Google securlet may report external exposures for content shared internally
search cancel

Google securlet may report external exposures for content shared internally

book

Article ID: 277536

calendar_today

Updated On:

Products

CASB Securlet SAAS

Issue/Introduction

Files that are domain-wide shared in an external domain with internal collaborators can be classified as shared externally even with users in the internal secondary domains. As a result of this behavior, we will see false positives if the policy is configured with internal domain-wide sharing as one of the filtering criteria.

Resolution

Broadcom is aware and is planning a future change to address limitations in how CASB classifies files which are shared domain-wide in the external domain and few internal collaborators.

Workaround:

Policy

  • Create a policy for each domain where the policy should affect the users of the domain.
  • Create\Sync Groups from a directory to CloudSOC and assign the group to the policy. (Note see Additional info: The securlet does not sync groups for Google Workspace to CloudSOC).

In order to see file exposures:

    Select the internal or external slider to display the files by exposure.

Additional Information

CASB securlets do not support group synchronization to CloudSOC.

The possibility of a group being overwritten by another securlet with different users would make group syncronization unmanageable.