Understanding File Exposure in Prisma SaaS

Announcements

ATTENTION Customers, All Partners and Employees: The Customer Support Portal (CSP) will be undergoing maintenance and unavailable on Saturday, November 7, 2020, from 11 am to 11 pm PST. Please read our blog for more information.

Printer Friendly Page

The assets discovered on your company’s cloud apps will have an exposure level that usually forms the basis of your Prisma SaaS policies. That exposure may be set depending on defaults defined by the cloud app administrator. For example, as the Prisma SaaS administrator you might find an incident for an asset exposed in a way that the owner didn’t intend. That could be because the administrator of the cloud app chose a default that was automatically applied. The exposure level is also determined by the URLs created to share assets and who those links can be shared with.

Exposure Levels in Prisma SaaS

  • Public
    • The owner created a shared public link that is capable of being shared with anyone.
    • The owner created a password-protected link for direct access to the asset.
  • External 
    • The owner has invited one or more users from outside the organization to collaborate on the asset.
  • Company
    • The owner has created a company-wide link that gives anyone in the company direct access to the asset.
  • Internal
    • Assets that the owner has not shared are “internal”.
    • Assets that the owner has shared, but only with users within the company are also considered “internal”. These users have an email address within the enterprise domain name.

 

More information can be found about an asset's exposure from your cloud app's reports. Below is a sample Audit Log for Google Drive from Google Admin. Note the values in the "Visibility" column. Other file storage cloud apps have similar reporting to help learn more about the configuration. 

 

Google Drive Audit Log Example.png

A closer look at links

Here are some examples from OneDrive of file exposure determined by an asset's sharing URL.

  • Internal: In this case no sharing link is provided. This file is available internally to your company only.

Internal Exposure - OneDrive.png 

  • Company: In this example any person with an email address in your company's domain name may access the file.

Company Exposure - OneDrive.png

  • Public: In this example anyone with the link has access to the file.

Public Exposure - OneDrive.png

The Explore > Assets tab

File exposure status is displayed in the Assets menu item under the Explore tab within Prisma Saas.

Example Exposure.png

A closer look at folders

Let's look at folders in OneDrive. Here one folder is "Shared'. Every file in that folder will have the exposure of that parent folder. Similarly, the contents within the "Private" folder will inherit the sharing settings of the parent folder. 

OneDrive Sharing displayed.png

Something's not right...

If you believe Prisma SaaS is identifying an asset’s exposure incorrectly please open a support case. Attach the following items to the case to assist the technical support engineer.

    • Sharing Report from the cloud app
    • Screenshot of the Sharing Link settings from the asset
    • The Asset ID of the file in question (include link to Sean’s article on data to gather)
    • The name of your Prisma SaaS tenant
Tags (5)