Enterprise Recon Cloud 2.12.0

Download ER Cloud 2.12.0 User Guide (PDF)

How To Perform Delegated Remediation

PRO This feature is only available in Enterprise Recon Cloud PRO Edition. To find out more about upgrading your ER Cloud license, please contact Ground Labs Licensing. See Subscription License for more information.

This section covers the following topics:

Overview

As the process for remediating sensitive data locations often involves multiple steps and parties, the ability to delegate the remediation task is necessary for an effective compliance program. This becomes particularly evident in large organizations where a single scan can result in millions of sensitive data matches across a huge number of locations, which would be overwhelming for a single user to review and remediate.

With Delegated Remediation, an Enterprise Recon Cloud user can easily delegate the task to remediate match locations across multiple Targets to another user. This helps organizations streamline the remediation workflow to achieve flexibility and scalability in its compliance efforts.

For more information, refer to the Remedial Actions in ER Cloud section.

Requirements

Requirements Description
License Enterprise Recon Cloud PRO license.
Message Transfer Agent (MTA)

At least one MTA must be configured to enable email notifications to be sent to delegatees of a remediation task.

For more information, refer to the Configure Mail Settings section.
Delegator

A user with Global Admin or Remediate resource permissions can delegate remediation tasks for all locations which the delegator has Remediate permissions to.

Refer to the Assign Resource Permissions in the Grant User Permissions section

The remediation actions that can be delegated are limited by the type of Remediation permissions assigned to the delegator's account.
Delegatee
  • Remediation tasks can be delegated to:
    • Any ER Cloud user, and

    • Active Directory (AD) users. This requires Active Directory to be configured in ER Cloud.

      Refer to the Connect Active Directory section.

    Delegated remediation can be done regardless of the delegatee's existing user account permissions.

  • Remediation tasks can only be delegated to user accounts with an associated email address.

Delegate Remediation for Sensitive Data Locations

A user with Global Admin and Remediate resource permissions can delegate the remediation of sensitive data locations to another user from the Investigate page. Using the Target and location filters, the delegator can simplify the Investigate results grid view to easily select multiple match locations for delegated remediation. For example, use the Metadata filter to only display locations that belong to a specific document owner. Refer to Filter Targets and Locations in the View Investigate Page section.

To delegate a remediation task to another user:

  1. Log in to the ER Cloud Web Console.
  2. Go to Investigate.
  3. (Optional) Select one or more filters in the Filter Locations by panel and click Apply Filter to display Targets and match locations that fulfill specific criteria in the results grid.

  4. Select the Targets and match locations to be assigned for delegated remediation.

  5. Click Delegate and fill in the following fields in the Delegate Remediation dialog box:

    Field Description
    Delegate to Select a user to delegate the remediation task to.
    Subject

    (Optional) Enter a descriptive email subject to be used for the notification email.

    To change the default subject for the notification email, refer to Manage the Delegated Remdiation Task Settings below.
    Note

    (Optional) Enter a custom message for the notification email.

    To change the default subject for the notification email, refer to Manage the Delegated Remdiation Task Settings below.
    Action Required Select the remediation actions that can be performed by the delegatee on the match locations. For more information, refer to the Remedial Actions in ER Cloud section.
    The delegator can only assign remediation actions for which his account has explicit Remediation resource permissions for. Refer to Assign Resource Permissions in the Grant User Permissions section.

  6. Click Delegate to confirm the delegation task. Once confirmed, a notification email with a link to the delegated remediation task will be sent to the delegatee.

In the Investigate results grid, the "Delegated" status will be displayed in the Delegation column if there is at least one active delegated remediation task associated with the match location.

To check the status and progress of delegated remediation tasks that have been assigned by and assigned to the current user account, refer to Check the Status of Delegated Remediation Tasks below.

Manage the Delegated Remediation Task Settings

You can customize the default contents of the notification email that is sent to the delegatee, and the default link expiration date for delegated remediation tasks.

The message in the notification email can be customized to provide useful information to let the delegatee know how to proceed, or any specific action that is required for the delegated remediation task.

You must have Global Admin or System Manager permissions to modify the default email subject and message, and the validity period of the delegated remediation task.

  1. Log in to the ER Cloud Web Console.
  2. On the Settings > Remediation > PRO Settings page, go to the Delegated Remediation Email section.

  3. Click on Edit to customize the following fields for the delegated remediation task:

    Setting Description
    Subject Subject header for the notification email sent to the delegatee of a delegated remediation task. The character limit for the text is 200.
    Message Content of the notification email. The character limit for the text is 1000.
    Link Expiry Set the validity period for the delegated remediation task and link. For example, if set to 14, the delegated remediation task and link will expire automatically 14 days from the date and time when the task was created, unless expired manually.
  4. Once done, click on Save. The new settings will be applicable for future delegated remediation tasks.

Check the Status of Delegated Remediation Tasks

The Tracker page provides a view of all remediation tasks that have been delegated to the current user by other users, and vice-versa.

To view the status of delegated remediation tasks:

  1. Log in to the ER Cloud Web Console.

    Field Description
    Enter Your Username

    Enter your ER Cloud or Active Directory (AD) user name.

    Example: john.doe
    Enter Your Password

    Enter your ER Cloud or AD password.

    Example: myPa$$w0rd
    <Active Directory Domain>

    Select your AD domain; only applicable for users logging in with AD credentials. Otherwise, select "No domain".

    Example: example.com
  2. Go to Tracker.
  3. In the Tracker page, click on:
    • Delegated to others to view the remediation tasks assigned by the current user to other users.
    • Delegated to me to view the remediation tasks assigned to the current user by other users.
    Column Description
    Delegated to User name of the delegatee of the remediation task. Only displayed in the Delegated to others tab.
    Delegated by User name of the delegator of the remediation task. Only displayed in the Delegated to me tab.
    Filter Applied List of filters that were applied to the match results set in the Investigate page when the delegated remediation task was created.
    Delegated on Date and time when the delegated remediation task was created.
    Link Expiration Expiry date and time for the delegated remediation task. Delegated remediation tasks expire automatically a certain number of days from the date and time when the task was created, unless expired manually. Refer to Manage the Delegated Remdiation Task Settings above.
    Delegated Locations Total number of Targets or Target locations selected for the delegated remediation task.
    Remediated Locations "x/y" where:
    • x is the total number of Target locations that have been remediated (by any user), and
    • y is the total number of Target locations assigned for the delegated remediation task.
    Partially masked Targets or Target locations do not count towards the total number of remediated locations (x).
    Link status Status of the delegated remediation task.
    • Active - Indicates that the delegated remediation task is still active and not all locations have been remediated.
    • Expired - Indicates that the delegated remediation task has expired. Delegated remediation tasks expire automatically four weeks (28 days) from the date and time when the task was created.
    • Expired Manually - Indicates that the delegated remediation task was expired manually by the delegator.
  4. (Optional) Use one or more filters in the Filter by… panel to show specific delegated remediation tasks.
  5. Hover over a task and click on the view Tracker view icon. icon to view the list Targets and match locations included in the delegated remediation task. Refer to Review and Remediate Locations below.

Trash

You can use the Trash function to remove active or expired delegated remediation tasks. When a delegated remediation task is trashed:

  • The corresponding task(s) will be removed from the Tracker page for both the delegator and delegatee.
  • The link for any active delegated remediation task will automatically become invalid.

To delete an active or expired delegated remediation task:

  1. (Optional) In the Tracker page, go to the Delegated to others tab. Select one or more filters in the Filter Locations by panel to display specific delegated remediation tasks.
  2. Select the delegated remediation tasks and click the Trash button Trash button to remove selected delegated remediation tasks. to delete. Otherwise click Cancel to cancel the operation.

Review and Remediate Locations

The Locations To Be Remediated page displays the list of match locations to be remediated for a delegated remediation task.

To review and remediate a match location:

  1. Log in to the ER Cloud Web Console.
    Field Description
    Enter Your Username

    Enter your ER Cloud or Active Directory (AD) user name.

    Example: john.doe
    Enter Your Password

    Enter your ER Cloud or AD password.

    Example: myPa$$w0rd
    <Active Directory Domain>

    Select your AD domain; only applicable for users logging in with AD credentials. Otherwise, select "No domain".

    Example: example.com
  2. Go to the Locations To Be Remediated page.
    • Click on the Link to remediate in the notification email for the delegated remediation task and log in to the ER Cloud Web Console, or
    • Log in to the ER Cloud Web Console. In the Tracker page, hover over a task and click on the view Tracker view icon. icon.
  3. Click on a match location to bring up the Match Inspector window to review the list of sensitive data matches for the match location.
  4. Select the Targets and match locations you want to remediate.

  5. Click Remediate and select one of the following actions:

    Remediation Remedial Actions
    Act directly on selected location

    • Mask all sensitive data - Masks all found sensitive data in the match location with a static mask.

    • Quarantine - Moves the files to a secure location you specify and leaves a tombstone text file in its place.

    • Delete Permanently - Securely deletes the match location (file) and leaves a tombstone text file in its place.

    • Encrypt file - Secures the match location using an AES encrypted zip file.

    For more information, refer to Act Directly on Selected Location in the Remedial Actions in ER Cloud section.
    Mark locations for compliance report
    • Confirmed - Marks selected match location as "Confirmed". The location has been reviewed and found to contain sensitive data that must be remediated.
    • Remediated manually - Marks selected match location as "Remediated Manually". The location contains sensitive data which has been remediated using tools outside of ER Cloud and rendered harmless.
    • Test Data - Marks selected match location as "Test Data". The location contains data that is part of a test suite, and does not pose a security or privacy threat.
    • False Match - Marks selected match location as a "False Match". The location is a false positive and does not contain sensitive data.

    For more information, refer to Mark Locations for Compliance Report in the Remedial Actions in ER Cloud section.
    Remedial actions taken in the Locations To Be Remediated page are applied to specific data types if any data type filters were selected when the delegated remediation task was created (refer to Filter Targets and Locations in the View Investigate Page section).

    For example, "File A" has one Personal Names (English) and two Visa matches. Only Visa matches will be remediated if Visa is the only data type filter that was selected when the delegated remediation task was created. Refer to Check the Status of Delegated Remediation Tasks above for the list of filters that were applied for the delegated remediation task.

  6. Enter a name in the Sign-off field.
  7. Enter an explanation in the Reason field.
  8. Click Ok.
Missing list of locations?

For an active delegation task, the list of match locations in the Locations To be Remediated page may be empty if:

  • All match locations were deleted from the Target, or
  • All match locations were fully remediated.

For more information, refer to Act Directly on Selected Location in the Remedial Actions in ER Cloud section.

Expire A Delegated Remediation Task

Delegated remediation tasks expire automatically a certain number of days from the date and time when the task was created, or can be expired manually by the delegator.
When a delegated remediation task expires, the link and Locations To Be Remediated page for the delegated remediation task will no longer be accessible.

To manually expire a delegated remediation task:

  1. Log in to the ER Cloud Web Console.
  2. Go to Tracker.
  3. Click on Delegated to others to view the remediation tasks assigned to other users.
  4. (Optional) Use one or more filters in the Filter by… panel to show specific delegated remediation tasks.
  5. Select one or more active delegated remediation tasks and click Expire Link.
  6. In the Expire Link dialog box, click Expire to manually expire the links for the selected delegated remediation tasks. Otherwise click Cancel to cancel the entire operation.