Question

how do you guys handle sharing files outside the org?


Userlevel 2
Badge +2

how do you guys handle sharing files outside the org?



🗨 Link to Slack thread

21 replies

Userlevel 5
Badge +2

You can set-up a few interesting automations and Workflows within BetterCloud to notify you of external shares

Userlevel 5
Badge +2

and handle accordingly

Userlevel 2
Badge +2

yeah i was considering whether it's feasible to use an approval workflow

Userlevel 2
Badge +2

generally speaking we're not against external sharing, until we are LOL

Badge +1

@flm369 BetterCloud does have a Wait for Approval step. I prefer more automated Workflows that have a "soft landing" in them via a Wait for Duration step. After that then remediating the sharing settings (as long as it's not some horrible PII issue). PII gets the hard cut off and a notification/ticket to relevant parties.

Userlevel 2
Badge +2

yeah good idea

Badge +1

You can also split it up by OU/Dept or whatever, so Marketing is a bit more lax than Legal/HR. Or whatever your policy is. If it doesn't exist, it provides a great way for IT/CorpEng to provide value back to the Org.

Userlevel 2
Badge +2

so we've got some hard and fast DLP settings for dealing with blatant PII violations, but more recently we're looking at fixing the termed employee use case. an employee might catch wind of their inevitable termination and share a bunch of non-PII stuff to a personal account ahead of it.

Badge +1

Yea, setting threshold alerts is also helpful.

Badge +1

If downloading x amount of files, open InfoSec ticket, ping Security Slack channel, etc etc

Userlevel 2
Badge +2

right now the best idea i have to address it is to take the OU approach as @blair mentioned and restrict external access to the offboarding OUs

Userlevel 2
Badge +2

our SOC gets too many alerts right now for there to be a comprehensive solution there unfortunately

Badge +1

@cdubs ☝


Open Thread in Slack
Badge +1

@cdubs ☝


Open Thread in Slack
Badge

Why not just use Okta group push to Jira?


Open Thread in Slack
Badge +1

Hi Dimitri! We found that there is a slight propagation delay between creating the Atlassian user and when they are viewable in the API. I would recommend adding a 1 hour wait for duration period to your workflow after the user has been created and right before you add the user to the different Jira and Confluence groups. That should help mitigate that skipping issue!
https://screenshots.bettercloud.com/QwuAY8q5


Open Thread in Slack
Badge

If you build workflows for each team it seems like thats adding a ton more work compared to using the SCIM connector in Okta to manage groups. Especially if using a 1 workflow per team onboarding, team change and offboarding with 100 teams you now have 300 workflows to maintain vs just 1 mapping in the SCIM Push Group Okta config.


Open Thread in Slack
Badge

Why not just use Okta group push to Jira?


Open Thread in Slack
Badge

If you build workflows for each team it seems like thats adding a ton more work compared to using the SCIM connector in Okta to manage groups. Especially if using a 1 workflow per team onboarding, team change and offboarding with 100 teams you now have 300 workflows to maintain vs just 1 mapping in the SCIM Push Group Okta config.


Open Thread in Slack
Badge

Why not just use Okta group push to Jira?


Open Thread in Slack
Badge

If you build workflows for each team it seems like thats adding a ton more work compared to using the SCIM connector in Okta to manage groups. Especially if using a 1 workflow per team onboarding, team change and offboarding with 100 teams you now have 300 workflows to maintain vs just 1 mapping in the SCIM Push Group Okta config.


Open Thread in Slack

Reply