Exposure Level

The exposure level describes how an asset is being shared. Although every SaaS application has its own settings for controlling how and with whom users may share assets, the Aperture service provides a mechanism for setting and enforcing acceptable exposure levels consistently across all of your managed SaaS applications. In the Aperture service, each policy rule—both the default rules as well as any custom rules you define—allows you to set a level of exposure identifying an asset as being at risk (except for Sensitive Documents rules, which are designed to match only documents with particular characteristics).
The exposure level is just one of the match criteria in a policy rule and, therefore, determining the minimum level of exposure posing a threat depending on the other match criteria and what threat the policy rule is designed to protect against. For example, the WildFire policy rule scans all of your assets for files containing malware. In this case, any file containing malware poses a threat no matter how the asset is being shared so the rule must match all exposure levels. However, if you add a Sensitive Credential policy rule to protect an engineering GitHub repository (used for sharing code throughout the company), any external sharing poses a risk so you should configure the rule to match on Public and External exposures.
The Aperture service scans assets for the following exposure levels:
Exposure Level
Description
Public
An asset is considered Public if it contains either of the following:
  • Public share settings—The asset is publicly indexed on Google or the repository is public.
  • Shared links—The owner created a public link, vanity URL, or password-protected link for direct access to the asset.
External
The owner invited one or more users outside of your organization to collaborate on the asset.
Company
The owner created a company-wide URL giving anyone in the company direct access to the asset.
Internal
Includes assets the owner has not shared. Also includes assets the owner has shared, but only with users within the company. These users have an email address in the enterprise domain name.
Shared via Custom URL
The owner created a custom link, vanity URL, or password-protected link for direct access to the asset and then shared this asset (directly or indirectly) using the link.
This option is for Box assets only; it is hidden if you are not using Aperture to secure Box applications.

Related Documentation