Some or all of the information on this page might not apply to Trusted Cloud by S3NS. See Differences from Google Cloud for more details.

Introduction to organization restrictions

This page provides an overview of organization restrictions and how it works.

The organization restrictions feature lets you prevent data exfiltration through phishing or insider attacks. For managed devices in an organization, the organization restrictions feature restricts access only to resources in authorized Trusted Cloud by S3NS organizations.

How organization restrictions works

In Trusted Cloud by S3NS, Identity and Access Management (IAM) governs access to resources. Administrators use allow and deny policies to control who can access the resources within their organization. There is a need in organizations to restrict access of their employees only to resources in authorized Trusted Cloud by S3NS organizations. Trusted Cloud by S3NS administrators who administer Trusted Cloud by S3NS, and egress proxy administrators, who configure the egress proxy, engage together to set up organization restrictions.

The following diagram illustrates how the different components work to enforce organization restrictions:

Organization restrictions workflow

The architecture diagram shows the following components:

Managed device: A device that is governed by the organization policies of a company. Employees of an organization use a managed device to access the organization resources.
Egress proxy: An egress proxy administrator configures the proxy to add organization restrictions headers to any requests originating from a managed device. This proxy configuration prevents users from accessing any Trusted Cloud by S3NS resources in non-authorized Trusted Cloud by S3NS organizations.
Trusted Cloud by S3NS: The organization restrictions feature in Trusted Cloud by S3NS inspects all requests for organization restrictions header, and allows or denies the requests based on the organization being accessed.

Common use cases

Here are some common organization restrictions use cases:

Restrict access to employees in your organization so that employees can access resources only in your Trusted Cloud by S3NS organization and not other organizations.
Allow your employees to read from Cloud Storage resources but restrict employee access only to resources in your Trusted Cloud by S3NS organization.
Allow your employees to access a vendor Trusted Cloud by S3NS organization in addition to your Trusted Cloud by S3NS organization.

Implementing these use cases require engagement between Trusted Cloud by S3NS administrators, who administer Trusted Cloud by S3NS, and egress proxy administrators who configure the egress proxy.

What's next

Learn about organization restrictions configuration.
Learn about the services supported by organization restrictions.