Refer to the following sections when working in the
When working in the Protective Enclave, you are provided access to the following libraries:
These libraries are to be used for the following purposes:
|The documents in this library contain confidential (DCL3-related) information that only *you* have access to. The files in this library can only be accessed from within the Protective Enclave virtual desktop. Other people will not be able to access the files in this library. This is your personal library for protected documents.|
|The documents in this library contain system-wide shared
folders (i.e. Banner Folders - FinAid, Finance, Student, HR; your college's department
folders, etc.) that you and
others have access to. These are the folders you used
to access from your workstation using a mapped drive letter but now will
be accessing only from inside the Protective Enclave:
Before: Accessing Banner Folders using a mapped drive letter from
After: Accessing Banner Folders from inside the Protective Enclave
NOTE: You will only be able to see the folders that you have access to and these folders can only be accessed from within the Protective Enclave virtual desktop.
|This library is used to
both transfer non-DCL3 information out of the Protective
Enclave and information into the Protective Enclave. It can
be accessed from both your workstation and your Protective
Enclave virtual desktop. You will need to work with your
local IT department on how to access this area from your
WARNING: This area is a temporary library that is used during the transferring of data in and out of the Protective Enclave. Any data left in the Enclave-Transfer library will be securely shredded every morning at 2 AM. It is not backed up and shredded documents cannot be recovered.
When you are done for the day, close any applications (i.e. Word, Excel, Acrobat) on your local PC that has a file open that is located in your Enclave-Transfer library.
When you are working in the Protective Enclave if you attempt to save a file containing DCL3 data to this library, you will see a McAfee Data Loss Prevention (DLP) popup in the lower right hand corner of the virtual desktop indicating DCL3 data was found, and that the file was Encrypted:
NOTE: The link to 'Request DLP bypass' is currently not used by Data Loss Prevention.
Just because a file is not flagged as containing DCL3 data does not mean it should be transferred out of the Protective Enclave. Files that are known to contain DCL3 data that are not flagged, must not be transferred out of the Protective Enclave. You can right-click certain files to manually indicate that DCL3 data is in the document. The document will be treated as if it was automatically found to contain DCL3 data and will also be encrypted. NOTE: Only certain file types support this feature: certain Word, Excel and PowerPoint files, Adobe PDF, PNG, JPEG, MPEG, MP3, MP4, WAV and a few others). You will know if it supports it if the Data Protection menu appears when you right-click the file:
NOTE: The Manual Classification types listed may differ from the screenshot above.
After the file is manually marked that it contains DCL3 data, it is encrypted.
When a file is encrypted, the file's icon shows a padlock in the corner as an indication that it is encrypted:
You cannot open encrypted documents from your work PC; only from within the Protective Enclave's virtual desktop.
NOTE: If your libraries are not listed in a Save As window, right click in the white space under "This PC" to show menu:
NOTE: If you copy an encrypted file containing DCL3 data, then remove the DCL3 data and save as another file - it may result in an encrypted file that still cannot be opened outside the Protective Enclave. Sometimes when using certain products (e.g. Word, PDF) if DCL3 is removed from an encrypted document and saved as another document, the new document may not be encrypted. However, other products (i.e. Excel) may result in an encrypted document even if the DCL3 data has been removed.
One of the most common purposes of using the Enclave-Transfer Library would be for the purpose of sending e-mail. Often times when running a job in Banner, there is a need to e-mail the output to someone; for example, you produce a STUDENT SCHEDULE/BILL in Banner and you need to e-mail the PDF output to the student.
Since E-mail is restricted within the Protective Enclave, you will need to e-mail from outside the Protective Enclave:
There are two methods used to move data into the Protective Enclave:
Using your Enclave-Transfer library
When you are using the Enclave-Transfer library to transfer documents into the Protective Enclave, after placing documents in the Enclave-Transfer library from your workstation, you should immediately transfer the documents into your Enclave-Docs library from inside the Protective Enclave.
WARNING: The Enclave-Transfer library is a temporary library that is used during the transferring of data in and out of the Protective Enclave. Any data left in the Enclave-Transfer library will be securely shredded every morning at 2 AM. It is not backed up and shredded documents cannot be recovered.
Any document containing DCL3 data must be located inside the Protective Enclave. Sometimes data matches the description of DCL3 data (e.g. identity data along with bank account information) may not actually be DCL3 data and is not required to be moved into the Protective Enclave. The data user needs to know what is and is not DCL3 data. For example, vendors may provide you documents that contain their bank name, address, ABA routing number and account number that can only be used for deposits and not withdraws. Typically, this information is being provided to you from the vendor via email and is often also published on their websites. In this case, this is not DCL3 data. Use this to make your decision as to whether or not it must be moved into the Protective Enclave: If it's publicly available information for a bank account that is used only to make deposits, then it does not need to be moved to the PE.
Using an Enclave Scanner for the following approved applications:
Sometimes a file is flagged as containing sensitive data and ends up being encrypted when it does not contain sensitive data. This is known as a False Positive and will require you to work with your local IT department in order to allow the file to be allowed out of the Protective Enclave.
Note this FAQ item that we currently don't support the "Bypass" feature.
A ticket will need to be created with the NetID of the user and the file name that is being flagged as a false positive.