Enterprise Sharing and Governance

Objective

This guide provides instructions on how to use VoltShare’s enterprise features for compliance and governance. There are four main aspects that will be covered here:

  1. Creating a new teams account and add users (with SSO option)
  2. Setting up policy overrides to restrict what your enterprise users can do with the tool
  3. Setting up alerts for abnormal activity to Slack
  4. Visibility through audit logs

Create a Teams Account

Step 1: Download the VoltShare application from the VoltShare Downloads page.

Step 2: Install the application as per the following guidelines:

  • macOS - Drag the downloaded application to the Applications folder
  • Windows - Run the downloaded installer
  • For Linux, the application is pre-compiled (for Ubuntu) and ready to use

The following sample image shows installation on the macOS:

image13
Figure: VoltShare Installation

Step 3: Once you install the app, you will be prompted to sign-in and/or sign-up. Press the option of sign-up under Teams and it will launch your web browser for the sign-up process.

image16
Figure: VoltShare Sign-up

To create a new team’s account with Volterra, you may get prompted to provide an invitation code. To request an invitation code please go to https://www.volterra.io/company/contact-us and fill-up the form or alternatively send us an email at sales@volterra.io to request an invitation code.

image17
Figure: VoltShare Team Account Creation

Step 4: Choose a tenant name as part of the tenant creation. This example shows a new tenant named acmecorp. Continue with the rest of the sign-up process to complete the process.

image4
Figure: VoltShare Tenant Creation

Step 5: Once you are signed up as an admin of the tenant, login to Volterra SaaS portal. Navigate the dashboard and select IAM on the left configuration menu and Users in the options. Click Add user. This example shows adding two users with default role:

  • User: Ankur Singla with email address: asingla@ves.io
  • User: Marco Rodrigues with email address: marco@ves.io

image11
Figure: Add Users to Tenant

image5
Figure: Tenant User List

Note: Instead of configuring users manually, you can also configure SSO by following the integration guides for Azure Active Directory and G-suite in Integrations.

Step 6: Your team members receive email with instructions to set up their passwords. Notify your users to download VoltShare application and sign-in with their credentials.


Governance Policy

Step 1: The admin user can configure governance policies to control the VoltShare app user actions. On the Volterra portal, select VoltShare on the left navigation bar in the dashboard and select Admin policies in options. Click Add VoltShare admin policy. This examples sets the following controls:

  1. Decryption duration restricted to less than 30 days (2592000s)
  2. Sharing any encrypted data outside the organization

image7
Figure: VoltShare Admin Policy Configuration


Alerts to Slack

Step 1: The admin user can configure alerts for any abnormal activity to be redirected to their Slack channel. On the Volterra portal, select Manage on the left navigation menu and select Alert Config -> Alert Policy Sets in the options. Click Add alert policy set, enter a name for the policy set, and apply a policy object using the Select policy object option.

image18
Figure: Alert Policy Set Creation

Click Add new Alert Policies and add a policy.

image8
Figure: Alert Policy Creation

Step 2: Enter a name for the alert policy and create a receiver object as shown in the following example:

image9
Figure: Alert Receiver Creation

Step 3: Create a new receiver and provide the webhook URL corresponding to the #alert-testing channel. Encode the URL as Base64 string and add as shown in the following example image:

Note: You will need to configure the Slack API to enable Webhooks. To do this, follow the instructions in the Slack guide for webhooks.
Once you enable Webhooks, you will receive a Webhooks URL that you can encode.

image10
Figure: Receiver Webhook Configuration

Step 4: After setting up the Slack channel as the receiver, you can set up the policy rule to match on a group. Select Voltshare as the group and set the action to Send to send it to the channel.

image14
Figure: Alert Policy Rules

This completes setting up the VoltShare alerts with Slack. If any encryption or decryption attempts cross a certain threshold, the alert is posted in the configured slack channel.


Sharing and Storing

VoltShare app can be used by all your enterprise users with the constraints defined in your governance policy. The application prevents users from violating the policy for both encryption and decryption of data. Even though the application is very simple to use, the one nuance is that during definition of the “Encrypt Policy” in the VoltShare app, you have to add the right tenant name as part of providing the identity of the user(s) as shown below. You can also read the how-to guide to securely store and share.

image3
Figure: Encrypt Policy For Team

image6
Figure: Encrypt Policy for Individual User


Audit Logs

Audit logs are useful for compliance purposes, post-mortem, and general day-to-day visibility. If an alert is triggered, the IT administrator can log into the tool and debug the problem.

Step 1: Configuring VoltShare alerts for Slack posts the alerts in your Slack channel for violations of the defined governance policies. This example shows the alert triggered at 5:22pm in Slack channel as per the alert configuration in the Alerts to Slack chapter.

image15
Figure: VoltShare Alerts in Slack Channel

Step 2: Upon receiving the alert, login to the Volterra portal and navigate to VoltShare->Requests. Select the time frame to match the alert time and investigate the activity as shown in the following example:

image2
Figure: Volterra Request Monitor


Concepts