Policies and Alerts
Policies help IT admins and power users monitor SaaS applications for any changes in violation and act proactively to prevent data leakage due to inadvertent sharing by users. This is especially useful when set on sensitive information that an employee may share publicly either carelessly or maliciously. In such a case, the admin would immediately get a notification and can act immediately to block the change.
There are several use cases where this will prove useful. Some of them are listed below
- If any document in the company’s domain is made public.
- If a user or a group of users is given access to company information that they should not have.
- If external partners are given access to sensitive company information that they should not have.
- If an executive’s restricted content is exposed to users within the organization.
- If an executive’s content is exposed to external users.
- If a user tries to download sensitive information such a financial documents, payroll information, company IP etc.
- If a security breach from outside the domain is detected on any organizational content.
There are many other such use cases that we have not listed here. But as you can see, setting a policy helps you proactively prevent information theft and protect your company’s data.
Figure 1 – An example policy
A policy contains the following elements
- Policy Name – name of the policy
- Policy Description – description of the policy
- Action – what is the action based on which we watch for violation. “Permission Change” means that we are looking for a permission change on the file/folder/user
- Conditions – The conditions we watch for. There are 4 types:
Document.Name = a file or folder name to watch for. As shown in figure 1, we are watching a folder / file named recordings. In case of any permission change on that resource, an alert is sent to firstname.lastname@example.org
- Document.Owner = the owner of a resource. If a permission is changed on any resource owned
- Document.Exposure = If a given exposure type is matched, the alert is generated
- Permission.Email = If a given user / group is mentioned here, than if a document is exposed to that permission, an alert is generated
- Send Email – send email to the email address shown here
In addition, multiple conditions can be stacked together. For example, if a group email@example.com is given any permissions to the resource “recordings”, then a mail is sent to firstname.lastname@example.org. See Figure 2 for how that is set up.When stacking conditions, ALL the conditions should be true for the alert to be triggered.
Figure 2 – Stacking conditionsFigure 3 – The Alerts paneFigure 4 – An alert email
Figure 3 shows the Alerts pane. Figure 4 shows an alert email that gets generated.