Foundry provides many ways to limit a user’s ability to download data. These controls should be used in conjunction with other security and data protection strategies.
Foundry enables you to control user ability to download data in order to limit the unauthorized transfer or re-purposing of data. Since customers maintain responsibility over their data, who can access it, and how it is used as part of the shared security responsibility model, it is important to understand the benefits and limitations of download controls.
A download is an action a user can take in a platform to transfer data to their local machine. Typically, this involves selecting an Export or Download button within Foundry. For example, you can right-click on a dataset in a folder and choose Download as CSV in the Actions menu, download data with the Export board in Contour, and export objects to Excel or CSV in a Workshop application.
Depending on your organization’s data governance requirements and policies, it might be helpful to limit which users can download certain data from Foundry. If users do not need to download data, limiting their ability to perform download actions can better uphold principles of least privilege and further guard against inadvertent data spills.
Downloads are just one type of action a user can take to transfer data from the platform. Automated exports, calls to external systems, and webhooks are all methods of exporting data directly to another system, and they each have their own controls. It is worthwhile to note that copying to clipboard, taking a screenshot, or printing a browser page are other actions that could also be understood as data transfers out of the platform.
As such, restricting downloads alone will not protect against all forms of data transfer and repurposing. Download controls should always be coupled with other strategies, like implementing least-privilege access controls, ensuring data governance oversight, and monitoring audit logs.
Foundry offers several capabilities to control and improve awareness around when downloads occur in the platform. While each feature has its limitations, when used in combination they provide a defense-in-depth approach that enables better control over download actions in Foundry.
Discoverer role that does not include the ability to perform download operations on a specific resource. However, you may also create custom roles that remove download-related workflows while preserving more privileged operations on that resource. Learn more in the section below.Roles are collections of permissions that define specific workflows that users can perform in the platform. Out of the default roles in Foundry, users with the Viewer, Editor, or Owner role on a resource are authorized to perform download actions on that resource. Only the Discoverer role lacks download operations and is generally granted if a user should not be able to view and download data.
In more advanced use cases, if users require additional privileges beyond the scope of the Discoverer role but are not authorized to download data, you can create a custom role based on an existing role to restrict specific operations that allow downloading data.
Limitation: Not all download actions in Foundry are governed by roles. Fore example, downloading SAML metadata is managed in Control Panel.
Checkpoints require users to acknowledge or justify sensitive actions within Foundry and may be used to remind users of organizational policies before taking an action in the platform. To enable checkpoints for downloads, create a checkpoint configuration for all checkpoint types in the Download category. These checkpoint types typically include the word “Export” in their name (For example, Notepad Export).
Checkpoints can be set up to remind users of any organizational or governance policies regarding downloads. You can explicitly require users to acknowledge this policy or provide a justification for why a data download might be required. Enabling checkpoints for downloads helps ensure that downloads are intentional actions; it further lessens the risk of users inadvertently triggering a download action in the platform.
In addition, the Checkpoints application enables you to review submitted checkpoint records for download actions. This can provide data governance users with real-time information of downloads actions triggered across the platform.
Limitation: Not all download actions in Foundry are covered by a checkpoint.
Cipher enables you to obfuscate sensitive information by default, while still enabling its use in analytical or operational applications in Foundry. Obfuscating sensitive data by default can limit the repurposing of that data if accidentally downloaded, as downloaded Cipher-encrypted data will be saved in its encrypted form. Only users with the appropriate permissions on the algorithm keys are able to reveal Cipher-encrypted information within Foundry. Cipher uses standard encryption algorithms for obfuscation. Review the Cipher documentation for more information on algorithm selection to understand the benefits and limitations of each available algorithm.
Limitation: Not all downloadable information can be encrypted with Cipher. Only values in datasets and objects can be encrypted.
Audit logs enable auditors to retrospectively understand what actions users have taken in Foundry. The dataExport audit category encompasses download actions in the platform. Review the monitoring audit logs documentation for more information on how to leverage these logs to monitor downloads and other related events from the platform.