The Shared with field within User Data Governance tickets identifies the user(s) who can access the file. Public sharing indicates that the intrusive file is accessible to all users who possess the file link.
In addition to wildcard character support, the Specific Keywords section supports searches based on regular expression (regex).
Security certificates, including files with .crt or .pem extensions, are digital certificates that can be used to establish secure connections between a client and a server. These files are regarded as sensitive.
Can Access and Expose: Users with these permissions can share sensitive data files and emails, as well as access files shared by other users. Tickets are not generated.
Can Access: Users with these permissions can access files containing sensitive data shared by other users without generating a ticket. However, such files cannot be shared, and sharing tickets are generated.
The purpose of file scans (on endpoint device drives and in general) is to identify files containing sensitive information so that admin users are notified of potential risks and can take appropriate measures to protect the sensitive information in question, by either:
Adjusting data governance permissions
Taking measures prescribed by their organization's data governance policy
It is not necessary to detect all occurrences of each type of sensitive information within a given file for that, so Coro limits the number of such detected occurrences to optimize performance and (in the case of endpoint devices) improve end-user experience.
Coro recognizes US social security numbers (SSNs). Coro additionally detects SSNs on a predefined list of keywords if the SSN is in an unrecognized format.
Tickets containing sensitive information, but that do not require manual review by admin users, are automatically closed.
Such tickets are included in the Coro console ticket log for audit, monitoring, analysis, and to satisfy regulatory compliance requirements. They are typically triggered automatically by events such as the detection of sensitive information in an email, file, or file sharing. Some examples of this type of ticket include:
Personal Identifiable Information (PII): IP and MAC address.
Nonpublic Personal Information (NPI): Monthly payment (financial content) and email address.
Protected Health Information (PHI): Medical Records Number (MRN).
Coro can identify stored sensitive information on user devices that potentially violate one or more regulatory or data compliance standards. Such information falls into one of the following categories:
Personally Identifiable Information (PII): Information connected to a specific individual that can be used to uncover that individual's identity, such as full name, email address, passport number, or social security number.
Payment Card Industry (PCI): A set of security standards created by major credit card providers designed to ensure that all companies that accept, process, store, or transmit credit card information maintain a secure environment.
Protected Health Information (PHI): Data collected, stored, used, or transmitted during the provision of health care services. This data includes patient name, medical history, and health insurance information.
Non-Public Personal Information (NPI): Personal financial data that is collected and stored by financial institutions. NPI is a combination of PII and other indicators. For example, social security numbers are PII indicators, but in combination with credit card information, they are also classified as NPI.
The following table lists sensitive information detectors that Coro is able to identify and their respective categories:
| Detector Name | Type | Data Type I | Data Type II |
|---|---|---|---|
| Account Number | Content | NPI | |
| Annual Credit Report | Form | NPI | |
| Bank Routing Number | Content | PII | NPI |
| Bank Statement | Form | NPI | |
| Bill Of Sale | Form | NPI | |
| Car Title | Form | NPI | |
| CDT (Current Dental Terminology) Codes | Content | PHI | |
| Certificate | Content | ||
| CPT (Current Procedural Terminology) Codes | Content | PHI | |
| Credit Card Number | Content | PCI | NPI |
| Credit Card Statement | Form | NPI | |
| Custom Keywords | Content | ||
| Date | Content | PHI | NPI |
| Driver License | Content | PII | NPI |
| Email Address | Content | PII | NPI |
| Financial Content | Content | NPI | |
| FR-44 | Form | NPI | |
| General Medical Keyword | Content | PHI | |
| Health Insurance Claim | Content | PHI | |
| IBAN | Content | PII | NPI |
| ICD-10 | Content | PHI | |
| Insurance Card | Form | NPI | |
| Insurance Plan Payment | Form | NPI | |
| IP | Content | PII | NPI |
| IP V4 | Content | PII | NPI |
| IP V6 | Content | PII | NPI |
| Lease Agreement | Form | NPI | |
| Mac Address | Content | PII | NPI |
| Medical Beneficiary Identifier (MBI) | Content | PHI | |
| Medical File | Content | PHI | |
| Medical Records Number (MRN) | Content | PHI | |
| MISC 1099 | Form | NPI | |
| Odometer Disclosure | Form | NPI | |
| Password | Content | ||
| Pay Stub | Form | NPI | |
| Person Name | Content | PII | NPI |
| Personal Net Worth | Form | NPI | |
| Phone Number | Content | PII | NPI |
| Social Security Number | Content | PII | NPI |
| Source Code | Content | ||
| SR-22 | Form | NPI | |
| Swift | Content | ||
| Taxpayer Identification Number (ITIN) | Content | PII | NPI |
| US Health Care NPI | Content | PHI | |
| US Address | Content | PII | |
| US Bank | Content | PII | NPI |
| US DEA Number | Content | PHI | |
| US Employer Id Number | Content | PII | NPI |
| US Passport | Content | PII | NPI |
| Username | Content | NPI | |
| Vehicle Identification Number (VIN) | Content | PII | NPI |
| Vehicle Registration | Form | NPI | |
| W-2 | Form | NPI |
These tickets are most likely not false positives, but rather Coro is generating data monitoring tickets according to your enabled monitoring options under User Data Governance.
Coro’s User Data Governance monitors storage and exposure of privacy-sensitive data on Email and shared cloud drives.
To configure User Data Governance data monitoring in Coro:
From the sidebar, select
to access the Control Panel.Select User Data Governance:
From the Monitoring page, enable or disable the monitoring options:
Yes, to exclude User Data Governance monitoring options:
From the sidebar, select
to access the Control Panel.Select User Data Governance:
From the Monitoring page, disable the monitoring options:
See the Federal Information Security Modernization Act (FISMA) compliance document.
FISMA aims to reduce the potential risk of unauthorized data use, and to develop, document, and implement an information security and protection program disclosure. The governed federal agencies need to comply with the information security standards guidelines, and mandatory required standards developed by NIST.
'Exclude emails with specified keyword in the subject line' is applicable to all sensitive data types as follows:
Suspicious exposure of certificate
Suspicious exposure of critical data
Suspicious exposure of file type
Suspicious exposure of password
Suspicious exposure of source code
No, Coro does not scan for sensitive data at rest.
The Remove Permission action (User Data Governance > Permissions) removes an existing permission configured to restrict:
Unauthorized data exposure of sensitive information.
Unauthorized data access to sensitive information.
Protected users have access to sensitive information granted by default. You can use the Permissions page to add restrictions according to your organizational needs. Permissions can be set for:
All Users
Specific Groups of Users
Specific Users/Domains
The customer selects their preferred data storage region when setting up with the Coro sales team. Customers cannot select the storage region independently. After a data storage region is selected for a parent workspace, it cannot be changed.
Yes. Coro can store data in multiple locations provided each parent channel workspace resides in a separate region.
Data from multiple workspaces cannot be combined in Coro, although customers can use the Coro public API to retrieve and combine data externally.
Workspace regions are determined at the parent level. MSPs require separate parent workspaces in order to have child workspaces in multiple regions.
Each deployment has its own URL as follows:
U.S: secure.coro.net
EU: secure-eu.coro.net
Canada: secure-ca.coro.net
To setup a workspace in a requested region, use the correct regional URL to access the console and follow the usual workspace creation process.
The EU data center is located in Germany, and enables German customers and other EU customers to comply with local and EU-wide regulations, respectively.
User Data Governance tickets are only created from data in English.
User Data Governance can process standalone image files but does not support scanned PDFs or images embedded in documents such as Microsoft Word files. The supported image formats are:
- jfif
- jpeg
- jpg
- png
- tiff
- webp
- x-portable-anymap
- x-portable-bitmap
- x-portable-graymap
- x-portable-pixmap
Yes, User Data Governance Data objects with specific keywords operates on exact keyword matches.
Yes, User Data Governance Data objects with specific keywords detects keywords in the subject lines of emails.
User Data Governance can analyze SQL code found in shared files; however, it cannot scan SQL code embedded in the stored procedures of database systems.
Coro detects sensitive data types specific to multiple regions. This includes data such as national ID numbers, passport numbers, driver's licenses, tax identifiers, and healthcare data. Each data type is classified by regulatory category and regional format to support compliance with local privacy laws.
For more information, see Sensitive data recognized by Coro.
Coro consolidates findings with monitored sensitive data types across the email subject, body, and attachments into a single ticket: Email Containing Sensitive Data. For more details, see Ticket types for User Data Governance. It groups related detections into one section and specifies the location and type of each finding, reducing alert fatigue and streamlining investigation.