Connecticut State Colleges & Universities
IT Support Center

IT Support Center | Connecticut State Colleges & Universities - Protective Enclave - Adding Printers

Working in the Protective Enclave

Refer to the following sections when working in the Protective Enclave:

Working with Protective Enclave Libraries

When working in the Protective Enclave, you are provided access to the following file shares/libraries:

These libraries are to be used for the following purposes:

Enclave-Docs
The documents in this library contain confidential (DCL3-related) information that only *you* have access to.  The files in this library can only be accessed from within the Protective Enclave virtual desktop.  Other people will not be able to access the files in this library.  This is your personal library for protected documents.
Enclave-Shared
The documents in this library contain confidential (DCL3-related) information for Banner reporting and other department and system-wide folders that you and others will have access to.  You will only be able to see the folders that you have access to and these folders can only be accessed from within the Protective Enclave virtual desktop.
Enclave-Transfer
This library should be used to store non-confidential (non-DCL3-related) information that only *you* will have access to and can be accessed from both your work PC and your Protective Enclave virtual desktop.  You will need to work with your local IT department on how to access this area from your work PC.  You should not save any confidential (DCL3-related) information in this library. 

When you are working in the Protective Enclave, if you try to save a file containing DCL3 data to this library, you will see a McAfee Data Loss Prevention (DLP) popup in the lower right hand corner of the virtual desktop indicating sensitive content was found, and that the file copy was Encrypted:



When a file is encrypted, the file's icon shows a padlock in the corner as an indication that it is encrypted:



You cannot open encrypted documents from your work PC; only from within the Protective Enclave's virtual desktop. 

NOTE: If your libraries are not listed in a Save As window, right click in the white space under "This PC" to show menu:



There are security controls in place that prevent sensitive data from leaving the Protective Enclave. 

The Enclave-Transfer Library is used by Protective Enclave users to transfer files in and out of the Protective Enclave.  If you were to try to save a file from inside the Protective Enclave containing DCL3 data to the Enclave-Transfer Library, the file will be detected as containing sensitive data and will be encrypted. When a file is encrypted, it can only be opened from inside the Protective Enclave and cannot be opened from outside the Protective Enclave (i.e. from your workstation).

NOTE: If you copy an encrypted file containing DCL3 data, then remove the DCL3 data and save as another file - it may result in an encrypted file that still cannot be opened outside the Protective Enclave. Sometimes when using certain products (e.g. Word, PDF) if DCL3 is removed from an encrypted document and saved as another document, the new document may not be encrypted. However, other products (i.e. Excel) may result in an encrypted document even if the DCL3 data has been removed.

E-mailing Protective Enclave Documents

One of the most common purposes of using the Enclave-Transfer Library would be for the purpose of sending e-mail.  Often times when running a job in Banner, there is a need to e-mail the output to someone; for example, you produce a STUDENT SCHEDULE/BILL in Banner and you need to e-mail the PDF output to the student. 

Since E-mail is restricted within the Protective Enclave, you will need to e-mail from outside the Protective Enclave:

  • From inside the Protective Enclave, launch Banner and run the appropriate report
  • Save the PDF output file to your Enclave-Transfer Library
  • Switch to your workstation's desktop and access the mapped drive to your Enclave-Transfer file share
  • If the file was not found to have contained DCL3, it will not have the lock icon and can be e-mailed. However, if the file was found to have contained DCL3, it will have the lock icon and the content will not be accessible outside the Protective Enclave.
  • If the file does not have the lock icon, use your E-mail program to attach the file found in the Enclave-Transfer folder.

Moving DCL3 Data into the Protective Enclave

When DCL3 data is not located inside the Protective Enclave and needs to be moved into the Protective Enclave, you would use the Enclave-Transfer folder to transfer it from your PC. For example a vendor sends you a file in an e-mail containing sensitive data classified as DCL3 data. You know that this file should not stay in your mailbox, and you can't save it to your PC because that's not a secure location.  So you save it to the drive letter on your PC that is mapped to the Enclave-Transfer folder.  Once there, you can then access the file in your Enclave-Transfer Library from within your Protective Enclave virtual desktop and *move* the file out of the Enclave-Transfer Library to a secure location; for example, your Enclave-Docs Library.

You would also need to remember to remove it from your e-mail inbox as well.

Reporting a False Positive

Sometimes a file is flagged as containing sensitive data and ends up being encrypted when it does not contain sensitive data. This is known as a False Positive and will require a bypass in order to allow the file to be allowed out of the Protective Enclave. Contact your institution's Protective Enclave Liaison.