SaaS Security Administrator's Guide
    : Exposure Level
    Focus
    Download PDF
    Focus
    1. Home
    2. SaaS Security
    3. SaaS Security Administrator's Guide
    4. Data Security
    5. Get Started with Data Security
    6. Configure Settings on Data Security
    7. Exposure Level
    Download PDF

    SaaS Security Administrator's Guide

    Exposure Level

    Table of Contents

    Exposure Level

    Data Security scans assets for exposure levels to identify how and with whom the asset is shared.
    Data Security uses an exposure level status to describe how your shared assets display in an application and determines file exposure by analyzing all users who have access to the file. Although every SaaS application has its own settings for controlling how and with whom users may share assets, Data Security provides a mechanism for setting and enforcing acceptable exposure levels consistently across all your managed apps.
    On Data Security, each policy—both the default rules as well as any custom rules you define—enable you to set a level of exposure identifying an asset as being at risk (except for Sensitive Documents rules, which match documents with predefined characteristics).
    The exposure level is just one match criteria available in a policy and, therefore, determining the minimum level of exposure posing a threat depends on the other match criteria, and what threat the policy protects against.
    For example, the WildFire policy scans all your assets for files containing malware. In this case, a file containing malware poses a threat no matter the exposure level. However, if you add a Sensitive Credential policy rule to protect an engineering GitHub repository used for sharing code throughout the company, any external sharing poses a risk, so you should configure the rule to match on Public and External exposures.
    Data Security scans assets for the following exposure levels:
    Unknown exposure level is used exclusively to search for assets, not policies, and only applies to AWS S3 buckets.
    Exposure Level
    Description
    Public
    An asset is Public if it contains either of the following:
    • Public share settings—Assets found on a public repository or publicly indexed on Google.
    • Shared links—The owner created a public link, vanity URL, or password-protected link for direct access to the asset.
    External
    The owner invited one or more users outside of your organization to collaborate on the asset.
    Company
    The owner created a company-wide URL giving anyone in the company direct access to the asset.
    Internal
    Includes assets the owner has not shared. Also includes assets the owner has shared, but only with users within the company. These users have an email address in the enterprise domain name.
    Shared via Custom URL
    The owner created a custom link, vanity URL, or password-protected link for direct access to the asset and then shared this asset (directly or indirectly) using the link.
    This option is for Box assets only and hidden if you're not using Data Security to secure Box applications.

    © 2024 Palo Alto Networks, Inc. All rights reserved.