File Sharing Exposure
File Sharing Exposure
Cloud storage and file sharing SaaS apps bring several advantages to enterprises because of convenience and scale. However, when not managed properly, file sharing can have serious implications with respect to data security. File sharing is a necessity for today’s enterprises, as staff and business partners become increasingly globalized and need access to files and documents for efficient productivity and collaboration. However, to avoid data leaks, enterprises should take corrective steps toward achieving file sharing security.
Netskope’s API Data Protection protects against data loss and theft due to file sharing. API Data Protection supports various file sharing exposure for SaaS apps. Here is a definition of various file sharing options:
-
Private: A file not shared with anyone.
-
Public: A file that is shared or open to public. There are two types of public share:
-
Public (Unlisted): A file shared via a link such that anyone can access the file with a link.
-
Public (Indexed): A file shared on the web such that anyone can access the file with a link or by searching the file on the internet.
-
-
Shared internally: A file shared specifically with users within the same sub-domain of the organization.
-
Shared externally: A file shared specifically with users outside the organization.
-
Enterprise shared: A file shared specifically with users in different sub-domains of the same organization.
In Office 365 OneDrive and SharePoint, there are two types of enterprise share; everyone and everyone except external users. The table below describes the file sharing exposure for both types of enterprise share.Enterprise Share Type Shared With File Sharing Exposure Everyone Office 365 enterprise and external users External Everyone except external users (this includes links created at organization level) Office 365 enterprise users Enterprise -
Anyone at enterprise with a link: A file shared via a link such that any user in a different sub-domain of the same organization can access the file.
-
Cross-geo: A file shared between geo locations in an Office 365 multi-geo environment.
The table below lists the file sharing options supported by various SaaS apps:
Apps/File Sharing Exposure | Private | Public | Shared Internally | Shared Externally | Enterprise Shared | Anyone at Enterprise with a Link | Cross-Geo |
Box | ✓ | ✓ | ✓ | ✓ | – | – | – |
Cisco Webex Teams | ✓ | – | ✓ | ✓ | ✓ | – | – |
Dropbox | ✓ | ✓ | ✓ | ✓ | – | – | – |
Egnyte | ✓ | ✓ | ✓ | – | – | – | – |
Google Drive# | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |
Microsoft OneDrive | ✓ | ✓ | ✓ | ✓ | ✓ | – | ✓ |
Microsoft SharePoint | ✓ | ✓ | ✓ | ✓ | ✓ | – | ✓ |
Microsoft Teams | ✓~ | – | ✓ | ✓ | – | – | – |
Salesforce | ✓ | ✓ | ✓ | – | – | – | – |
Slack | ✓ | ✓* | ✓ | ✓ | – | – | – |
Slack Enterprise | ✓ | ✓* | ✓ | ✓ | – | – | – |
Workplace from Meta | – | – | ✓ | ✓ | – | – | – |
# In Google Drive, files can be shared directly or by a link among internal, external, or public users. Based on the sharing type, Netskope displays the exposure of the file on the dashboard. However, if the Google administrator restricts sharing outside the organization from the Google Admin Console (admin.google.com), this setting is not updated in the API response, and consequently, in the file exposure. For such a case, even if the Netskope dashboard displays the file exposure as public, public on the web, anyone with a link, or externally shared, the file may not be accessible to users outside the organization.
~ The private file sharing exposure applies to direct messaging only. Channels are not supported.
* The public file sharing exposure applies to files only. Messages are not supported.