Getting started

Assign someone as your Shield admin: This person will have access to all Enterprise Shield settings and features. This role will own security setup, ongoing monitoring, and enforcement. This role will provide access to all documents on the account and is typically assigned to senior members of security or legal teams.

Start by turning on these quick features that add immediate security and content protection with minimal impact to your users.

• Content inspection: Enable content inspection to automatically scan all documents for sensitive data. This inspection runs silently in the background without disrupting users. We recommend customizing your policy to scan for the sensitive categories and infotypes that matter most to your account. For example, turn off “person name” in the PII sensitive category if you want to limit the number of results in the first scan. You can always turn that infotype back on should you want to review, and the results will be immediate. 
• Discovery search: Quickly search and review all documents on your account. Take actions, such as changing the classification level or revoking external shares, on individual documents or documents in bulk. 
• Idle session time-out and max session time-out: Configure session timeouts to automatically log out inactive users and reduce exposure risks by limiting the length of active sessions.
• Key Management Service (KMS): Turn on KMS to add an extra layer of encryption to your data.
• IP allow list: Restrict access to your account by allowing only approved IP address ranges.

Once the fast controls are enabled, line up resources and prepare to implement these important features for stronger governance.

• Require classifications: Bolster compliance by enforcing classification for all documents.
• Block personal accounts: Allow only users from your approved Lucid account(s) to access Lucid products from within your corporate network, blocking all personal or unmanaged accounts.
• Accessing external documents and folders: Block users on your Lucid account from accessing documents and folders owned by external users, or specify which domains and users they are allowed to access content from.

Tailor Enterprise Shield features to your organization’s specific needs.

• Customize classifications: If your account has known data classifications (e.g., confidential, internal), set these up now to help control access and sharing of Lucid documents.
• Set up classification controls and auto-classification: To manage sensitive content, set up classification controls and enable auto-classification. Based on classification levels, you can restrict actions like sharing or printing and link content inspection results to those levels. For example, automatically classify a document as “Private” if GDPR data is detected.
• Organizational group sharing settings: Customize advanced sharing settings at the organizational group level.
• Document retention: Set up an automated policy to delete documents based on specified criteria.

Use these features as needed to prepare your organization for regulatory compliance.

• Audit logs: Enable and review detailed logs of user activity to assist with security monitoring and compliance investigations. We recommend pulling audit logs into your SIEM using our SIEM connection script.
• Legal hold APIs: Protect critical documents from getting deleted during legal proceedings.
• Document management APIs: Access all document and folder details via specific endpoints.

Looking for a more comprehensive walkthrough? Schedule a one-hour implementation session with your Lucid account team to get detailed guidance on these steps and tailor the rollout to your organization.

Note: These guides are here to help you get the most out of Enterprise Shield, but are not intended to address all scenarios or compliance requirements. You’re in the best position to decide how to configure your settings to ensure they meet your specific security and privacy needs.