Four-eye principle protects corporate data
iQ.Suite Tips & Tricks for Microsoft Exchange / SMTP
The four-eye principle is a suitable way of protecting sensitive corporate data. This means that emails do not leave an organization until authorization has been given by a control authority. Read the example given here.
Step by Step:
- First you need to define the outgoing emails to which you want to apply the four-eye principle. Emails containing construction drawings are one example.
- Now we need an iQ.Suite Watchdog Attachment Filtering Job. This checks the files types in all outgoing emails.
- If an email contains the file attachment it is searching for, the "Redirect Mail" action takes effect.
- The email is then redirected to a predefined mailbox.
- The redirected email can then be checked in this mailbox by the persons authorized to do so.
- If authorization is given for the email to leave the organization, the reviewer can dispatch the email to the original recipient via the "Send as" function. To do this, he must have the appropriate permissions to access the mailbox.
- As an alternative to redirecting the mail to a mailbox, it can also be parked in "outbound" quarantine. The reviewer then receives collective reports (familiar from anti-spam scenarios) that list the emails stored there. Reviewers then use the "Request" command to have the relevant emails sent to them. If authorization is granted for an email to be sent, reviewers execute the "Release" function. The email is then removed from quarantine and sent to the original recipient.