Connecticut State Colleges & Universities
IT Support Center

IT Support Center | Connecticut State Colleges & Universities - Protective Enclave - Adding Printers

Working in the Protective Enclave

Refer to the following sections when working in the Protective Enclave:

Working with Protective Enclave Libraries

When working in the Protective Enclave, you are provided access to the following libraries:

These libraries are to be used for the following purposes:

Enclave-Docs
The documents in this library contain confidential (DCL3-related) information that only *you* have access to.  The files in this library can only be accessed from within the Protective Enclave virtual desktop.  Other people will not be able to access the files in this library.  This is your personal library for protected documents.
Enclave-Shared
The documents in this library contain system-wide shared folders (i.e. Banner Folders - FinAid, Finance, Student, HR; your college's department folders, etc.) that you and others have access to.  These are the folders you used to access from your workstation using a mapped drive letter but now will be accessing only from inside the Protective Enclave:

Before: Accessing Banner Folders using a mapped drive letter from your workstation

After: Accessing Banner Folders from inside the Protective Enclave

NOTE: You will only be able to see the folders that you have access to and these folders can only be accessed from within the Protective Enclave virtual desktop.
Enclave-Transfer
This library is used to both transfer non-DCL3 information out of the Protective Enclave and information into the Protective Enclave. It can be accessed from both your workstation and your Protective Enclave virtual desktop. You will need to work with your local IT department on how to access this area from your workstation. 

WARNING: This area is a temporary library that is used during the transferring of data in and out of the Protective Enclave. Any data left in the Enclave-Transfer library will be securely shredded every morning at 2 AM. It is not backed up and shredded documents cannot be recovered. 

When you are done for the day, close any applications (i.e. Word, Excel, Acrobat) on your local PC that has a file open that is located in your Enclave-Transfer library.

When you are working in the Protective Enclave if you attempt to save a file containing DCL3 data to this library, you will see a McAfee Data Loss Prevention (DLP) popup in the lower right hand corner of the virtual desktop indicating DCL3 data was found, and that the file was Encrypted:


NOTE: The link to 'Request DLP bypass' is currently not used by Data Loss Prevention.

Just because a file is not flagged as containing DCL3 data does not mean it should be transferred out of the Protective Enclave. Files that are known to contain DCL3 data that are not flagged, must not be transferred out of the Protective Enclave. You can right-click certain files to manually indicate that DCL3 data is in the document. The document will be treated as if it was automatically found to contain DCL3 data and will also be encrypted. NOTE: Only certain file types support this feature: certain Word, Excel and PowerPoint files, Adobe PDF, PNG, JPEG, MPEG, MP3, MP4, WAV and a few others). You will know if it supports it if the Data Protection menu appears when you right-click the file:


NOTE: The Manual Classification types listed may differ from the screenshot above.

After the file is manually marked that it contains DCL3 data, it is encrypted.

When a file is encrypted, the file's icon shows a padlock in the corner as an indication that it is encrypted:



You cannot open encrypted documents from your work PC; only from within the Protective Enclave's virtual desktop. 

NOTE: If your libraries are not listed in a Save As window, right click in the white space under "This PC" to show menu:



NOTE: If you copy an encrypted file containing DCL3 data, then remove the DCL3 data and save as another file - it may result in an encrypted file that still cannot be opened outside the Protective Enclave. Sometimes when using certain products (e.g. Word, PDF) if DCL3 is removed from an encrypted document and saved as another document, the new document may not be encrypted. However, other products (i.e. Excel) may result in an encrypted document even if the DCL3 data has been removed.

E-mailing Protective Enclave Documents

One of the most common purposes of using the Enclave-Transfer Library would be for the purpose of sending e-mail.  Often times when running a job in Banner, there is a need to e-mail the output to someone; for example, you produce a STUDENT SCHEDULE/BILL in Banner and you need to e-mail the PDF output to the student. 

Since E-mail is restricted within the Protective Enclave, you will need to e-mail from outside the Protective Enclave:

  • From inside the Protective Enclave, launch Banner and run the appropriate report
  • Save the PDF output file to your Enclave-Transfer Library
  • Switch to your workstation's desktop and access the mapped drive to your Enclave-Transfer library
  • If the file was not found to have contained DCL3, it will not have the lock icon and can be e-mailed. However, if the file was found to have contained DCL3, it will have the lock icon and the content will not be accessible outside the Protective Enclave.
  • If the file does not have the lock icon, use your E-mail program to attach the file found in the Enclave-Transfer library.
  • When you are done for the day, close any applications (i.e. Outlook, Word, Excel, Acrobat) on your workstation that has a file open that is located in your Enclave-Transfer library.
  • Remember that the Enclave-Transfer library is a temporary area and files are shredded nightly.

Moving DCL3 Data into the Protective Enclave

There are two methods used to move data into the Protective Enclave:

  • Using your Enclave-Transfer library

    When you are using the Enclave-Transfer library to transfer documents into the Protective Enclave, after placing documents in the Enclave-Transfer library from your workstation, you should immediately transfer the documents into your Enclave-Docs library from inside the Protective Enclave.

    WARNING: The Enclave-Transfer library is a temporary library that is used during the transferring of data in and out of the Protective Enclave. Any data left in the Enclave-Transfer library will be securely shredded every morning at 2 AM. It is not backed up and shredded documents cannot be recovered.

    Any document containing DCL3 data must be located inside the Protective Enclave. Sometimes data matches the description of DCL3 data (e.g. identity data along with bank account information) may not actually be DCL3 data and is not required to be moved into the Protective Enclave. The data user needs to know what is and is not DCL3 data. For example, vendors may provide you documents that contain their bank name, address, ABA routing number and account number that can only be used for deposits and not withdraws. Typically, this information is being provided to you from the vendor via email and is often also published on their websites. In this case, this is not DCL3 data. Use this to make your decision as to whether or not it must be moved into the Protective Enclave: If it's publicly available information for a bank account that is used only to make deposits, then it does not need to be moved to the PE.

  • Using an Enclave Scanner for the following approved applications:

    USCIS-SAVE (Systematic Alien Verification for Entitlement) system

    Inceptia's Verification Gateway system

Reporting a False Positive

Sometimes a file is flagged as containing sensitive data and ends up being encrypted when it does not contain sensitive data. This is known as a False Positive and will require you to work with your local IT department in order to allow the file to be allowed out of the Protective Enclave.