SaaS Security
Change Sharing
Table of Contents
Change Sharing
Learn how Data Security tracks and controls file
sharing.
| Where Can I Use This? | What Do I Need? |
|---|---|
|
Or any of the following licenses that include the Data Security license:
|
SaaS applications make it easy for users to collaborate and share information in the cloud.
However, tracking and controlling the different types of sharing in all cloud apps you
sanction to ensure that your private data is not exposed can be challenging. This is why
the View Asset Details and Security Controls
Incident Details identify all the different ways that an asset is shared. In some cases,
Data Security identifies an asset as a risk because it contains sensitive
or private keywords or data and you can simply modify how the asset is shared to
eliminate the risk.
Types of sharing that might pose a risk include the following:
- Public—The owner created a public link, vanity URL, or password-protected link for direct access to the asset.
- External—The owner shared the asset with users outside of your organization.
- Company—The owner created a company-wide URL that gives anyone in the company direct access to the asset.
- Internal—The owner shared the asset with internal users.
When you Add a New Data Asset Policy,
you can automatically change sharing to remove links and external
collaborators. Choices include:
- Remove public link
- Only remove direct links—Remove any links on the asset that allow the asset to be publicly accessed. Only the link on the asset is removed, keeping in mind that, for some cloud apps, the asset might be exposed due to inheritance from parent folders.This is currently not available for SalesForce, Gmail, Exchange, Cisco Webex Teams, Slack Enterprise, GitHub, ServiceNow, Microsoft Teams, Confluence, Slack for Pro and Business, Jira, Zendesk, Confluence Data Center, Jira Data Center, and ChatGPT Enterprise.
- Remove public links on parent folders if necessary—Remove any public links on the asset and, for some cloud apps, any public links on parent folders that contain the asset.This is currently not available for SalesForce, Amazon S3, Gmail, Exchange, Cisco Webex Teams, Slack Enterprise, GitHub, Office 365, ServiceNow, Microsoft Teams, Confluence, Slack for Pro and Business, Jira, Zendesk, Confluence Data Center, Google Drive, Jira Data Center, and ChatGPT Enterprise.
- Remove external collaborators
- Only remove direct external collaborators—Remove all external collaborators that have access to the Google Drive asset, keeping in mind that the collaborators might still have access due to inheritance from parent folders. External collaborators are those that are outside your organization as identified by their domains.
- Remove external collaborators on parent folders if necessary—Remove all external collaborators that have access the Google Drive asset and any parent folder that contains the asset. External collaborators are those that are outside your organization as identified by their domains.
When public links are automatically removed on an asset, you
can send the asset owner a Remediation
Email Digest that describes the changes that were made (Actions
Taken).
You can change sharing for assets automatically when you Add a New Data Asset Policy, or you can open View Asset Details or Security Controls Incident
Details and select to manually change sharing for an asset.