When configuring your Cloud Access Monitor policies to detect and remediate violations, there are a lot of things to consider and often times you will need to consult with other members of your organization before setting things in stone. We are always happy to have a conference video call with you and help make our platform mirror your internal policies but there are a few things we recommend you discuss and create internal policy on beforehand. Here is a quick list of questions that you might need to have answers for before configuring your policies.
Content Policies
Please review the following content risks and determine your policy on alerting and taking action in the event that they are found. If you are concerned about any other types of content, be prepared to answer the same questions and we will help configure a custom risk scan.
Social Security numbers
Does it matter where its found(drive/email)?
Does it matter if its shared and whether its from or to an outside domain?
Do you want to take action on the file/email? If so, what action?
Do you want to warn the user?
Credit Card Numbers
Does it matter where its found(drive/email)?
Does it matter if its shared and whether its from or to an outside domain?
Do you want to take action on the file/email? If so, what action?
Do you want to warn the user?
Malware
Does it matter where its found(drive/email)?
Does it matter if its shared and whether its from or to an outside domain?
Do you want to take action on the file/email? If so, what action?
Do you want to warn the user?
Phishing Emails
βDoes it matter if it's from or to an outside domain?
Do you want to take action on the email? If so, what action?
Do you want to warn the user?
Indications of Self Harm
Does it matter where its found(drive/email)?
Does it matter if its shared and whether its from or to an outside domain?
Do you want to take action on the file/email? If so, what action?
Do you want to warn the user?
Image Risk (Adult Content, Violence, Medical, Memes)
Does it matter where its found(drive/email)?
Does it matter if its shared and whether its from or to an outside domain?
Do you want to take action on the file/email? If so, what action?
Do you want to warn the user?
Other Types of content?
Let us know and we'll help create a custom risk!
User Policies
Please review the following types of login events and determine your policy on alerting and taking action in the event that they are detected.
Suspicious Login
Do you want to be alerted about suspicious logins?
Does it matter what country the login was from?
Does it matter what IP address the login was from?
Do you want to take action on the user? If so, what action?
Do you want to warn the user?
Unapproved Login
βDo you want to be alerted about Unapproved logins?
What countries do you want to be considered Unapproved?
Do you want to take action on the user? If so, what action?
Do you want to warn the user?
Unapproved IP address
Do you want to be alerted about Unapproved IP address logins?
What IP addresses do you want to be considered Unapproved?
Do you want to take action on the user? If so, what action?
Do you want to warn the user?
App Policies
Please review the following questions about apps and determine your policy on alerting and taking action in the event that they are detected.
Potential Risk
Do you want to be alerted about apps with potential risk?
Does it matter what Specific User, User Group, or Organizational Unit installed the app?
Do you want to revoke the app permissions?
Do you want to warn the user?
Category
βDo you want to be alerted about apps that fall into a certain category?
Does it matter what Specific User, User Group, or Organizational Unit installed the app(s)?
Do you want to revoke the app permissions?
Do you want to warn the user?
Scope Category
Do you want to be alerted about apps that have been granted permissions that fall into a certain scope category?
Does it matter what Specific User, User Group, or Organizational Unit installed the app(s)?
Do you want to revoke the app permissions?
Do you want to warn the user?
Specific Scope Permission
Do you want to be alerted about apps that have been granted a specific scope permission?
Does it matter what Specific User, User Group, or Organizational Unit installed the app(s)?
Do you want to revoke the app permissions?
Do you want to warn the user?