Tailoring your policies

The default policy you configured using the initial setup applies a standard set of enforcement actions to all users in your organization. (For reference, the standard default web configuration is summarized in the topic Standard Web Configuration in the Web Security Cloud help.)

Forcepoint Web Security Cloud also allows you to create more granular policy configuration on an IP address, user or group basis. For example, specific users or departments may be permitted to access particular web resources, or you may define times of day when certain resources are restricted or permitted for some users. For data security, some users may be permitted to share sensitive information, while it is restricted for others.

There are a number of ways to make your web policies more granular:

Create different policies to control traffic from different egress IP addresses that you manage (for example, different branch locations).
Assign users and groups to specific policies, allowing you to create separate policies for different departments. By default, user and group policy assignment overrides connection-specific policy assignment.
Create category exceptions for specific users and groups, defining override settings for some users within the policy.

The approach you take depends on the scale and complexity of your setup. You may deploy a combination of the above methods.

Tip: As a best practice, Forcepoint recommends that you keep the number of policies to the minimum necessary to provide granular protection across your organization. This helps to lower the administration overhead when making changes across multiple policies.