2014 CloudLock Releases

August 2014

CloudLock for Salesforce

This amazing release allows admins to tune out the noise and focus on Salesforce report export incidents warranting additional investigation with increased levels of granularity in the policy engine.

Through the Salesforce Event Log API, CloudLock admins can customize policy criteria based on user location, export frequency, typical business hours, and/or Salesforce profile to policies relating to the Salesforce Report Export.



  • Location allows admins to whitelist a country, or series of countries, and subsequently flag report export events occurring outside of the prescribed locations.
  • The Frequency criterion allows admins to flag report export incidents based on a given user exceeding a specified number of reports in a specified number of days.
  • Admins are also capable of detecting report exports conducted by users outside of the admin-defined Business Hours.
  • The Profile criterion enables admins to detect report exports made by users other than system administrators. In fact, admins can choose to define these parameters based on a large number of profiles pulled from Salesforce.

CloudLock for Google Apps

With this release, we enhanced CloudLock Apps Firewall to make it even easier for organizations to easily control access of connected apps in their domains. The release offers enhanced automation, more granular controls, and increased security. There are three new features we’re particularly excited about:

  • App Whitelisting (in addition to blacklisting): Apps Firewall has always provided the ability to Blacklist specific users and organizational units (OUs) from specific apps. With App Firewall’s new classification type (“Restricted: Allow”), CloudLock administrators are now able to also Whitelist specific users, OUs, and/or domains for each app individually. Whitelisting is a valuable feature for administrators who want to provision app usage based on appropriate needs and exercise risk- appropriate controls.
  • Auto Classification: The new Auto Classification feature automatically classifies any new app as soon as it is detected in the environment. CloudLock admins now have the ability to control the classification of new apps proactively, rather than waiting for an app to be installed in order to classify the application.
  • Enhanced App Revoke Controls: Increased functionality around app revocation now allows CloudLock admins to apply the same level of granularity to the revoke process as the provisioning process. It is now possible to whitelist, as well as blacklist, specific third-party apps based on specific users, OUs, and/or domains.


June 2014

CloudLock for Google Apps

The Compliance Exclusions feature provides the ability to implement compliance exclusions in Collaboration Security, allowing you to tailor your compliance policies to only those files deemed sensitive.

Compliance exclusions refers to the ability to implement a custom regular expression (regex) that compliance scan will explicitly ignore when evaluating the respective policy. This functionality provides the added benefit of reducing false positives.

CloudLock Collaboration Security Compliance Exclusions

May 2014

End-User Actions

In May we rolled out a great people-centric security feature in Collaboration Security around user actions. The End-User Action feature provides users with the ability to revoke sharing on a file that is flagged by a policy from within a policy notification email.

After enabling this feature an organization’s policy(s), upon a flagged policy violation the user experiences the following:

  • The user is sent an email that includes a list of the offending file and a link pointing to a location where they can go to remedy the violation(s)
  • Upon clicking the link, the user is redirected to a new page within their web browser and selects the appropriate action for each file and submits the changes

With this action, the file permissions are modified accordingly, bringing the file back into compliance with the organization’s acceptable use policies (AUP).


March 27, 2014

CloudLock Apps Firewall – Support for classification by OU(s), User(s), and Subdomain(s)

CloudLock expanded its classification and control functionality within its Apps Firewall product, making it possible for organizations to audit and whitelist/blacklist third party OAUTH applications on the following:

  • User level
  • Subdomain and
  • Organizational unit basis

Apps Firewall Classification OU User Subdomain


Read More about OU, User, and Subdomain Support on our blog here.


January 18, 2014

CloudLock Collaboration Security

  • New Policy Action – Remove All Sharing. Collaboration Security Policy Engine now allows administrators to implement a policy that will remove all the Access Control List (ACLs) on the document besides the owner.
  • Usability Enhancement – “Everyone sharing “has been renamed to the more descriptive “Domain Wide”

What's New Remove All Sharing


January 8, 2014

CloudLock Collaboration Security – Audit Log Export Enhancements

  • Search details added to the audit log export – the audit log export now contains the full details of the search (keyword, ownership, date opened, doc id, etc.). This applies to csv, spreadsheet, SIEM and scheduled exports
  • Exports are now recorded as an entry in the audit log for every export

What's New Collaboration Security Audit Log Exports

2013 CloudLock Releases

December 13, 2013

CloudLock Apps Firewall – Top 5 Trusted and Banned Apps and User Search

Apps Firewall is now enhanced with the following features:

  • Top 5 Trusted and Banned Apps list – available directly on the Apps Firewall dashboard
  • User Search – enables a customer to quickly find and view a specific user’s page, along with that user’s Apps list

What's New Apps Firewall Dashboard


November 20, 2013

CloudLock Collaboration Security – Compound Policies and Folder Awareness

We are pleased to release the following features in Collaboration Security:

  • Compound Policies: It is now possible to combine the pattern detection of Compliance Scan (PCI, PII, and custom regular expression identification) with keyword-driven content scan.
  • Folder Awareness: You can now view the contents of domain-owned folders, allowing Administrators to see the underlying content.
  • Usability Enhancement: Internal Exposure has been renamed to the more descriptive Domain Wide Exposure

Check out the blog post for more details.


October 23, 2013

CloudLock Collaboration Security – New Features

  • Search by Doc ID: Allow for searching by document ids
  • SIEM Enhancements: Specify which user receives scheduled SIEM exports

Check out the blog post for additional details on the significance of these features as well as instructions on where to find them.


October 15, 2013

CloudLock Apps Firewall – Policy Notifications

We have made the following improvements to the Policy Notifications within Apps Firewall:

  • There is a new Settings area for Policy Notifications, which allows you to enable or disable email notifications when access to an app is revoked. The configured email notification is sent to affected users when a banned app is auto-revoked by Apps Firewall.
  • The same configured email template is used, and can be modified at the time you manually revoke app access.
  • To include your organization’s logo within the notification email, check “Use Logo” at the bottom of the General Settings area.
  • The email notification that is sent to the end user displays your organization’s logo and contains the configured message.

For more details read our blog.


September 4, 2013

CloudLock Collaboration Security – Data Classification

CloudLock Collaboration Security now allows for tagging of files that violate a policy in the Google Apps domain. Administrators can configure policies to automatically tag flagged files with a per-policy, custom tag value.

This enables both administrators and end users to easily find any file that violates a policy, understand which policy that file violates, and then take action to remediate the policy violation.

With Data Classification through file tagging, you can:

  • Specify an account that creates and owns the tags (like a dedicated, non-user system account)
  • Create custom tags in the Policy Actions section of policy configuration
  • Allow end users to view tagged files they own in a separate folder in their Google Drive

What's New Data Classification

Join the CloudLock Customer Community to share tips and tricks, interact with other customers, and stay up to date with CloudLock news and releases.


August 22, 2013

CloudLock Apps Firewall – Classification for Marketplace Apps

CloudLock Apps Firewall now allows administrators to identify and classify Marketplace apps. CloudLock Apps Firewall also identifies and displays App Access Scopes so that you can have a clearer understanding of exactly what data an app has access to, and therefore identify any risk involved in allowing the app to access data on your domain.

Here is what you can do:

  • Click the Marketplace Apps tab at the top of the Apps Firewall interface
  • Filter Marketplace apps based on their classifications and Access Scopes
  • Bulk classify apps
  • Export the list of apps to CSV or a spreadsheet
Join the CloudLock Customer Community to share tips and tricks, interact with other customers, and stay up to date with CloudLock news and releases.

 What's New Apps Firewall Marketplace Apps Dashboard


July 11, 2013

CloudLock Apps Firewall – Support for Mobile Apps

Mobile Apps are now clearly marked in the CloudLock Apps Firewall Apps List. This enables administrators to understand whether users are installing 3rd party apps from mobile devices such as iPhones, Android Devices and tablets.

What's New Apps Firewall Mobile Apps


July 9, 2013
CloudLock Collaboration Security – SIEM Integration
  • New export feature in CloudLock Collaboration Security allows customers to import data into SIEM (security incident event management) software
  • Export is available in Common Event Format (CEF)
  • The export can run either automatically as a new export/report or manually from the Audit Log

Automated exports:

What's New SIEM Integration Automated ExportManual report via the Audit Log:

What's New SIEM Integration Manual Export


July 2, 2013

CloudLock Collaboration Security – Undo

Undo functionality is available for bulk operations. CloudLock administrators can initiate the Undo functionality directly from the Audit Log. This is how:

  • Reports > Audit Log
  • Choose the action to Undo
  • Click the ‘Undo’ button

What's New Undo

Undo is available for the following actions:

  • Transfer ownership
  • Remove collaborators
  • Remove public or external sharing

Undo functionality is available for bulk operations. Making a mistake in a bulk operation could result in hours upon hours of reversing actions performed on hundreds and thousands of files. CloudLock administrators save hours by initiating the Undo functionality.

Note: Undo is not available for file copy operations.


June 6, 2013

Cloudlock Collaboration Security – Compliance Scan in the Policy Engine now supports Regular Expressions

When defining policies to detect and secure sensitive information, you can now specify regular expressions directly in the Policy Engine:

  • Check the Compliance Scan option
  • Select ‘Regex’ from the drop down list
  • Specify your Regular Expression
  • Save the policy

What's New Regex Search

Regular Expressions provide a powerful way to search for patterns which might suggest the presence of PII/PCI data within your organization’s documents in Google Drive (Docs). These could include: various IDs, passport numbers, phone numbers, IBAN numbers, patents, product SKUs and so on.


May 22, 2013

CloudLock Apps Firewall – Compliance Automation

Auto Revoke for Banned 3rd Party Applications: CloudLock Apps Firewall for Google Apps now allows compliance automation for banned 3rd party apps. Apps Firewall can be configured to automatically revoke 3rd party apps that have been classified as banned.


  1. In the Settings menu, select ‘Scan Settings’
  2. Check ‘Activate Auto Revoke’
  3. Classify Applications
  4. Next time the scan runs, banned applications will be revoked

What's New Apps Firewall Auto Revoke

All applications that were flagged as banned will no longer be authorized to access your domain. The revoke actions are tracked in the audit log.


May 3, 2013

CloudLock Collaboration Security – Compliance Scan for Social Security Numbers is now available in the Policy Engine.

When defining policies to detect and secure sensitive information, you can also search for Social Security Numbers directly from the Policy Engine:

  • Check the Compliance Scan option
  • Select ‘Social Security Numbers’ from the drop down list
  • Save the policy

What's New SSN Policy Engine


April 30, 2013

CloudLock Collaboration Security

FastScan Technology

Reduces scan times for CloudLock Collaboration Security by more than 50% (depending upon environment), allowing for analysis of only incremental changes to a Google Apps environment secured with CloudLock.

Compliance Automation

CloudLock’s Collaboration Security Policy Engine now provides automated actions based on document sharing settings:

1.  Check Remove Sharing:

  • Remove Public Sharing
  • Remove External Sharing
  • Remove Domain Wide Sharing

2.  Automated actions are logged in the audit log
3.  Email notifications are sent to reflect the action taken

What's New Policy Actions

Note: We recommend running a policy without automated actions enabled once to see how many files and sites would be affected, THEN add the automated actions.

Compliance Scan – Support for MS Office Documents

CloudLock Collaboration Security Compliance Scan now detects PCI and PII information in the following MS document types: Word, Excel, PowerPoint 2007 or newer

Compliance Scan – Improvements in Social Security Number Detection

Enhancements have been made to CloudLock’s Compliance Scan to more accurately identify and flag files containing Social Security Numbers.


April 19, 2013

CloudLock Collaboration Security – PCI Compliance Scan

PCI Compliance scanning is now integrated with CloudLock’s Security Policy Engine. Organizations can create automated policies to identify, notify, and track documents containing credit card information.

What's New CloudLock Collaboration Security Policy Engine PCI Violation

To enable a PCI Policy use the following steps:

  1. Click on Policy Engine
  2. Create a new policy and give it a meaningful name
  3. Check the option “Flag Documents that contain Credit Card Numbers”
  4. Enter any additional criteria to complete your policy

What's New Collaboration Security Policy Engine Compliance Scan


April 11, 2013

CloudLock Apps Firewall: Subdomain Support

CloudLock Apps Firewall now has full subdomain support. We now scan the primary and all the subdomains.


April 2, 2013

CloudLock Collaboration Security: Scan Summary Report is now “Management Friendly”

The CloudLock scan summary email now looks similar to the centralized dashboard, highlighting the changes in the environment:

What's New Collaboration Security Scan Summary

The new scan summary email:

  • Includes details on the state of the Google Drive/Docs environment highlighting changes from the previous scan
  • Outlines user information and presents changes in exposure levels, external collaboration, and user counts
  • Is similar in look and feel to user policy notifications
  • Provides direct links to the CloudLock environment


March 6, 2013

CloudLock Apps Firewall: Community Trust Rating

CloudLock Apps Firewall now shows a Community Trust Rating for apps to help businesses evaluate which third party applications should be granted access to employee data. By showing the percentage of CloudLock customers that have classified each application as “trusted” or “banned,” enterprises can better determine which apps to embrace and promote, and which apps are not appropriate for the corporate domain.

What's New Community Trust Rating

The Community Trust Rating, is included in the Apps Firewall dashboard and shows the percentage of all CloudLock customers that have classified each application as “trusted” or “banned”. This crowdsourcing technology allows enterprises to easily gauge whether specific add-ons are acceptable for corporate use based on application access scopes as well as ratings from similar organizations.

Note: when using this feature for the first time, please run a scan first.


February 13, 2013

CloudLock Apps Firewall: Finding Google Drive Users

CloudLock Apps Firewall now lets domain administrators drill down into Google Drive users for immediate visibility. See which users and admins have the Google Drive Client installed:

What's New Google Drive Client Installed

From the Google Drive Client Adoption graph in the CloudLock Apps Firewall Dashboard, you can now click on admins and users to see a report showing who has the client installed:

What's New Google Drive Users

CloudLock Apps Firewall: Scan Up To 50,000 Employees
Continuing our commitment to the largest Google Apps customers in the world, CloudLock Apps Firewall can now scan 50,000 employees.


2012 CloudLock Releases

December 16, 2012

CloudLock Apps Firewall: Revoke Apps Access

CloudLock Apps Firewall now lets domain administrators revoke unapproved applications domain wide for specified apps, or for a specified user.


  1. Select the app(s) to be revoked
  2. Choose <Revoke Application>
  3. Check the audit log and continue with domain monitoring

What's New Apps Firewall Revoke

Additional Apps Firewall enhancements include:

  • OU Based Scan – Organizations can configure Apps Firewall to scan some organizational units
  • Number of App Installs – This number (in addition to the number of unique apps) shows how many applications are installed domain wide
  • Scheduled Scans – Apps Firewall scans can now be scheduled


December 11th

Collaboration Security: Removing External Domains

CloudLock Collaboration Security now allows customers to specify external domains that should not have access to selected files (ex: hotmail.com, gmail.com) and removes users from these domains from the document access list.

To remove external domain(s):

  1. Select the relevant documents
  2. Click Sharing Settings >> Remove External Domain
  3. Within the dialog box, specify the domain(s) you would like to remove
  4. Click the ‘Remove Domains’ button and check the audit log for confirmation

What's New Remove External Domains

 Note: Transfer Ownership function has been relocated to the More Actions

What's New Transfer Ownership More Actions


November 27th

CloudLock Collaboration Security: Policy Engine – Time Based Policies 

CloudLock Security Policy Management now allows time-based criteria when defining policies.

When you define a new policy or update an existing one, you can include time-based criteria. To add time-based criteria:

  1. Check the Time Criteria check box
  2. Select whether the policy should cover data that ‘has’ or “has NOT’ been modified
  3. Indicate the time interval, which can be specified in days, weeks, months, or years

What's New Time Based Policies


October 22nd

CloudLock Apps Firewall

CloudLock Apps Firewall lets organizations establish enterprise-class cloud security practices controlling corporate information 3rd party consumer Apps, authorized by end users, can access:

  • Discover – Automatically detect all apps granted access in the domain
  • Classify – Allow or ban apps based on their risk profile
  • Remediate – Take action to secure your domain by revoking unapproved apps and notifying associated users
  • Monitor – Continuously monitor the environment for new apps that are added to the domain

What's New Apps Firewall

CloudLock Apps Firewall is designed to allow users the freedom and flexibility to perform their daily tasks while providing IT with the visibility and control to enforce the Approved Application Policy (AAP).


August 14th

Scanning Suspended Accounts

CloudLock will now scan and report on suspended Google accounts. Because of this update:

  1. You will now see accurate file counts and storage usage for suspended accounts
  2. You may see a sudden increase in document counts shown in various reports, as documents owned by suspended accounts that are NOT shared with any active accounts will now be detected.

What's New Suspended Users Docs

CloudLock now shows documents owned by suspended accounts, even if they are not shared.


July 24th

Policy Engine Templates

Policy Engine Templates are available directly in the Policy Engine interface and give users a set of easy-to-use best practices to effectively set up the following policies:

  • Collaboration Blacklist – This policy will flag any data that is shared with users at any other specified domain (for example: competitor.com).
  • Collaboration Report – This policy will track the collaboration between two internal OU’s.
  • Trusted External Sharing – Flags data that is owned by one OU (for example: the ENG organizational unit), when it is shared publicly or externally, with the exception of one friendly domain (in this example: google.com).
  • Restricted Collaboration – Flags any data that is owned by the organization and contains the keyword “timeout”, when it is shared with users in a specific domain (SomeDomain.com).
  • Intellectual Property Protection – This policy flags files that contain intellectual property and are shared publicly or externally.
  • HR – Flags files that contain sensitive HR information and are shared across the entire organization.
  • Objectionable Content – Flags obscene content.

The new policy engine templates are available directly from the Policy Engine page:

What's New Policy List Templates


July 3rd

Groups Support

Groups support allows the Google Apps Domain Administrator to limit CloudLock scans to specific groups. This feature specifically addresses a Google Apps for Higher Education requirement to be able to segregate staff and faculty groups from students.

Step #1: Check for the groups you have created in the Google Administrative panel

What's New Groups Support

Step #2: In CloudLock, limit the scan to desired groups only:

  1. In the Settings interface select Scan Settings
  2. Check “Scan selected groups only”
  3. Identify which group or groups to scan. Groups can be identified by either group name or group email

What's New Scan Settings Selected Groups Only

Note: this feature can also be useful for enterprises as an ad-hoc tool to scan a specific group for troubleshooting and investigative purposes.


June 26th

Policy Engine Notifications

CloudLock’s content-aware policy engine can now send alerts when policies are violated. This feature allows administrators to delegate security to data owners and end-users when their documents violate policies, and sends an email summary of all data flagged by the policy.

What's New Define Policy Actions

Each policy can be set to send one or both of the following notifications:

  • Data Owners. Email data owners a listing of their documents and or sites flagged by the specified policy. Now data owners can be responsible for documents they own.
  • Policy Notification Summary. Email a summary of all data flagged by the specified policy. This allows easy and quick visibility into all documents and sites flagged by each policy.

Each notification type lets the administrator define the recipients, subject, and body of the email. Scheduling for email notifications is done in the global settings area for all policies: Settings > Policy Engine Settings


June 12th

Introducing CloudLock Compliance Scan

Today we’ve announced the industry’s-first pattern matching engine that identifies, classifies, and secures very sensitive information including Personally Identifiable Information (PII) like Social Security Numbers, PCI data like Credit Card Numbers, and any custom regular expressions, allowing Google Apps customers to address auditing and compliance requirements in Google Drive (Docs).

CloudLock Compliance Scan is currently in beta. If you’d like to see it, let us know here.

Once enabled, CloudLock Compliance Scan appears as an option in the “More Actions” menu in the document browser.

What's New Compliance Scan in Documents Browser

The Compliance Scan lets you search for:

  • Social Security Numbers
  • Credit Card Numbers
  • Custom Patterns with Regular Expression Searches

What's New Compliance Scan Select Dropdown

When the scan completes, a report classifies documents by status:

  •  – Pattern found
  •  – Scan error – document was not scanned
  •  – Unsupported document format, not scanned

What's New Documents Browser

All Compliance Scans and actions are recorded in the immutable audit log.

What's New Log Browser Scan Results

Additional Resources

The following guides illustrate how organizations using Google Docs and Drive can find, classify, and protect PII and PCI data:


May 29th

Sorting and drill-down updates

The last updated column in the documents list is now sortable. CloudLock users can now sort documents by last update to:

  • See what new documents have been updated recently
  • See which files shared externally have been updated recently

What's New Last Update Sorting

The CloudLock dashboard now shows non-native files as a percentage of all documents, and users can drill-down to view all non-native Google Apps files.

What's New Non Native Files


April 16th

Filter documents by search criteria in CloudLock’s Security Policy Engine

Users can search by:

  • Document Metadata – Search by document name, owner, shared with, and creation and modification dates
  • Document Content – Content search is available for all native Google Docs documents  including documents, presentations, and spreadsheets, as well as MS Office files and PDFs
  • Multiple Criteria – The advanced Security Policy Engine allows you to search on multiple criteria for each policy you define

How it Works

When you define an acceptable use policy for your organization, you can specify the additional filter criteria as you define your policy.

What's New Content Filter Security Policy Engine

Content-aware policies are available in CloudLock’s Enterprise Edition. To learn more about content-aware policies or to get a demo, please fill out the form here.


February 22nd

What's New User Quota Reporting

In this release:

Storage Quota Reporting: We’ve just released storage quota reporting in CloudLock which includes:

  • A storage graph next to each user in the users list to show quota usage
  • Hovers on the users list giving a more detailed breakdown
  • A detailed graph on each individual user’s page with storage usage broken down by
    • How much is used by google docs
    • How much is used by non-google doc types
    • How much is in the trash,
    • How much is free
  • A new size column on doc lists (both the user’s list and the regular doc list)
  • Filtering on the users list by percentage of storage used
  • Exports with extra columns for storage information

Experience a Live Demo

See Cisco Cloudlock in action from one of our cloud security experts

Browser Not Supported

Your browser version is outdated.

We would recommend you upgrade to a recent version to ensure that you have a good experience on the CloudLock site. Outdated browsers also increase your security risk. So please update your browser and come back later!

Click on the icon below to download the latest version of your browser