Skip to content

User data governance

What does the ‘Shared with’ field indicate on User Data Governance tickets?

The Shared with field within User Data Governance tickets identifies the user(s) who can access the file. Public sharing indicates that the intrusive file is accessible to all users who possess the file link.

Can wildcard characters be used in the Specific Keywords section of the User Data Governance module within the Coro Console?

In addition to wildcard character support, the Specific Keywords section supports searches based on regular expression (regex).

What is flagged in a Suspicious Exposure of Certificate ticket?

Security certificates, including files with .crt or .pem extensions, are digital certificates that can be used to establish secure connections between a client and a server. These files are regarded as sensitive.

What is the difference between Can Access vs Can Access and Expose permissions?

Can Access and Expose: Users with these permissions can share sensitive data files and emails, as well as access files shared by other users. Tickets are not generated.

Can Access: Users with these permissions can access files containing sensitive data shared by other users without generating a ticket. However, such files cannot be shared, and sharing tickets are generated.

Why does Coro only detect a small number of sensitive data occurrences within a file when a file scan is run?

The purpose of file scans (on endpoint device drives and in general) is to identify files containing sensitive information so that admin users are notified of potential risks and can take appropriate measures to protect the sensitive information in question, by either:

  • Adjusting data governance permissions

  • Taking measures prescribed by their organization's data governance policy

It is not necessary to detect all occurrences of each type of sensitive information within a given file for that, so Coro limits the number of such detected occurrences to optimize performance and (in the case of endpoint devices) improve end-user experience.

What social security number (SSN) pattern does Coro detect?

Coro recognizes US social security numbers (SSNs). Coro additionally detects SSNs on a predefined list of keywords if the SSN is in an unrecognized format.

Under what circumstances will Coro automatically close Data Loss Prevention (DLP) tickets?

Tickets containing sensitive information, but that do not require manual review by admin users, are automatically closed.

Such tickets are included in the Coro console ticket log for audit, monitoring, analysis, and to satisfy regulatory compliance requirements. They are typically triggered automatically by events such as the detection of sensitive information in an email, file, or file sharing. Some examples of this type of ticket include:

  • Personal Identifiable Information (PII): IP and MAC address.

  • Nonpublic Personal Information (NPI): Monthly payment (financial content) and email address.

  • Protected Health Information (PHI): Medical Records Number (MRN).

Coro can identify stored sensitive information on user devices that potentially violate one or more regulatory or data compliance standards. Such information falls into one of the following categories:

  • Personally Identifiable Information (PII): Information connected to a specific individual that can be used to uncover that individual's identity, such as full name, email address, passport number, or social security number.

  • Payment Card Industry (PCI): A set of security standards created by major credit card providers designed to ensure that all companies that accept, process, store, or transmit credit card information maintain a secure environment.

  • Protected Health Information (PHI): Data collected, stored, used, or transmitted during the provision of health care services. This data includes patient name, medical history, and health insurance information.

  • Non-Public Personal Information (NPI): Personal financial data that is collected and stored by financial institutions. NPI is a combination of PII and other indicators. For example, social security numbers are PII indicators, but in combination with credit card information, they are also classified as NPI.

The following table lists sensitive information detectors that Coro is able to identify and their respective categories:

Detector Name Type Data Type I Data Type II
Account Number Content NPI
Annual Credit Report Form NPI
Bank Routing Number Content PII NPI
Bank Statement Form NPI
Bill Of Sale Form NPI
Car Title Form NPI
CDT (Current Dental Terminology) Codes Content PHI
Certificate Content
CPT (Current Procedural Terminology) Codes Content PHI
Credit Card Number Content PCI NPI
Credit Card Statement Form NPI
Custom Keywords Content
Date Content PHI NPI
Driver License Content PII NPI
Email Address Content PII NPI
Financial Content Content NPI
FR-44 Form NPI
General Medical Keyword Content PHI
Health Insurance Claim Content PHI
IBAN Content PII NPI
ICD-10 Content PHI
Insurance Card Form NPI
Insurance Plan Payment Form NPI
IP Content PII NPI
IP V4 Content PII NPI
IP V6 Content PII NPI
Lease Agreement Form NPI
Mac Address Content PII NPI
Medical Beneficiary Identifier (MBI) Content PHI
Medical File Content PHI
Medical Records Number  (MRN) Content PHI
MISC 1099 Form NPI
Odometer Disclosure Form NPI
Password Content
Pay Stub Form NPI
Person Name Content PII NPI
Personal Net Worth Form NPI
Phone Number Content PII NPI
Social Security Number Content PII NPI
Source Code Content
SR-22 Form NPI
Swift Content
Taxpayer Identification Number (ITIN) Content PII NPI
US Health Care NPI Content PHI
US Address Content PII
US Bank Content PII NPI
US DEA Number Content PHI
US Employer Id Number Content PII NPI
US Passport Content PII NPI
Username Content NPI
Vehicle Identification Number (VIN) Content PII NPI
Vehicle Registration Form NPI
W-2 Form NPI

What is a false positive Data Loss Prevention (DLP) ticket?

These tickets are most likely not false positives, but rather Coro is generating data monitoring tickets according to your enabled monitoring options under User Data Governance.

Note

Coro’s User Data Governance monitors storage and exposure of privacy-sensitive data on Email and shared cloud drives.

To configure User Data Governance data monitoring in Coro:

  1. Select Control Panel from the toolbar:

    Control Panel

  2. Select User Data Governance.

  3. Select the Monitoring tab:

    Data exposure

  4. Enable or disable each option as applicable to your needs.

Can I exclude certain indicators to limit the number of tickets generated by Coro?

Yes, you can exclude User Data Governance monitoring options.

To exclude Endpoint Data Governance monitoring options:

  1. Select Control Panel from the toolbar:

    Control Panel

  2. Select User Data Governance.

  3. Select the Monitoring tab

  4. Disable the desired monitoring options:

    Data exposure

Is there a document available that details how Coro helps companies follow the National Institute of Standards and Technology (NIST) framework?

See the Federal Information Security Modernization Act (FISMA) compliance document.

FISMA aims to reduce the potential risk of unauthorized data use, and to develop, document, and implement an information security and protection program disclosure. The governed federal agencies need to comply with the information security standards guidelines, and mandatory required standards developed by NIST.

What is Data Loss Prevention (DLP)?

DLP is a cybersecurity strategy and set of tools aimed at safeguarding sensitive information from unauthorized access, sharing, or theft within an organization.

Coro's Endpoint Data Governance enables Admin users to remotely scan endpoint devices for storage of:

  • PII (personally identifiable information)

  • PHI (protected health information)

  • PCI (payment card information)

  • NPI (non-public information)

For further information, see Introducing Endpoint Data Governance.

Does 'Exclude emails with specified keyword in the subject line' only apply to Data Loss Prevention (DLP)?

'Exclude emails with specified keyword in the subject line' is applicable to all sensitive data types as follows:

  • Suspicious exposure of certificate

  • Suspicious exposure of critical data

  • Suspicious exposure of file type

  • Suspicious exposure of password

  • Suspicious exposure of source code

Does Coro scan cloud drive data for sensitive data at rest?

No, Coro does not scan for sensitive data at rest.

What does the ‘Remove Permission’ action on the Permissions page do?

The Remove Permission action (User Data Governance > Permissions) removes an existing permission configured to restrict:

  • Unauthorized data exposure of sensitive information.

  • Unauthorized data access to sensitive information.

Protected users have access to sensitive information granted by default. You can use the Permissions page to add restrictions according to your organizational needs. Permissions can be set for:

  • All Users

  • Specific Groups of Users

  • Specific Users/Domains

In which countries can Coro store my data?

Coro can store your data in the United States, Germany, and Canada.

How can a new customer select a desired data storage region?

The customer selects their preferred data storage region when setting up with the Coro sales team. Customers cannot select the storage region independently. After a data storage region is selected for a parent workspace, it cannot be changed.

Can a customer select to store data in multiple locations, for example, one workspace in the U.S. and one in Canada?

Yes. Coro can store data in multiple locations provided each parent channel workspace resides in a separate region.

Note

Data from multiple workspaces cannot be combined, unless the Coro REST API is used to combine data.

Can MSPs have child workspaces in different regions?

Workspace regions are determined at the parent level. MSPs require separate parent workspaces in order to have child workspaces in multiple regions.

How do I identify deployments located in different regions?

Each deployment has its own URL as follows:

  • U.S: secure.coro.net

  • EU: secure-eu.coro.net

  • Canada: secure-ca.coro.net

How do I set up a workspace in a requested region?

To setup a workspace in a requested region, use the correct regional URL to access the console and follow the usual workspace creation process.

Where is the European Union (EU) data center located?

The EU data center is located in Germany, and enables German customers and other EU customers to comply with local and EU-wide regulations, respectively.