What Is It All About?
Organizations use cloud apps to conduct their business but these apps put their data and users at risk. Organizations must be able to ensure their data is protected while also facilitating productivity. Cloud Data Protection manages access to cloud app assets (files and folders) using security best practices. If data is shared or made public, Guardz generates an alert.
Feature Availability By Plan
Cloud Data Protection feature is available for the following programs: Starter, Pro, and Ultimate.
Activating The Service
If you have not yet activated Cloud Data Protection (available for Google Workspace, Microsoft 365, Monday.com, and Dropbox Teams), follow these guidelines:
Allow List Assets
Admins can create and manage Assets Allow Lists — lists of assets (such as files or folders) that are explicitly permitted to have a public URL or include guest users.
Any exposed data related to assets not on the Assets Allow List will trigger a security issue, helping ensure that only pre-approved assets are allowed external access.
Adding A Monitored Application: Step-by-Step
Select the customer
Select the relevant customer via the dropdown list.
2. Add an application
Go to the ‘Security Controls’ tab and open the ‘Cloud Data Protection’ section
Click on the ‘Plus’ button and add the desired application
Please note: If you wish to review all your customers and see which monitored applications each of them has, switch to the ‘All Customers’ view, then go to the ‘Security Controls’ tab and open the ‘Cloud Data Protection’ section.
Issue Types & Remediation
To remediate data protection issues, you can:
Add the asset to the Assets Allow List; an automatic remediation option that will not change the asset’s sharing permissions but will allow it to be public (read more below)
Notify the user; an automatic remediation option that will send an email to the related user asking them to review and modify the asset’s sharing permissions
Modify the asset's sharing permissions; a manual remediation option in which you will modify the asset’s sharing permissions within the app
Remove the public link or external share permissions (available for Google and Microsoft assets only); an automatic remediation option that will modify the asset’s sharing permissions to be private
Please note:
"Remove Public Link" and "Remove External Share Permissions": these are automated remediation tools that allow you to quickly change an asset’s sharing permissions to private with the click of a button. For Google, admins may need to grant additional permissions if the latest app version is not already installed. In such cases, you will receive a notification containing a link to grant the required permissions.
Shared Folders and File Detection: if a folder is shared externally, Guardz detects the entire folder as shared and does not create individual detections for each file within that folder since they are all considered shared.
Individual File Detections: if a file is shared externally but its folder is not, a detection for that specific file is created.
Managing The Assets Allow Lists
Go to the ‘Security Controls’ tab and open the ‘Cloud Data Protection’ section
To view, search, or remove assets from the list, click the edit icon
Please note that the allow list is editable only after records are created (meaning that an issue has been remediated with the allow list option).