search cancel

CloudSOC Gatelet policy to Block Gmail Service blocks all Google apps

book

Article ID: 172723

calendar_today

Updated On:

Products

CASB Security Standard CASB Security Premium CASB Security Advanced CASB Audit CASB Gateway CASB Gateway Advanced Data Loss Prevention Cloud Package

Issue/Introduction

CloudSOC/CASB
Google GSuite Gatelet

Created an Access Enforcement by Gatelet policy to block users from logging into the Gmail service.
The expectation is the policy blocks only Gmail; however, the policy blocked Google Drive and other apps included in GSuite. 

Cause

  • The GSuite management of internal apps is all inclusive on the activity so the policy blocks anything related to any GSuite Service.
  • An Access Enforcement by Gatelet policy CloudSOC blocks activities based on the domain of the service.
  • Because Google shares domains across multiple products and services; blocking one affects all other Google services.

 

The images below illustrate a Policy set to block 'Gmail' yet when browsing (incognito) directly to Google Drive, the Policy is triggered and action is blocked.

   

 

Resolution

Working as designed, no possible workaround. 

Attachments