Description

We've created a list of Allowed Email Recipient Domains for BI Publisher which is working well for restricting communications and enforcing our Data Loss Prevention (DLP) policies.

However, we wish to send out communications to suppliers via the BI Publisher reports - though presently the control prevents all BI Publisher reports from being sent to any organisation that is not on the domain list. For other organisations this is likely to be even more of a challenge if they wish to email customers. 

As a solution, would suggest that there is:

• an ‘exception list’ for BI Publisher reports that can avoid the domain listing,
• a log of all mails that have been sent - the report and to whom - that have avoided the domain whitelisting as a result of being on the 'exception list', and
• logging of changes to this BI Publisher 'exception list', such that BI Administrators cannot add reports to the exception list and send out the results without this being known

Use Case and Business Need

The challenges are that:

a) there are hundreds of suppliers in use and hence we have not added these to the permitted list of domains,

b) we'd rather not have to manually maintain this full long list of domains for suppliers on an ongoing basis as new suppliers are used/old ones are removed, and

c) some smaller suppliers have 'gmail', 'hotmail', etc email addresses. Including these in the list of permitted domains would be against DLP policies as it would allow any user to send any report to their personal emails.

Note: Each of the above are likely to be even more of a challenge for organisations wishing to send emailed BI Publisher reports to customers.

More details

Implementing the three suggested activities in the description would allow more organisations to enforce the strong, but limited, preventative control around email domain restrictions and provide the reports required to operate a robust monitoring control of exceptions to this preventative control.

Original Idea Number: ea1ec6454d