SaaS Security
Define Your Internal Domains
Table of Contents
Define Your Internal Domains
Add internal domains to Data Security to determine
if an asset is being shared externally with an untrusted user.
One of the first things you need to do is
to define your internal domains. Data Security uses the list
of internal domains you define to determine if the Collaborators on
an asset are internal to your company, or if the asset shared with
external users. Data Security determines this by matching the
domain name in a collaborator’s email address against the list of
internal domains defined. Depending on your policy rules, Data Security identifies an asset as an incident if shared with external users.
A trusted collaborator overrides untrusted domains.
Similarly, an untrusted collaborator overrides a trusted domain. For example,
you might determine that there is no business reason to trust a file
modification from fax_service@mycompany.com.
Because
Data Security uses the internal domains list to determine the Exposure
Level of an asset during the scan process, you must define
your internal domains list before you begin scanning your
cloud apps. Additionally, you can build in flexibility when you
define your internal domains:
- Wildcard matching—Use of wildcard (*.<domain>) is supported.
- Subdomains—You don't need to explicitly list subdomains; instead, use a wildcard (*.<domain>).
When
you modify the internal domains list, consider that you might need
to update the exposure, depending on the discovery state for a given
asset:
Asset | Rescan required to update exposure? |
|---|---|
Existing, discovered assets | Yes. Rescan to enable Data Security to recalculate exposure. |
Future, undiscovered assets | No. Data Security automatically recalculates
the exposure. |
The Internal Domains list applies to all
cloud apps on Data Security so you must be an administrator
with a Super User role or an Admin role with access to All Apps
to modify this setting.
- Log in to Strata Cloud Manager.Select .Enter a comma-separated list of your Internal Domains.The internal domain you add here is displayed in the All Domains section only where there is an asset associated with the domain.To define any of the domains listed under the All Domains section as Trusted or Not Trusted, use the Actions menu against that domain.Save your changes.
![]()
