We have previously allowed Grammarly and folk think the app is awesome. From a DLP perspective, however, I have noticed that it is pretty difficult to detect DLP incidents when using the copy/paste function. The challenge is not when a colleague uploads a file to the website but when a colleague cuts and pastes documents into the portal. The cut/paste approach essentially creates a file in the Grammarly portal completely bypassing DLP checks and allows data exfiltration.
I have created a custom universal connector app but cannot see anything recorded that we could then use to prevent sensitive data from being exfiltrated from the organization. I assume the site is using some clever JS that Netskope cannot inspect.
Anyone else cracked this type of challenge? Any ideas/help would be appreciated
We (Customer Zero) have also noticed the same challenge with Grammarly. We have brought this to the attention of our app connector team and they are actively working into developing a solution for this scenario. We have a little different approach to Grammarly’s usage within our company at this time. Because of the sensitive data that users within Netskope process, whether that being client confidential information, employee personal details, or company intellectual property, we actually block the usage of third-party spell/grammar checking applications due to the risk of data exfiltration either intentionally or accidentally.
We’ll try to update you on this again once the app connector team has had time to work on it.