Learn how to discover and prevent the leakage of customer information as well as secrets, credentials, and other business-critical data within Asana. In this guide you will learn:
- What data loss prevention (DLP) is and how it works.
- How the risk of sensitive data proliferation increases within SaaS applications like Asana and how this can negatively impact compliance efforts.
- The importance of single pane of glass solutions that scan for sensitive data exposure within Asana projects, tasks, file attachments, comments, and text fields.
- The key features of Nightfall DLP for Asana and how you can get started.
Read this online guide, for free, to learn about the problem of data exposure in Asana and how to ensure compliance with HIPAA, PCI, and other leading industry standards while storing sensitive data in Asana. You can also download this guide here.
Data leakage in context of Asana
Today, more than 130,000 organizations use Asana for project management and communication. As such, Asana is a high-volume collaboration tool where some of the world’s largest organizations store unstructured sensitive data about a wide variety of topics that may include proprietary information like source code, personal information for customers & employees, secrets and credentials for private systems, and more. In order to address this potential risk, organizations need to educate employees about what information can safely be shared in Asana, via a detailed data security policy that can be enforced with tools like Cloud DLP.
What can contribute to data exposure risk in Asana?
SaaS applications like Asana allow for collaboration between a multitude of users. However, this high volume of activity, combined with the always-on nature of SaaS systems, can increase the risk that data security best practices aren’t followed. This can result in PII, credentials, secrets, and other sensitive information being exposed to the wrong parties. To better understand how these attributes of SaaS applications interact to impact data security risk, watch the following video.
Always-on SaaS environments like Asana present unique challenges for ensuring infosec best practices are followed. Without the proper tools, security teams lack visibility into the types of sensitive data stored or shared in Asana Projects, including within images, documents, and other types of file attachments. This can make it difficult to audit for compliance or data exposure risk. Employees may also add third-party integrations or bots with read and/or write privileges that can add or access data in Asana.
Additionally, organizations may lack dedicated stakeholders explicitly responsible for understanding how security policies and best practices should inform Asana security settings. Including authentication settings, guest account settings, deprovisioning processes, and default content privacy settings. This necessitates that security teams have access to tools that provide the visibility to see what data is shared within Asana.
What are the consequences of data exposure risks?
- Historical Data Compliance violations. Without knowledge of what employees have shared and are storing in Asana, it’s difficult to validate organizational compliance posture for industry regulations like HIPAA, PCI DSS, and more.
- Privilege escalation risk. In addition to compliance violations, security teams need to validate that secrets, credentials, and data that can be used to access other accounts/environments are not being stored in Asana.
Best practices for protecting sensitive data in Asana?
1. Identify engaged stakeholders who are Asana experts and make sensitive data protection in Asana a top priority by using security and compliance policies to determine the appropriate security configurations and user best practices.
2. Implement the appropriate security & privacy configurations for your Asana instance based on your compliance and security policies (multifactor authentication, team privacy settings, SSO, etc.) and ensure employees are educated on the importance of maintaining these configurations.
3. Invest in technologies like cloud data loss prevention (DLP) to enforce consistent sensitive data protection policies across all your cloud applications from a centralized product. DLP can also streamline Asana security across orgs to discover sensitive data, enforce protection controls and continually meet compliance requirements.
What is Data Loss Prevention (DLP)?
DLP ensures confidential or sensitive information (like credit card numbers, PII, and API keys) isn’t shared within Asana by scanning for content within messages and files that break predefined policies.
DLP is important for both security and compliance reasons. With DLP in place, you’ll be able to:
- Protect users from accidentally or intentionally sharing sensitive information.
- Train and coach users on your data sharing policies.
- Ensure compliance with HIPAA, PCI, GDPR, and more.
- Reduce manual time spent reviewing sensitive data that might lead to incidental data exposure in Asana.
How does Asana benefit from DLP?
High-volume, collaborative SaaS applications like Asana, with enormous amounts of sensitive data, create environments where data privacy and security best practices are difficult to maintain or enforce without an excessive time or resource commitment. Data loss prevention helps provides companies with a feasible alternative to address this problem by automating the detection of data policy violations.
Does Asana have DLP functionality built-in?
No. Nightfall is the first and only DLP solution available today within the Asana ecosystem.
How do I implement DLP in Asana?
Grant access to your Asana org via OAuth 2.0. Nightfall’s API based integration can start scanning selected objects in seconds. No additional set up, tuning, or installed agents are required.
What is Nightfall DLP?
Nightfall is a platform to discover, classify and protect sensitive data across cloud SaaS & cloud infrastructure.
- Nightfall supports compliance efforts with a number of industry standards like PCI DSS, GDPR, HIPAA, CCPA, and much more.
- Nightfall works by continuously monitoring data flowing in and out of data silos and classifying that data with machine learning. Data marked as sensitive can be automatically quarantined, deleted, and redacted with workflows.
- Nightfall integrates with Asana via API, so you can get started immediately. Start in minutes and tell Nightfall which files or folders to scan in real-time for PII, PHI, PCI, API keys, and more.
How does Nightfall work?
- Discover: Continuously monitor sensitive data that is flowing into and out of Asana via comments, fields, and objects.
- Classify: Machine learning classifies your sensitive data & PII automatically, without prior tuning or tagging, so nothing gets missed.
- Protect: Take manual actions or setup automated DLP workflows for quarantines, deletions, alerts, and more – saving you time and keeping your business safe.
Key Benefits of Nightfall
- Install in minutes – no setup, tuning, or agents required.
- Leverage pre-trained, standard detectors out of the box for PII, PHI, PCI, credentials & secrets, and more.
- Customize Nightfall detectors and build your own detectors.
- Apply policies with a high level of granularity to individual tasks in projects
- Real-time alerts directly in Slack for ease of use.
- Integrate with multiple SaaS applications like Google Drive, Jira, and GitHub, and use the same detection settings across them.
- Enterprise-grade security including TLS and AES256 encryption and SOC 2 Type compliance. Nightfall also fits in your security workflow by integrating with products like your SIEM, issue tracking, and more.
Detailed Help Center, high-touch support, and dedicated customer success manager.
What does Nightfall DLP detect in Asana?
- DLP solutions should be equipped to scan a broad set of data types, including personally identifiable information (PII), protected health information (PHI), Finance and payment card information (PCI), Health, Networking, Credentials & Secrets (API keys, cryptographic keys), and more.
- Nightfall comes with pre-built detectors out of the box that cover a comprehensive set of data types, industries, and geographies.
- Nightfall provides the ability to add in custom detectors, rules, keywords, and regexes as well.Review our list of Detectors and learn more about them in our Help Center.
Does Nightfall DLP for Asana scan files too?
Nightfall supports a broad set of file types including but not limited to xls/xlsx, doc/docx, csv, plain text, ppt/pptx, PDF, HTML, and more.