← Back
Cloudflare
Cloudflare CASB adds automated remediation for risky file sharing
Cloudflare · featureplatformintegrationsecurity · blog.cloudflare.com ↗

Closing the Security Loop with Automated Remediation

Cloudflare CASB customers can now move beyond detection and visibility to actively remediate security risks. Starting today, the Remediation feature allows security teams to fix file-sharing misconfigurations directly from the CASB Findings page, eliminating the need for manual fixes through individual SaaS admin consoles or ticketing workflows.

Supported Risk Categories

The initial release focuses on the most common and impactful file-sharing risks:

  • Public links: Files accessible to anyone on the internet with view or edit permissions
  • Organization-wide sharing: Files shared across entire tenants or domains when access should be restricted
  • External sharing: Files shared to personal accounts and external domains
  • DLP-matched files: Any of the above risks when combined with sensitive data patterns (customer records, credentials, financial details)

Microsoft 365 and Google Workspace Support

Remediation initially targets Microsoft 365 (OneDrive, SharePoint) and Google Workspace (Drive, Docs, Sheets, Slides)—where organizations typically store business-critical documents like financial records, contracts, and customer data. These platforms often accumulate overshared files that were marked "temporary" but never cleaned up.

When triggered, the Remove sharing action immediately revokes the risky sharing configuration without deleting files or changing ownership. All remediation actions are logged in Cloudflare One's Admin logs for compliance and audit purposes.

Technical Architecture Built for Scale

The remediation system leverages multiple Cloudflare products for reliability and performance:

  • Workers and Workflows handle job orchestration and API calls to third-party SaaS providers
  • Queues manage asynchronous job processing
  • Workers KV and Secrets Store securely distribute credentials
  • Hyperdrive records final outcomes in a persistent database

The architecture handles vendor API rate limits (429s) natively through Workflows' built-in retries. Load testing shows strong performance: average remediation completion in 48 seconds (p50), with p90 at 72 seconds.

What's Next

Cloudflare indicates this is the beginning of CASB's remediation capabilities, with major updates planned for the coming year. Teams can now directly manage file-sharing risks and track closure in a single platform rather than coordinating across multiple admin interfaces.