Content Scanning

Follow

Contents

Content scanning in BetterCloud enables you to be alerted when your domain’s files contain sensitive data, and to automatically take action on those files by triggering workflows. Content scanning is currently available for the following providers and more will be added in the near future.

  • Google Drive
  • Box
  • Slack

There are two ways of carrying out content scanning. The first method is by configuring the Sensitive Data Scanned alert template, which enables you to scan all files for sensitive information, and also supports additional conditions to scope the alerts further. You can also add a content scanning condition to one of our exposure-focused alert templates (File Shared Publicly, Files with Public Sharing Links, and Files Shared Externally), allowing you to hone in on sensitive data that is being shared publicly or with users outside of your domain, and take action accordingly.

*Please Note: Content scanning alerts only scan documents that have been edited from this point forward. They will not retroactively scan all documents on your domain. Retroactive scanning will be added in the coming months.

Sensitive Data Scanned Alert

To get started, navigate to the Alerts Manager under Alerts > Manage from the left nav. The Sensitive Data Scanned alert is a template, meaning it must be configured prior to becoming active. To do so either click on the alert’s name, or select “Edit” from the carrot on the right side of the page.Content_Scanning-1.png

Name your alert to make sure you can identify it later, and add a description.

Content_Scanning-2.png

You can add a condition to scope this alert further, but it is not required in order to configure the alert.Content_Scanning-3.png

The Content Scanning section is where you can decide what type of content to look for. In this example we will look for United States Social Security Numbers. You can narrow the information types presented by using the dropdown for “Region” and “Category”.

Content_Scanning-4.gif

Clicking the “+” symbol allows you to add additional information types. Select the trash can icon next to an information type to remove it from your selection.

Content_Scanning-5.png

These additional conditions will function with OR logic, meaning that a file that contains any of the specified information types will trigger the alert.

By default the checkbox for “Include Private Files” will be unchecked and BetterCloud will not scan private files. You may check this box to include private files in the scan.

Content_Scanning-6.png

*Please Note: Including private files may significantly increase the amount of time the alert takes to process, and will remove any “Shared With” conditions from the alert.

As with any other alert, you can also set a threshold, and enable notifications through email, SMS, and webhook.

Content-Scanning-7.png

Select “Publish” to activate your new alert.

Externally Shared and Public File Alerts

In order to identify sensitive data that has been shared publicly or with external users, you can add content scanning to one of the following alert templates from the Alerts Manager:

  • Files Shared Publicly
  • Files with Public Sharing Links
  • Files Shared Externally

Other configurations for these alerts are essentially the same as for the Sensitive Data Scanned alert, but with the built-in conditions for file exposure configured by default.

Content_Scanning-8.png

Adding content scanning to one of these alerts creates a new custom alert, which can then be used to trigger workflows to revoke external sharing or send you information about the triggering file.

Auditing Results

Once your alert has triggered, it will display on the Triggered Alerts page, under Alerts > Triggered from the left nav.

The review flyout shows the name of the file, the number of matches, and the date and time when the file triggered the alert. Files with multiple matches will only appear once in the review flyout. Click on the link under the “Violations” column to view the list of matches. The page shows the title of the file, the owner, the category that was matched, and the matched text. The list of matched entries is partially obscured for security purposes.

When scanning documents, BetterCloud employs additional validation besides a basic regular expression match. If you are testing with dummy data, it will have to meet this additional validation in order to trigger the alert. Meaning, you will not be able to enter a random 9 digit number, it will also need to match the pattern of a valid Social Security Number. Additionally, in order to avoid scanning duplicate data for a file that is being actively edited, a document must be unedited for at least 5 minutes before BetterCloud will scan it.

Triggering a Workflow

As with any other alert, once a content scanning alert is published, it can be used as a workflow event. You can locate it under the Alerts dropdown for the relevant connector in the WHEN section of the Workflow Builder.

Once the workflow is published, future events that trigger the alert will also trigger the workflow, allowing you to take automated action based on sensitive data identified on your domain.

*Please Note: Workflows will only take action on files that triggered the alert after it has been published.

Important Information/Requirements

  • Content Scanning is only available on our Pro and Enterprise subscription levels.
  • Customers that are currently using Drive in g.bettercloud.com will need to contact their Customer Success Manager to migrate over to the new platform.
  • All content scanning is from this point forward, meaning that only documents that are edited after the alert is enabled will be scanned and can trigger the alert.
  • Scans are only carried out on any given document after it has not been edited for at least 5 minutes.
  • Currently only files under 50MB in size will be scanned.
Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request