loss Prevention App is ready and functional on your workspace.
Through DLP features, admins can create a list of regular expressions to be monitored in Rocket.Chat, and you can apply it to any conversation. Once a regular expression is detected, it appears blurred in the room where it was originally written. The original message is forwarded to a predefined channel for auditing flow, where a moderator can approve or reject its content. Rooms can have more than one moderator. It’s also possible to select the rooms to apply the DLP app. If you have channels on your workspace where sensitive information is frequently shared or data leak is more likely to happen, e.g., the finance team channel, you can restrict this channel.