What is inSync Compliance?
inSync Compliance provides visibility of compliance breaches associated with end-user data in your organization. inSync Compliance lets you proactively track, monitor, and get notified for data compliance risks in your organization.
The end-user data can be across any of the following data sources:
- Endpoints such as laptops, desktops, iOS and Android devices
- OneDrive from Office 365 services
- Emails that are backed up from Gmail, MAPI, and Exchange Online
- Box and Google Drive
inSync Compliance reports compliance violations for sensitive data that occurs in the email body, subject, and attachments. inSync displays emails with sensitive data on the Compliance Dashboard and allows administrators to download emails in the EML file format.
Once enabled, inSync Compliance:
- Provides the ability to define sensitive data and scan user data for compliance violations or risks of violations.
- Allows you to locate end-user data that has violated a compliance policy.
- Lets you generate a non-compliance report and view the visual representation to indicate adherence to compliance regulations in your company. For more information, see Non-Compliance Report.
- inSync Compliance is currently not available on Microsoft Azure storage. For more information on Microsoft Azure storage, contact Druva Sales (firstname.lastname@example.org).
- inSync Compliance is currently not available for inSync GovCloud customers. For more information, contact Druva Support.
- inSync Compliance does not check for violations in unattached PST files, calendar events, and contacts data that are backed up from MAPI, Exchange Online, and Gmail.
- inSync Compliance will detect violations in emails backed up from MAPI, Exchange Online, and Gmail starting from the last backup after this capability is available. For example, James has purchased an inSync Elite Plus license and is backing up data daily starting from 1 January 2016. He is also monitoring the data for sensitive information and potential data risks. If the capability to check for violations in emails backed up from MAPI, Exchange Online, and Gmail is available on 21 March 2016, then inSync Compliance will detect violations in the emails starting from backups on 20 March 2016.
- inSync reports compliance violations in MAPI-backed up emails from Windows computers only.
What are the benefits?
inSync Compliance provides the following capabilities:
- Centralized Compliance Dashboard: The Compliance Dashboard provides an easily navigable federated view by file name, modified on, user ID, sensitive data matched, and policy violated. This dashboard lets you quickly access and track compliance violations.
- Non-compliance reporting: You can subscribe to the non-compliance reports, which are automatically generated and emailed to subscribers when potential data risks are discovered.
- Predefined, customizable compliance templates: You can select from predefined templates such as HIPAA, GLBA, PCI, or customize templates. inSync will automatically scan, identify, and alert the organization of risks.
- Intuitive Dashboard, Simplified Administration, and Powerful Admin Controls
- Access to a simplified dashboard with a dedicated file and email view with complete details of violations for every file version and email conversation in their enterprise.
- Dedicated Non-Compliance report for emails for offline review and investigations.
- Tamperproof audit trails with complete visibility of administrative changes to compliance policies.
- Thresholds for each sensitive data to immediately act on critical violations.
- Ability to scan files based on MIME types to cover against rogue or malicious end users trying to change extensions of files with sensitive data.
- Take actions to resolve compliance violations as per your Incident response process
- Ability to take resolve violations and quarantine violations which will disable downloads and restores of files and email for inSync end users from inSync Web.
- Support for more regions and pre-defined templates
- Support for sensitive data relevant to US, UK, Germany, Australia, and South Africa as well as sensitive data classified as per global regulations.
- Download files or Emails for Offline review
- Ability for administrators to download files and emails for offline review before taking remedial actions and avoid potential data breaches.
What are the components of a compliance policy?
The following illustration provides information about the components of a compliance policy:
Is inSync Compliance available for my inSync Cloud setup?
inSync Compliance is available only with Elite Plus edition of inSync Cloud. To purchase inSync Cloud Elite Plus license for your organization, contact Druva Sales.
Who can access inSync Compliance capabilities?
The cloud administrator can do the following:
- Create, modify, and delete compliance policies.
- View the compliance summary at the Compliance Dashboard.
- Access the Non-Compliance report for all the profiles.
Profile administrators can do the following:
- Access the Non-Compliance report only for the profiles that they are mapped to. However, they cannot view the compliance summary at the Compliance Dashboard.
What happens if I do not have a valid inSync Compliance license?
If Elite Plus license is not available
If you do not have Elite Plus edition of inSync Cloud, then you will not be able to access inSync Compliance. Instead of the Compliance Dashboard, you will see a message requesting you to contact Druva Sales.
If Elite Plus license is expired
inSync will stop indexing data for all inSync users once the license expires. Additionally, cloud administrator will not be able to create, view, modify, or delete compliance policies, compliance templates, and sensitive data. However, inSync will retain the non-compliant violation information. Additionally, the non-compliance reports will not be displayed.
For more information, see Frequently asked questions.
What can I do if a policy violation is detected?
- Generate a Non-Compliance report
You should generate the Non-Compliance report to identify the user, data sources, and files that violate your organization’s compliance policy. This report will help you investigate potential risks well in advance of a data breach. The report also helps you to get in touch with the respective end users to get them to protect their sensitive data. For more information, see Generate a Non-Compliance report.
- Put the user on legal hold
Based on the investigations conducted on the basis of the Non-Compliance report, you may choose to place the relevant users on legal hold within inSync, if they are found to work with sensitive data that is not in compliance with your company policy. For more information, see Create a legal hold policy.