Granular Policies

Swift Security supports the configuration of granular policy . In the granular policy the system admin should have effective control over the data leaking out of the data.

As an Example : No employees can send PII information except HR .

Swift Security creates two policy one block and one allow

  1. Block Policy : Block all the employees sending any PII Information

  2. Allow Policy : Allow HR to send PII Information

Implicit Policy Prioritisation

Swift Security provides implicit prioritization of policies, requiring no explicit priority assignment by the system admin.

In cases of conflicting policies, the following rules govern conflict resolution:

a. Individual vs Group

Individual policies take precedence over group policies.

Example 1:

If there is a block policy for the entire HR Department and an allow policy for a specific HR individual, the specific HR individual will be allowed, while others in the HR Department will be blocked.

Even if this specific HR individual is part of the HR Department, the allow rule will be prioritized, as individuals take precedence over groups.

Example 2:

If there is a block policy for all URLs belonging to the AI Category and an allow policy for ChatGPT,

ChatGPT will be allowed despite being within the AI Category.

b. Intersecting set or Subset

If two sets A and B are defined and B is a subset of A, policies will be applied as follows:

  • Policies for A-B will be applied to the set excluding B.

  • Policies for B will be applied to the subset B itself.

Example 1:

If there is a block policy for R&D (set A) and an allow policy for DevOps (subset B within R&D), DevOps members within R&D will be allowed.

R&D members who are not part of DevOps will be blocked, adhering to the subset policy priority.

These rules ensure consistent policy application and resolution in case of conflicts.

c. Implicit prioritization based on actions

There is implicit prioritization of actions involving 5 levels:

  • Allowed

  • Alert

  • Warn

  • Mask

  • Block

Block takes precedence over Mask, Mask over Warn, Warn over Alert, and Alert over Allowed.

PreviousExtension InstallationNextControl URL access

Last updated