Add a New Data Asset Policy

1. Log in to SaaS Security. Go to Data SecurityPolicies. Three types of policies are listed:

   • Data Asset Policies
   • User Activity Policies
   • Security Control Policies
   • Email DLP Policies

   Select your policy type and click Add Policy.
2. Enter a Policy Name and an optional Description.
3. Select a Severity for the policy.
4. Verify that the Status is Enabled.
5. Specify Match Criteria, including the exposure levels.
6. Specify Actions and automatically remediate for change sharingwhen there are policy violations:

   • Create Incident—Do one of the following:
     • (Recommended) Enable to create an incident when a file violates this policy and display only the first occurrence of the violation in the Remediation Email Digest.
     • Disable to add the violation in the Remediation Email Digest and display the violation daily until the asset owner remediates the violation. Repeating the same violation in an email digest might cause user fatigue, resulting in asset owners ignoring daily email digests. However, if you know that administrators do not have time to remediate issues, an alternative is to repeatedly ask asset owners to remediate issues themselves.
   • Quarantine—Automatically move the compromised asset to a quarantine folder.
   • Change Sharing—Automatically remove links that allow the asset to be accessed. Base your selections on your organization’s Exposure Level tolerance.
   • Notify File Owner—Include in the email digest actions (Recommended Action) asset owners can take to remediate policy violations (Issue). Issue is an in-line link that takes asset owners to the file or folder that needs remediation. From there, asset owners can change share settings within the cloud app.
     Best practice is for you to provide text in these fields and provide detailed explanations and instructions via internal links in the email digest body as outlined in Remediation Email Digest.

   • (Designated Apps Only) Notify via Bot—Uses a machine account that you created to send a direct message to the asset owner who triggered the policy match. Only designated SaaS apps support this capability.
   • Include Remediation Email Digest—When you either Quarantine or Change Sharing for an asset, include in the email digest actions taken along with the specific policy violation (Issue).
   • Send Administrator Alert—Temporarily choose an administrator who has context to triage the policy violations and address the potential risk. By default any incidents generated by this asset rule are not assigned to an administrator. As a best practice, after you uncover specific issues that are high-compliance risks on your network, modify the rule or add a new rule that triggers automatic remediation instead of sending alerts. If you Connect Directory Services to Data Security, the SaaS Security web interface displays Assign to.
     • Use for compliance issues for which administrators need to take immediate action, such as policies that identify high-risk or sensitive assets.
     • Consider your administrators’ areas of expertise and triage accordingly to minimize overloading any one administrator. Data Security sends up to five emails per hour on matches against each Cloud app instance.
     • Enable alerts only after Data Security completes the initial discovery scan so that administrators are not inundated with emails when historical assets are scanned.
7. Save/Create your new data asset policy.

   Data Security starts scanning files against the data asset policy as soon as you save the changes. After the scan starts, you can start to assess new incidents and fine-tune your new policy.