Skip to main content

Cloud Data Protection

Identify external exposure of files, folders, and data.

Updated this week

What Is It All About?

Organizations use cloud apps to conduct their business but these apps put their data and users at risk. Organizations must be able to ensure their data is protected while also facilitating productivity. Cloud Data Protection manages access to cloud app assets (files and folders) using security best practices. If data is shared or made public, Guardz generates an alert.

Feature Availability By Plan

Cloud Data Protection feature is available for the following programs: Starter, Pro, and Ultimate.

Activating The Service

If you have not yet activated Cloud Data Protection (available for Google Workspace, Microsoft 365, Monday.com, and Dropbox Teams), follow these guidelines:

Allow List Assets

Admins can create and manage Assets Allow Lists — lists of assets (such as files or folders) that are explicitly permitted to have a public URL or include guest users.

Any exposed data related to assets not on the Assets Allow List will trigger a security issue, helping ensure that only pre-approved assets are allowed external access.


Adding A Monitored Application: Step-by-Step

  1. Select the customer

    Select the relevant customer via the dropdown list.

2. Add an application

  • Go to the ‘Security Controls’ tab and open the ‘Cloud Data Protection’ section

  • Click on the ‘Plus’ button and add the desired application

Please note: If you wish to review all your customers and see which monitored applications each of them has, switch to the ‘All Customers’ view, then go to the ‘Security Controls’ tab and open the ‘Cloud Data Protection’ section.


Issue Types & Remediation

To remediate data protection issues, you can:

  1. Add the asset to the Assets Allow List; an automatic remediation option that will not change the asset’s sharing permissions but will allow it to be public (read more below)

  2. Notify the user; an automatic remediation option that will send an email to the related user asking them to review and modify the asset’s sharing permissions

  3. Modify the asset's sharing permissions; a manual remediation option in which you will modify the asset’s sharing permissions within the app

  4. Remove the public link or external share permissions (available for Google and Microsoft assets only); an automatic remediation option that will modify the asset’s sharing permissions to be private

Please note:

  • "Remove Public Link" and "Remove External Share Permissions": these are automated remediation tools that allow you to quickly change an asset’s sharing permissions to private with the click of a button. For Google, admins may need to grant additional permissions if the latest app version is not already installed. In such cases, you will receive a notification containing a link to grant the required permissions.

  • Shared Folders and File Detection: if a folder is shared externally, Guardz detects the entire folder as shared and does not create individual detections for each file within that folder since they are all considered shared.

  • Individual File Detections: if a file is shared externally but its folder is not, a detection for that specific file is created.


Managing The Assets Allow Lists

  1. Go to the ‘Security Controls’ tab and open the ‘Cloud Data Protection’ section

  2. To view, search, or remove assets from the list, click the edit icon

Please note that the allow list is editable only after records are created (meaning that an issue has been remediated with the allow list option).

Did this answer your question?