← Back
Cloudflare
Cloudflare CASB adds automated file-sharing remediation for Microsoft 365 and Google Workspace
Cloudflare · featuresecurityapiplatform · blog.cloudflare.com ↗

Remediation: From Detection to Action

Starting today, Cloudflare CASB customers can automatically fix risky file-sharing configurations directly from the Cloudflare One dashboard. Previously, the CASB focused exclusively on detection and visibility—surfacing misconfigurations, overshared data, and risky access patterns. With Remediation, CASB now closes the loop by enabling one-click fixes without requiring manual intervention in each SaaS application.

What Can Be Fixed

The initial release supports file-sharing remediation in Microsoft 365 (OneDrive, SharePoint) and Google Workspace (Drive, Docs, Sheets, Slides). Customers can now automatically address:

  • Public links that allow anyone on the internet to view or edit files
  • Organization-wide sharing when access should be restricted to specific users
  • External sharing to personal accounts and domains outside the organization
  • Data loss prevention (DLP) violations where shared files contain sensitive data like credentials, financial details, or customer records

When triggered, the "Remove sharing" remediation action immediately strips risky permissions while preserving file ownership and content—it does not delete files or change legitimate access.

How It Works

Cloudflare built the remediation system using its own serverless platform:

  • Workers receives the remediation request and queues the job
  • Workflows orchestrates the multi-step remediation process with built-in retry logic and step logging
  • Queues ensures durable, ordered processing of remediation jobs
  • Workers KV and Secrets Store securely manage third-party API credentials
  • Hyperdrive records final outcomes in a database

Under load testing, Cloudflare achieved an average (p50) completion time of 48 seconds and p90 of 72 seconds. The system gracefully handles API rate limits and transient failures through Workflows' native retry mechanism.

Auditability and Control

Every remediation action is logged in Cloudflare One's Admin logs, providing a complete audit trail of who took action, on which files, and when. Organizations can export this activity to their SIEM systems for compliance reporting. Instead of exporting CSV files and hoping team members fix issues manually, security teams now drive cleanup directly from CASB and receive confirmation when risks are addressed.

Next Steps

This launch represents the beginning of CASB's remediation capabilities. Cloudflare has signaled major updates planned for the coming year, with expectations to expand remediation actions beyond file-sharing risks and to support additional SaaS applications.