G Suite Access Control
Access Control in cloud security is a process with which a company can direct and monitor permissions, or access to their business data by formulating various policies suited chosen by the company.
These and lot more possibilities could lead to a data breach, theft, or loss of your critical, confidential business data, which could lead to business loss – time, money, and resources. This data breach/loss could be totally unintentional, or it could very well be intentional. It is up to a company to take action and stop the mishaps – which can be done with Access Control in cloud security policies.
CloudCodes Access Control in cloud security lets companies formulate policies to restrict access through specific IP addresses, browsers, devices, and during specified time shifts.
CloudCodes uses two different approaches to bring control to access control.
- Agent-based
- Agentless
Agent-Based Approach
An agent-based approach, CloudCodes agent, is installed on the end-user machine. The agent acts as a web proxy, i.e., the web traffic of applications that need to be monitored are passed through the agent. Other traffic can be redirected directly to the web without passing through the agent. The agent doesn’t store any content that it inspects. The following features are provided through the agent.
Download:
the IT can track/block the download of documents. This is one of the important aspects of security to ensure enterprise assets are not downloaded on unapproved devices.
Delete:
the IT can track/block the deletion of documents. There are times when the user tries to delete the records intentionally/unintentionally. The materials are the assets of the organization.
External Sharing of documents:
the IT can control in real-time track/block sharing of documents with blacklisted domains such as personal domains or competitor domains etc-etc.
Personal Outlookblock:
the IT can now block/access to personal mail within the enterprise network or on company-owned devices while allowing access to enterprise Email.
Agentless Approach
In the agentless approach, CloudCodes uses the API provided by access control to poll on the events on an access control document. IT can configure multiple policies for various sets of users to overcome the challenges of data loss prevention. The agentless approach allows the action to be taken in near real-time. The following rules can be configured.
Sharing to an external organization:
if a user tries to share documents outside the organization, such as to a competitor.
Sharing to personal ID's:
if a user tries to share documents with their email ids such as outlook.com, etc-etc.
Document contains keywords:
if a document contains a predefined keyword or regular expression.
The admin can configure the following actions as part of remedial measures.
Revoke permissions:
revoke permissions of all users except the owner. It ensures if a user tries to share a document with a personal email id or another domain, the document sharing permissions can be immediately revoked in near real-time.
Notify Reporting Manager:
a notification will be sent to the reporting manager of the sender on the DLP, as mentioned in the rules.
Notify Super Admin:
a notification will be sent to the CloudCodes super admin.