Access Control in cloud security is a system with which a company can regulate and monitor permissions, or access to their business data by formulating various policies suited chosen by the company.
CloudCodes provides access control security for Office 365, helping business to protect their highly confidential data in real-time. Granular control offers automated workflow visibility, including options like admin alerts, unauthorized tasks restrain, access permissions modifications, notifying users with a customized coaching message, etc. Amplified data security for Office 365 is at your disposal with CloudCodes CASB solution.
CloudCodes Office 365 access control provides an easy and effective solution, configured within hours on Office 365. CloudCodes DLP framework ensures IT to configure various policies for different sets of users based on business and compliance requirements.
CloudCodes uses two different approaches to bring control to One Drive.
An agent-based approach, CloudCodes agent, is installed on the end-user machine. The agent acts as a web proxy, i.e., the web traffic of applications that need to be monitored are passed through the agent. Other traffic can be redirected directly to the web without passing through the agent. The agent doesn’t store any content that it inspects. The following features are provided through the agent.
the IT can track/block the download of documents. This is one of the important aspects of security to ensure enterprise assets are not downloaded on unapproved devices.
the IT can track/block the deletion of documents. There are times when the user tries to delete the records intentionally/unintentionally. The materials are the assets of the organization.
External Sharing of documents:
the IT can control in real-time track/block sharing of documents with blacklisted domains such as personal domains or competitor domains etc-etc.
the IT can now block/access to personal mail within the enterprise network or on company-owned devices while allowing access to enterprise Email.
In the agentless approach, CloudCodes uses the API provided by access control to poll on the events on an access control document. IT can configure multiple policies for various sets of users to overcome the challenges of data loss prevention. The agentless approach allows the action to be taken in near real-time. The following rules can be configured.
Sharing to an external organization:
if a user tries to share documents outside the organization, such as to a competitor.
Sharing to personal ID's:
if a user tries to share documents with their email ids such as outlook.com, etc-etc.
Document contains keywords:
if a document contains a predefined keyword or regular expression.
The admin can configure the following actions as part of remedial measures.
revoke permissions of all users except the owner. It ensures if a user tries to share a document with a personal email id or another domain, the document sharing permissions can be immediately revoked in near real-time.
Notify Reporting Manager:
a notification will be sent to the reporting manager of the sender on the DLP, as mentioned in the rules.
Notify Super Admin:
a notification will be sent to the CloudCodes super admin.