Publicly Shared Files: Why is it a Problem?
CASB Neural DLP finds all publicly accessible files in OneDrive or Google Drive and uses LLMs (large language models) to classify any sensitive data like IP (Intellectual Property), PHI (Protected Health Information), PII (Personal Identifiable Information), and PCI (Payment Card Industry).
But, why is this so important?
Well, files can be “shared” or “accessed” in a number of ways:
- Internally to a specific individual or group(s) of individuals within your organization (user@internal.com, group@internal.com)
- Internally to the entire organization
- Externally to a specific individual(s) outside your organization (user@external.com)
- Publicly, aka *anyone* and *everyone* outside & inside of your organization (anyone can view, i.e. completely unprotected)
Let’s look at #4… Public files.
So, what does it mean when we say a file or folder is “shared publicly” or “anyone with the link” can access it?
Another way of saying this is that the file is “publicly accessible” or “publicly exposed.” While you personally may have never knowingly shared this file or folder with anyone publicly aka outside of your organization, it still has the ABILITY or “sharing permissions” that allow it to be accessed or exposed to an external party who can view all of its contents.
It’s like removing your passcode from your iPhone and forgetting it at the bar.
You didn’t purposely give your phone to a stranger to look through, but by allowing open access to the phone (removing the passcode) and leaving it unattended, you’ve invited anyone in the public to pick it up and access it along with its contents.
Your unattended public file and folder links work the same way.
Take this file below for example. Right now, its access is Restricted to “Only me” (blue check mark). But, if I change its sharing permissions to “Anyone with the link,” that means anyone with this link, inside or outside of my organization, can access it even if I don’t personally give it to them. If the link somehow ends up in their hands, it’s openly accessible. That is a huge problem if there’s sensitive information in the file!
Unfortunately, most people don’t know the severity of this sharing permission OR that it even exists by default within their organization.
Consider some of our customers’ situations:
- A medium-sized VC firm that had its data room publicly accessible, where anyone could download sensitive information (stock purchase agreements, equity, offer letters, etc.) about major startups
- A healthcare company that had PHI documents publicly available because it was the default setting when creating a link
- A late-stage tech startup that had troves of sensitive files shared publicly, with no possible way to find out, including bank statements, etc.
All of these customers would never have known these issues existed, because no present-day CASB solution does what we do, in the way we do it, and with the level of accuracy we have.
That’s why CASB Neural DLP is here to uncover and monitor your Microsoft 365 / Google tenant for these unknown access permissions that may exist among your files and folders.
Hopefully this helps!
