File Sharing Exposure
Cloud storage and file sharing SaaS apps bring several advantages to enterprises because of convenience and scale. However, when not managed properly, file sharing can have serious implications with respect to data security. File sharing is a necessity for today’s enterprises, as staff and business partners become increasingly globalized and need access to files and documents for efficient productivity and collaboration. However, to avoid data leaks, enterprises should take corrective steps toward achieving file sharing security.
Netskope's API Data Protection protects against data loss and theft due to file sharing. API Data Protection supports various file sharing exposure for SaaS apps. Here is a definition of various file sharing options:
Note
You can view the file sharing exposure once you log in to the Netskope UI tenant, and navigate to API-enabled Protection > SAAS on the left navigation pane. The pane displays a list of apps. Click the desired app to view the app-specific dashboard statistics.
Private: A file not shared with anyone.
Public: A file that is shared or open to public. There are two types of public share:
Public (Unlisted): A file shared via a link such that anyone can access the file with a link.
Public (Indexed): A file shared on the web such that anyone can access the file with a link or by searching the file on the internet.
Shared internally: A file shared specifically with users within the same sub-domain of the organization.
Shared externally: A file shared specifically with users outside the organization.
Enterprise shared: A file shared specifically with users in different sub-domains of the same organization.
Note
In Office 365 OneDrive and SharePoint, there are two types of enterprise share; everyone and everyone except external users. The table below describes the file sharing exposure for both types of enterprise share.
Enterprise Share Type
Shared With
Files Sharing Exposure
Everyone
Office 365 enterprise and external users
External
Everyone except external users
Office 365 enterprise users
Internal
Anyone at enterprise with a link: A file shared via a link such that any user in a different sub-domain of the same organization can access the file.
Cross-geo: A file shared between geo locations in an Office 365 multi-geo environment.
The table below lists the file sharing options supported by various SaaS apps:
Apps/File Sharing Exposure | Private | Public | Shared Internally | Shared Externally | Enterprise Shared | Anyone at Enterprise with a Link | Cross-Geo |
|---|---|---|---|---|---|---|---|
Box | X | X | X | X | - | - | - |
Cisco Webex Teams | X | - | X | X | X | - | - |
Dropbox | X | X | X | X | - | - | - |
Egnyte | X | X | X | - | - | - | - |
Google Drive# | X | X | X | X | X | X | - |
Microsoft OneDrive | X | X | X | X | X | - | X |
Microsoft SharePoint | X | X | X | X | X | - | X |
Microsoft Teams | X~ | - | X | X | - | - | - |
Salesforce | X | X | X | - | - | - | - |
Slack | X | X* | X | X | - | - | - |
Slack Enterprise | X | X* | X | X | - | - | - |
Workplace by Facebook | - | - | X | X | - | - | - |
# In Google Drive, files can be shared directly or by a link among internal, external, or public users. Based on the sharing type, Netskope displays the exposure of the file on the dashboard. However, if the Google administrator restricts sharing outside the organization from the Google Admin Console (admin.google.com), this setting is not updated in the API response, and consequently, in the file exposure. For such a case, even if the Netskope dashboard displays the file exposure as public, public on the web, anyone with a link, or externally shared, the file may not be accessible to users outside the organization.
~ The private file sharing exposure applies to direct messaging only. Channels are not supported.
* The public file sharing exposure applies to files only. Messages are not supported.