Available in: Starter, Pro, and Ultimate
What is Cloud Data Protection?
Organizations use cloud apps to conduct their business but these apps put their data and users at risk. Organizations must be able to ensure their data is protected while also facilitating productivity. Cloud Data Protection manages access to cloud app assets (files and folders) using security best practices. If data is shared or made public, Guardz generates an alert.
If you have not yet activated Cloud Data Protection (available for Google Workspace, Microsoft 365, Monday.com, and Dropbox Teams), follow these guidelines:
Cloud Data Protection is located in Security Controls > Cloud Data Protection. Here you have an overview of the connected apps and the last scan of each app.
In the Single Customer view, you can:
Connect new apps
View and edit the Assets Allow list
To remediate data protection issues, you can:
Add the asset to the Assets Allow List; an automatic remediation option that will not change the asset’s sharing permissions but will allow it to be public (read more below)
Notify the user; an automatic remediation option that will send an email to the related user asking them to review and modify the asset’s sharing permissions
Modify the asset's sharing permissions; a manual remediation option in which you will modify the asset’s sharing permissions within the app
Remove the public link or external share permissions (available for Google and Microsoft assets only); an automatic remediation option that will modify the asset’s sharing permissions to be private
💎 Tip: "Remove Public Link" and “Remove External Share Permissions” are automated remediation tools that allow you to modify the asset’s sharing permissions to be private with a click of a button. For Google, please note, it’s possible that admins will need to grant additional permissions if the latest app isn’t already installed. In this case, you will receive a notification with a link to grant permissions.
Assets Allow List
Guardz scans assets (files and folders) of the connected apps and creates an Assets Allow List. This is a list of assets that were given permission to have a public URL or guest users. Exposed data related to assets not on the Assets Allow List will trigger an issue. Activity related to assets on the Assets Allow List will not trigger an issue.
In Security Controls > Cloud Data Protection (Single Customer view), you have an overview of the Assets Allow List. To view, search for, and delete assets in the list, select the edit icon. Once removed from the list, new issues related to the asset will be triggered in the next scan.
Shared Folders and File Detection
If a folder is shared externally, Guardz detects the entire folder as shared and does not create individual detections for each file within that folder since they are all considered shared.
Individual File Detections
If a file is shared externally but its folder is not, a detection for that specific file is created.