Enterprise Sharing and Governance

Objective

This guide provides instructions on how to use VoltShare’s enterprise features for compliance and governance. There are four main aspects that will be covered:

  1. Creating a new Teams account and adding users (with SSO option)
  2. Setting up policy overrides to restrict what your enterprise users can do with the tool
  3. Setting up alerts for abnormal activity to send to Slack
  4. Visibility through audit logs

Create a Teams Account

VoltShare enables you to encrypt and decrypt information using a Teams account. For initial configuration, you need admin rights for an enterprise tenant.

Step 1: Download VoltShare.
Step 2: Install VoltShare.
  • For Apple macOS users:

    • Navigate to the application .dmg file and double-click it to run the installer.
    • Drag VoltShare.app to your Applications folder.
      drag app macos
      Figure: VoltShare Installation
  • For Microsoft Windows users:

    • Navigate to the application .exe file and double-click it to run the installer.
  • For Linux-based distributions, the application file is pre-compiled and ready to use.
Step 3: Sign-in to VoltShare.

After you install VoltShare, you will be prompted to sign-in. If you are a first-time user, you will be prompted to sign-up.

  • When you open VoltShare for the first time:

    • Click Next to view different features. Or click Skip to go straight to the sign-up process.
  • If you are a first-time user:

    • Click For Teams.
      for teams signup
      Figure: Initial Signup for Teams
    • Click Sign Up.
    • Follow the instructions to complete the sign-up process.
      voltshare signup
      Figure: Initial Signup for Teams
  • If you already have a Volterra account and enterprise tenant:

    • Click For Teams.
    • In the my-domain.console.ves.volterra.io field, enter the name of your enterprise tenant. This example uses “treino.”
      my domain enter
      Figure: Enterprise Tenant Example
    • Click Next.
    • Enter the email and password used for your enterprise tenant.
    • Click Log In.
      signin tenant voltshare
      Figure: Enterprise Tenant Example

Note: You may be prompted to provide an invitation code when you initially create a new Teams account with Volterra. To request an invitation code, go to https://www.volterra.io/company/contact-us and fill in the form. Alternatively, you can send Volterra an email at sales@volterra.io to request an invitation code.

  • Log into VoltConsole and navigate to the General namespace.
  • Click IAM -> Users -> Add user.
  • In the form fields, select a User Type, add your email, and fill in the other fields.
    add new user form
    Figure: Add New User Form
  • Optionally, assign roles and namespaces to the new user with Assign roles and namespaces.
  • After you finish, click Send Invite. This action triggers an email with set up instructions to the new user that was created.
  • Notify all new users added that they need to download the VoltShare application and sign-in with their credentials.

Note: Instead of configuring users manually, you can also configure single sign-on (SSO) by following the integration guides for Azure Active Directory or Google Workspace in User Management.


Configure Governance Policy for Users

The enterprise tenant admin can configure governance policies to control VoltShare messaging for individual users and teams.

Step 1: Configure governance policy in VoltConsole.
  • Navigate to the System Namespace in VoltConsole.
  • Click VoltShare -> Admin Policies -> Add VoltShare admin policy.
    add enter admin policy
    Figure: Add VoltShare admin policy
  • In the Metadata section, enter a name. Optionally, you can select a label and enter a description.
  • In the VoltShare Admin Policy section, enter a value that corresponds to the amount of time a secret message is valid. You must enter a numeric value that ends with s, m, or h.

Note: s stands for seconds. m stands for minutes. h stands for hours. In this example, 720h stands for 720 hours that any secret message is valid for.

configure max time duration
Figure: Add VoltShare admin policy

  • Under User Encryption Policy, click Configure to add or delete users from using VoltShare.
  • To add all users or a list of users, select your option from the Select Users to Allow drop-down menu.
    user encrypt policy
    Figure: User Encryption Policy
  • If you select Allow List of Users, click Add item to add an individual user by ID or by regular expression (regex).
  • To deny all users or a list of users, select your option from the Select Users to Deny drop-down menu.
  • If you select Deny List of Users, click Add item to deny an individual user by ID or by regular expression (regex).
  • After you finish, click Apply and then click Back.
  • To configure with whom a team can share secret messages with:

    • Click Add item from under Per Team Decryption Policy. The default option is All Teams/Tenants.
    • If you select Team/Tenant, enter a name in the Team/Tenant field.
    • If you select Individual Users, click Configure to restrict specific users.
  • After you finish, click Save and Exit.

Send Abnormal Activity Alerts to Slack

The admin for an enterprise tenant can configure a Slack workspace to receive alerts for any abnormal activity. The alerts are generated from VoltConsole and then pushed to Slack.

Step 1: Log into VoltConsole.
  • From the System namespace, click Manage -> Alerts Management -> Add Alert policy.

add alert policy button
Figure: Add Alert Policy

  • In the Metadata section, enter a name for the object associated with the new alert in the Name field.
  • In the Alert Receiver Configuration section, click Select Receiver to configure where the alerts are sent to.
  • In the form that appears:

    • Click Add new Alert Receiver.
    • In the Name field, enter a name for the object associated with the new receiver.
    • From the Receiver drop-down menu, confirm Slack is selected.
    • Ensure that the Webhook URL is configured.

Note: You will need to configure the Slack API to enable Webhooks. For more information, follow the instructions at Webhooks. After you enable Webhooks, you will receive a Webhooks URL that you can encode.

  • In the Channel field provide the Webhook URL corresponding to the #alert-testing channel. Encode the URL as a Base64 string.
  • After you finish, click Continue.
Step 2: Configure the new receiver policy.
  • In the Policy Rules section, select the type of alerts to push to Slack. By default, Any is selected.
    select alerts dropdown
    Figure: Select the Type of Alerts
  • If you select Matching Severity, select a severity level from the Severities drop-down menu.
  • If you select Matching Group, select a group from the Groups drop-down menu.
  • If you select Matching Alertname, select an alert type from the Matching Alertname drop-down menu.
  • In the Action field, confirm Send is selected.
  • To configure how and when alerts are sent:

    • Click Show Advanced Fields.
    • Click Configure. The Notification Parameters form appears.
    • Click Show Advanced Fields.
    • In the Notify Interval For a Alert field, enter a numeric value. Hover over the ? for information about the format to enter the numeric value.
      Alert Interval
      Figure: Notification Alert Interval
    • In the Notification Grouping section, set the group notifications, wait interval, and group wait interval.
    • After you finish, click Apply.
      Form
      Figure: Form Complete
  • Click Save and Exit.

The Slack set up process is complete. If any encryption or decryption attempts cross a certain threshold, the alert will be pushed to the Slack channel.


Sharing and Storing

VoltShare is a simple application and can be used by all your enterprise users with the constraints defined in your governance policy. VoltShare prevents users from violating the governance policy for both encryption and decryption of data.

You can read the how-to guide to securely store and share data.


Audit Logs for Activity Alerts

Audit logs are useful for compliance purposes, post-mortems, and general day-to-day visibility. If a VoltShare alert is triggered, the tenant admin can log and debug the problem.

You can view VoltShare alerts in your Slack channel for any violations of the configured governance policies.

Step 1: View the VoltShare alert in the Slack channel.

This example shows the VoltShare alert triggered at 5:22pm in the #alert-testing Slack channel.

Alerts
Figure: VoltShare Alerts in Slack Channel

Step 2: Log into VoltConsole to view the audit logs.
  • In the System namespace, navigate to VoltShare -> Audit Logs.
  • Use the > symbol to select the time frame to match the alert time and investigate the activity.

Concepts