Learn about the group-based visibility capabilities that
Data Security offers.
Where Can I Use This?
What Do I Need?
Strata Cloud Manager
Data Security license
Or any of the following licenses that include the Data Security license:
CASB-X
CASB-PA
New customers (onboarded your apps to Data Security on or after
November 1, 2024) and FedRAMP customers: Integrate CIE with Data Security.
Legacy customers (onboarded your apps to Data Security before
November 1, 2024): If you have been using Microsoft Azure AD, continue
with the following topic.
Without policy enforcement and visibility at a granular
level, organizations are vulnerable to sensitive data loss and unauthorized
access. Data Security offers the following group-based visibility
capabilities. However, before you can use group-based visibility,
Data Security must connect to Azure AD and scan for your groups.
Group-based policy—Offers
granular enforcement of asset rules based on AD user group information. For
example:
Policy
Automatic Remediation
HR employee shares a sensitive folder with
entire company.
Create an incident.
Engineering employee shares a sensitive folder
with entire company.
Notify file owner.
Group-based incident
management—Combines AD groups with role-based access
control to enable differentiated permissions for administrators,
enabling productivity while limiting visibility to the data stored
on your managed SaaS apps.
Group-based selective
scanning—Use to include or exclude specific AD groups from scans to
adhere to data privacy regulations. For example, you might want a group to have
different privacy rules than another group, or you need to exclude users within a group
due to confidentiality of assets.
