Categories
Workspace creation
Onboarding
Users management
Awareness
Policy
Training
Phishing
SaaS Security
Core concepts
Launching scans
Playbooks
Findings
Data protection
Notifications
Admins
Members
Settings
General information
Integrations
Languages
Security Q&A
Internal processes
Product scopes
Sources scans
Troubleshooting errors
Google Workspace: 400: admin_policy_enforced
elba
Articles

Data protection

πŸ”¬ Findings

The primary objective of the Data Protection app is to ensure that your most sensitive data is well-protected. Additionally, it aids in meeting compliance requirements related to data loss prevention. Upon initiating a scan (see here), elba will detect the following items:

Google
  • MyDrive (personal drives)
    • ‍Files‍
      • Shared with someone outside of the Google domain.
      • Shared via a public link.‍
    • ‍Folder Permission Deletion:
      • Through elba: deleting folder permissions in elba is not currently available.
      • ‍Through Google:‍
        • Deleting a folder's permissions also deletes the same permissions for all files and subfolders within it.
        • Related issues are marked as resolved in Elba
  • Shared Drives
    • All folders & Files :
      • Shared with someone outside of the Google domain
      • Via a public link
      • Only root-level permissions generate issues in Elba if there are duplicates
  • Folder Permission Deletion:
    • Through Google: Deleting a folder's permissions also deletes permissions for all files and subfolders, and related issues are marked as resolved in elba.
Sharepoint
  • Folders:
    • Shared with an external user if not inherited from a parent folder.
    • Shared via an external link if not inherited from a parent folder.
      • Either directly shared or publicly accessible.
  • Files:
    • Same conditions as folders: shared with an external user or via an external link, if not inherited.

Effect of Deleting Permissions on Folders:

  • Individual Share Permissions: Deleting a shared folder's permissions removes the same permissions from all child files and folders. Related issues are marked as remediated in elba.
  • Public Link Permissions: Only the specific link for the folder is deleted. Permissions on child items remain unchanged.
OneDrive
  • Folders:
    • Shared with an external user if not inherited from a parent folder.
    • Shared via an external link if not inherited from a parent folder.
      • Either directly shared or publicly accessible.
  • Files:
    • Same conditions as folders: shared with an external user or via an external link, if not inherited.

Effect of Deleting Permissions on Folders:

  • Individual Share Permissions: Deleting a shared folder's permissions removes the same permissions from all child files and folders. Related issues are marked as remediated in elba.
  • Public Link Permissions: Only the specific link for the folder is deleted. Permissions on child items remain unchanged.
Dropbox

- Files & folders shared with public link

- Files & folders shared with external users

Confluence

- Contents & spaces shared with public link

- Contents & spaces shared with external users

Slack

- Messages in internal public channels with sensitive data (PII, PCI, PHI)

‍

πŸ“ Browsing issues

For each asset falling into the aforementioned category, elba will create issues and associate them with the owners of each asset. It is important to note that, at this stage, no asset owner will be notified.

In the 'Issues' tab, you can browse all assets detected by the scan and use advanced filters to refine your search. For example, you can filter issues to display only those containing 'confidential' in their file name.

‍

🏌️ Activating checks

Now that elba has scanned your source and you have reviewed the issues, it’s time to activate the check. Activating a check will engage your team in reviewing and addressing security issues for the specified source.

How does it work? When a check is activated, synchronized users will receive notifications about their issues. They will also be guided on resolving these issues through their personal dashboard.

‍

πŸ‘Œ Allow-list

Before activating the check, you may want to configure the Allow-list. The aim of the Allow-list is to prevent alert fatigue among your teams by ensuring they are notified only about relevant issues.

Not every instance of external sharing poses a risk, particularly if your users often collaborate with trusted organizations. Prior to completing the check activation, a list of domains with which your organization's files have been shared will be displayed. You will have the option to add to the Allow-list those domains you deem trustworthy. These domains will then be excluded from the issues list, preventing unnecessary notifications to your team.

Please note that allow-list for Data protection is only available for Google source for now.

‍

🍭 Auto-fix

The Auto-fix feature is designed to resolve issues that do not require input from your teams. Currently, Auto-fix is only available for Data Protection for Google source.

Auto-fix automates the remediation process by removing all external permissions, including public links and access by external users.

There are two types of issues that Auto-fix can address, which you can select:

  • Non-remediated issues: These are issues that have been notified to your employees but remain unresolved after a set number of reminders.
  • Issues for inactive assets: These involve files or folders that have not been accessed by their owners for a specified duration.

Once activated, Auto-fix will immediately resolve all relevant issues. Subsequently, it will continue to automatically remediate any new issues that meet these criteria on a daily basis.

‍

🌟 Confirming check activation

Once all settings are configured, you can proceed with the activation of the check. Upon activation, issues will be distributed to your teams, and they will receive notifications from elba.

Users receive notifications about their security issues every Friday morning through a weekly digest, which compiles all their pending actions on Elba. For more information, please refer to Members notifications.

‍

πŸ“ User remediation

Users can review the issue and take action directly from their personal dashboard under the 'Checklist' tab. They will receive detailed context about the issue and guidance on how to address it.

There are two options available for remediating Data protection issues:

  • Ignore the issue: This option should be selected if the file or folder was intentionally shared externally and does not pose a threat to your data security.
  • Edit permissions: This option should be used if the existing permissions of the file or folder are no longer appropriate and the user wishes to modify them.

By clicking on β€˜Edit permissions’, users can gain granular control over permissions, adjusting them on an individual basis if necessary, and review them. Confirming the changes will revoke the permissions on the underlying source asset. All these actions can be performed within Elba, eliminating the need for users to exit the application.

‍

πŸ” Monitoring

By engaging your team in the remediation process, elba will assist in reducing your attack surface on a larger scale. You can monitor their actions through the admin panel.

Should you require data export for compliance audits, please inform us, and we will be glad to assist!

elba is the ultimate experience to secure your team in their daily work
Visit website
A question ?Β 
Write to: support@elba.security
Categories
Workspace creation
Awareness
SaaS Security
Notifications
Settings
Security Q&A
Β© 2023Β Cyber Transition Inc. All rights reserved.