Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here

Skyhigh Security

Skyhigh CASB for Box Collaboration Policies

Skyhigh CASB for Box helps prevent data loss by enabling you to restrict all kinds of collaboration on content stored in Box. Skyhigh CASB DLP Collaboration Policies for Box gives you control to apply restrictions on all files/folders or only files/folders with sensitive information. There are two policy categories from this perspective:

  • Pure Collaboration. Restricts collaboration on any file/folder irrespective of the content.
  • Content-Aware Collaboration. Restricts collaboration on files/folders with sensitive content.

Use Policies to Remove Shared Links or Modify Permissions

Public Shared links or Organization level shared links on any file or folder, including folders that contain sensitive content, can be removed in near real-time by configuring an On-Demand Scan with a DLP Collaboration policy. You can use this method to remove any existing or old shared links.

Also, Sanctioned DLP Collaboration policies allow you to remove permissions. Editing, viewing, or all permissions for collaborators on any file or folder, or any file or folder with sensitive content, can be removed in near real-time by configuring an On-Demand Scan. You can use this method to remove any existing or old collaborator permissions without the need to go back and check.

The Modify Permissions response action has been broken up into three different response actions:

  1. Set View Only Permissions for
  2. Set Edit Permissions for
  3. Revoke Sharing for

For details, see DLP Policy Response Actions

Boxcollab1.png

* Only some trigger actions are supported

 

Content-aware collaboration and trigger actions identify the actions that should be allowed, depending on the type of content in a file or folder.

Boxcollab2.png

Create a Collaboration Policy with File Path/Folder ID

This DLP collaboration monitors and triggers the sensitive information or violations in the files that are uploaded in the configured folders or file path.

To configure the File Path or Folder ID Collaboration:

  1. Go to Policy > DLP Policies
  2. Click Actions > Sanctioned Policy > Create New Policy
  3. On the Rules page, select Collaboration
    • Select Sharing From > Anyone
    • Select Sharing To > Anyone
    • Select Sharing Permission > Any
  4. Click Done
  5. Click AND and select File Path/Folder ID
    • Select Manually enter Select File Path/Folder ID
    • Enter the file path or folder ID. 
  6. Click Done
  7. Click Next
    box_collaboration_folder_id.png
  8. To complete the configuration, choose the required response. For details, see Collaboration Policies For Files and Folders.

You can view the incidents that have violated DLP Policy in the Policy Incidents page.

clipboard_e69e0e49873334ad9b24b7a0d807fe954.png

Create a Collaboration Policy for Shared Links

When a shared link is generated on a file with sensitive content, or when a file with an existing shared link is edited by adding sensitive content, Collaboration policies for shared links allow you to remove a shared link, which stops the file from being shared.

To create a Collaboration policy for Shared Links:

  1. Go to Policy > DLP Policies
  2. Click Actions > Sanctioned Policy > Create New Policy
  3. On the Description page, enter a name, description, and deployment type. For Services, select Box. Then select the users the policy will apply to. 
  4. On the Rules page, select Collaboration
  5. For Sharing From, select the users you want the policy to apply to. 
    box_shared_link.png
  6. For Sharing To, select one of the following:
    • Anyone with link. Anyone who has the link can access it. No Sign-in required. 
    • Anyone in organization with link. Anyone at a specified company who has the link can access it. Sign-in required. 
      dlp_wizard_collab_google.png
  7. Click Done
  8. For Sharing Permission, make a selection:
    • Any
    • Writer
    • Commenter
    • Reader
  9. Click Next
    dlp_wizard_collab_google_response.png
  10. On the Responses page, select THEN and Remove Link
  11. Select an Email Template if needed. 
  12. Review the policy and click Save
  • Was this article helpful?