ChatGPT rocketed from a fringe app to a daily business tool almost overnight. From drafting code snippets to summarizing board decks, it’s a go-to tool for anyone with a computer. But that magic portal can also become a one-click leak for source code, customer records, or strategic roadmaps.

The “solution” is to purchase ChatGPT Enterprise, where your data remains your data, however, what if you want to prevent an employee from logging into their personal ChatGPT entirely and forcing them to use their enterprise ChatGPT? 

It’s all on our Fly Direct architecture, with no detours through remote data centers, no backhaul latency, and no privacy trade-offs.

Cloud Application Controls, the dope.security way

If you’re new here, our endpoint-based Secure Web Gateway enforces policy directly on the device—no stopovers in remote data centers.

‍

That means:

• Instant decisions. Internet is never re-routed, so users never feel lag.
• Radical privacy. Sensitive data remains on the endpoint. 
• Reliable uptime. Proxy datacenter outage? No problem, because we don’t rely on one.

Cloud Application Controls are part of our proxy, and give admins control on the workspaces (tenants/domains) accessible by employees.

‍

With ChatGPT now in dope.security’s catalog, you can:

• Block; i.e. Block from using ChatGPT at all
• Warn; i.e. Remind users to not upload sensitive data per corporate policy‍
• Allow; i.e. Allow full access to ChatGPT‍
• New: Tenant Restriction (CAC); Restrict access to ChatGPT Enterprise Workspace ID. Other workspaces, like ChatGPT Personal etc. will be blocked on device

‍

How Do I Configure CAC?

1. Select Cloud Application Control

2. Click ChatGPT and “Enable Control”

3. Enter the desired ChatGPT Workspace ID (Admin Settings -> Workspace ID). Click “Save”

To find your ChatGPT Workspace ID, log in to your ChatGPT enterprise account and navigate to the admin settings page. There you can locate the Workspace ID (UUID) that corresponds to the workspace you want to allow.

Activating this CAC will automatically allow ChatGPT domains, to prevent problems with other settings.

Key Benefits of Governing ChatGPT with dope.security

1. Zero-risk productivity: Blocking ChatGPT doesn’t work if you’ve bought ChatGPT Enterprise. Our one-click control blocks ChatGPT Personal, so only enterprise accounts work in your environment. Everything happens on your device.
2. Policies are simple: Whether you’re allowing AI for certain groups & users, or blocking for others, every policy only takes a few clicks to turn on. A simple policy reduces misconfigurations and doesn’t require a dedicated team to manage.
3. One product: ChatGPT joins Dropbox, Box, Slack, Salesforce, and other cloud apps in our CAC rulebook.

‍

What This Means for Security Teams

Inventory AI usage with Shadow IT

• ‍Why It Matters: Unknown exposure is infinite exposure‍
• Quick Win: Monitor Shadow IT to see which AI tools are being accessed with corporate vs personal emails

‍

Separate corporate vs. personal accounts

• ‍Why It Matters: Compliance requires clean boundaries

• Quick Win: Add a CAC rule, i.e. Allow company workspace ID or email domain, Block everything else

‍

Take Action Immediately

• ‍Why It Matters: Last-minute policy changes slow adoption

• Quick Win: Take advantage of dope.security’s instant trial and define ChatGPT access on Day-0  

‍

ChatGPT Enterprise is being used more and more often, and that means you need the control to lock it to your enterprise account. Cloud Application Controls bring you Generative AI without the risk of data leakage, or shadow AI accounts — just activate and hit save.

Ready to see it in action? Book a 30-minute, no-stopover demo and watch us lock down ChatGPT in an instant.

With dope.security, you can create web filtering policies to Allow/Warn/Block access to specific domains on the internet. Recently, our endpoint-based secure web gateway recorded 171,000 web requests. Because enforcement happens directly on each device—our patented on-device SWG approach—we get a real-time, unfiltered view of exactly where users go and what gets blocked.

Below, we unpack the most telling patterns hiding in that data, and the business risks they expose.

1. Cloud Drives Quietly Dominate the Traffic Mix

Out of all transactions, 51,018 attempts (29.8%) targeted file-storage platforms—OneDrive, Dropbox, Box, WeTransfer, and similar. Security teams treated them seriously: 63% were blocked outright. The numbers signal how collaboration habits have changed. Forget sneaking files out over email; staff now default to a personal or shared cloud drive, often without considering data-classification rules.

“We assumed email was the main path for leaks. Turns out the real exposure lives in ‘just-share-it’ drives,” — CISO at a mid-size Healthcare company.

The primary takeaway here is that policy should focus on both what is uploaded and where it’s uploaded to, which is where an AI-powered CASB DLP that inspects content in real-time would fit perfectly with dope.security’s on-device SWG. 

2. Generative AI Is No Longer a Side Project—It’s 10% of All Requests and Growing

Our telemetry logged 17,129 AI/ML requests (10%), covering ChatGPT, Quillbot, Copilot extensions, and AI assistants. Interestingly, 77% generated only a warning rather than a block. That means teams are keen to encourage innovation but want to educate first.

‍

‍

Such spread highlights the need for flexible policy enforcement that can adapt by geography—another strength of a reliable on-device proxy that travels with the user.

3. Social Platforms: Distraction or Brand Channel? Both.

Social Media accounted for 16,267 hits (9.5%). Teams split almost down the middle: 54% blocked, 46% warned. Marketing loves the reach; Legal worries about GDPR or brand-safety missteps. Traditional data-center proxies struggle to reconcile these competing priorities; rule updates can take hours. By contrast, an endpoint-based secure web gateway lets security push nuanced policies instantly to each device.

4. Malware Domains Got Zero Slack—and Zero Success

Every one of the 11,071 requests (6.5%) flagged “malicious” was denied, giving us a 100% block rate. That stat matters because many legacy stacks rely on periodic IP or DNS updates; attackers can often exploit the minutes between a reputation change and the next policy download. Local enforcement eliminates that window altogether.

5. Lunch-Hour Spike: The Hidden Capacity Test

Plotting requests across the day shows a 40% surge between 11 AM and 2 PM Pacific Time (early afternoon for East Coast staff, end-of-day for Europe). Cloud drives, social sites, and AI tools all peak together—creating a perfect storm of risk and latency stress. Because our on-device SWG processes traffic locally, throughput is effectively uncapped. Data-center proxies, by contrast, can struggle during sudden usage bursts.

6. Domain Leaderboard: Where Risk and Productivity Collide

Seeing both Microsoft and OpenAI domains pop in the top ranks underscores that “approved” vendors still carry leakage risk when used outside company governance guidelines, including trying to access these domains with personal accounts.

‍

What This Means for CISOs

1. Inspect uploads, not just destinations: Cloud drives are here to stay—we can tell by the access requests. dope.security’s AI-powered CASB DLP allows admins to inspect files for sensitive content quickly and accurately, so you know what is being uploaded to which cloud drives. 
2. Adopt an “educate first” AI strategy: Start with warn-first policies for Gen-AI tools to learn usage patterns and educate users on the company AI policy. Implement stricter controls where needed after your baseline behaviors are understood.
3. Bring enforcement on device: A cloud proxy alternative that lives at the endpoint scales instantly with demand and keeps protection active even when the user is offline or other network issues.

‍

If you’re weighing an upgrade from data-center proxies, consider dope.security’s endpoint-based secure web gateway with integrated on-device SWG controls and AI-powered CASB DLP. Book a 30-minute demo; we’ll show how real-time data and local decision-making tighten security without slowing anyone down.

Deploying a security tool at any company is not straightforward. It’s a balancing act that requires the right combination of product stability, technical integrations, skilled personnel on both sides, and many other variables. This becomes increasingly more challenging if you are a large enterprise customer.

‍

These are just a few of the challenges that can come up:

1. Customization and Integration Requirements

Tailored Needs

Each organization has unique security requirements, so off-the-shelf tools often need heavy customization to meet specific needs. Enterprises can have several pre-existing security tools and general applications in both cloud and hybrid environments, making it necessary to integrate new incoming tools with these existing SIEM systems, firewalls, VPNs, and more. For example, part of this integration could be setting up SSL Inspection bypasses for certain applications or changing computer networking paths so that they don’t break a VPN.

‍

2. Resource and Expertise Constraints

Limited Security Personnel

Legacy systems can be complex to deploy and manage on an ongoing basis and, therefore, require a dedicated team. Not all organizations can afford or have the existing team hierarchy to support this. This can make large-scale deployments, especially in enterprises with thousands of employees, expensive from a time and cost perspective. Since most legacy tools are too complex, organizations must invest in dedicated teams around the globe to maintain them or hire expensive third-party services to run the deployment.

‍

3. Maintenance and Continuous Updating

Frequent Updates

Cybersecurity tools require regular updates to stay effective against external threats and meet internal needs. Manually coordinating these with the company through phased deployments, auto upgrades, and uploads into tools like InTune can be tough and time-consuming. Within the tool itself, slow feedback on configurations can drastically slow down deployments. These configurations can include things like policy updates. Legacy tools have a polling mechanism that takes 30 minutes to an hour to pull the latest policy down from the cloud. This means longer wait times for updates to take effect.

‍

4. Re-work when moving from POC to Production

Non-Production Trials

Most cybersecurity POC environments are shut down after the trial. After purchase, the customer receives a completely fresh production tenant to be re-configured to fit the environment. It can be frustrating, as all work to date is thrown away, including SSO configs, policies, and more.

How does dope.security handle these challenges?

dope.security enabled a Fortune 100 customer to deploy the dope agent at an average of 3,000 devices per week and grow from 900 devices to over 18,000 devices in a matter of weeks by focusing on four key areas.

‍

1. Product Stability

dope.security has built an on-device SSL proxy that performs all SWG capabilities on the user’s laptop—URL Filtering, Cloud App Controls, SSL Inspection, and more. This refreshed architecture, which removes the need for backhauling data to a remote data center, makes dope.swg the most reliable and stable proxy available regardless of the state, country, or office you’re in. The Fly-Direct Architecture also makes policy configurations very stable, consistent, and fast, which is critical during deployments. Updating policies in real-time at the individual and group levels makes the entire rollout process much more efficient and quicker. It also ensures the right security policies are applied to the correct individuals instantly.

‍

2. Deployment Experience

Deploying the dope.security agent is extremely easy whether you’re installing 200 or 20,000 devices because there is no manual configuration or customization a customer has to make before installing.

In this specific case, the customer easily deployed InTune silently across their organization. Because no extra configuration was required after the agent was installed, the customer instantly blocked malicious websites and traffic across their deployed devices. Our clear guide to InTune deployments clarified any frequently asked questions.

The entire process from the initial free production trial was one click without excessive help from the dope security team. After purchase, the same trial was converted into a paid account—no additional configuration was required.

‍

3. Global Technical Support Team

First, dope.security focuses on building strong relationships with the customer implementation team. This means having regular check-ins either through status calls, dedicated Slack channels, or email. Regular check-ins ensure that no bug or deployment hurdle goes unnoticed.

Second, the dope.security technical team consists only of product engineers who have in-depth knowledge of the product and how it works. There are no generic Tier 1 support agents whose only job is to escalate a customer to the next tier for assistance. This means the technical support team can answer any question in real time, dramatically increasing the productivity and speed of resolving issues.

‍

4. SSL Error Notifications

A very common issue with proxy deployments is errors due to SSL Inspections breaking applications. Typically, the process to fix this is to implement a bypass rule. But with most SWG providers, this is extremely manual and not straightforward.

dope.security simplified this and built an SSL notification feature. The dope agent identifies and reports when it has broken traffic due to SSL cert pinning. It allows the admin to view these SSL errors in the dope console and easily create either application or domain bypasses in a few clicks. This feature is unique to dope.security, enabling deployments to move much quicker as admins don’t need to spend time manually hunting for why specific applications are breaking and their associated domains, URLs, or extensions to create bypass lists. dope.security automatically identifies, reports, and provides the data you need directly in the console.

dope.security enabled a Fortune 100 customer to deploy the dope agent at an average of 3,000 devices per week and grow from 900 devices to over 18,000 devices in a matter of weeks

This Fortune 100 customer rollout is just one case that shows how dope.security has redefined cybersecurity deployments. It no longer needs to be an extremely long, arduous process that requires tons of resources, time, and effort. From initial onboarding to ongoing maintenance of the deployment, dope.security makes everything much simpler through product stability, understanding customer needs, and providing dedicated, knowledgeable support.

In today’s fast-paced digital world, sharing files quickly and securely is a must! But while file sharing makes our work easier, it’s important to understand the potential risks if permissions aren’t handled correctly. Knowing the difference between various file-sharing options—especially between sharing files externally and sharing them publicly—can help keep your data safe. Plus, using strong data loss prevention (DLP) measures can reduce the risks even further.

Why File Sharing Permissions Matter

File sharing permissions control who can access, view, or edit a file. These settings aren’t just for convenience—they’re essential for protecting your data! If files are shared incorrectly, it could lead to unintentional data leaks, intellectual property theft, or even issues with legal compliance, especially in industries with strict privacy regulations like healthcare, finance, or government.

File sharing permissions are essential for protecting your data!

Let’s break down the four main types of file-sharing permissions and see how each one differs in terms of functionality and risk.

‍

1. Private Sharing Within Your Organization

Private sharing lets you share files with specific people within your organization (like manually adding invitedcoworker@company.com). This is generally the safest option, especially for confidential projects, because only the people you choose can access the files. For example, sensitive documents like product development plans or financial reports should be shared this way to avoid them falling into the wrong hands.

This type of sharing works well with data loss prevention systems, which can monitor files for sensitive information—like social security numbers or intellectual property—and prevent them from being shared beyond their intended audience. Awesome, right?

‍

2. Internal Sharing Across the Organization

Internal sharing makes files available to everyone within your organization (everyone@company.com). This is perfect for files like company-wide announcements, training materials, or resources that everyone needs access to. While it’s super convenient, it does come with some risk. If sensitive data is accidentally shared this way, it could lead to unintentional access by people who shouldn’t see it.

DLP systems can help by scanning files for any sensitive or proprietary information and flagging potential risks before they become bigger problems.

‍

3. External Sharing with Specific Individuals

External sharing (i.e. inviteduser@external.com) is often used when working with clients, vendors, or other third parties. It allows you to share files outside of your organization in a controlled way, ensuring that only the invited people can access the file. So handy!

However, there’s still some risk. Even when you’re sharing with specific external permissions, the file could be forwarded or misused. That’s where DLP can step in, adding an extra layer of protection by encrypting files or requiring access credentials, so even if the file is forwarded, only the intended person can access it. That’s peace of mind!

‍

4. Public Sharing: The Riskiest Option

Public sharing means anyone with a link can access the file. While it’s useful for sharing non-sensitive materials—like marketing documents or event invitations—it also poses the greatest risk for accidental data leaks.

If a sensitive file is shared publicly instead of with a specific person, the consequences can be serious. Public sharing opens up files to anyone who gets the link, making it difficult to control who sees or downloads them. This can lead to data breaches, intellectual property theft, or compliance violations. Be careful with this one!

Public sharing can lead to data breaches, intellectual property theft, or compliance violations.

Externally Shared vs. Publicly Shared: Why It Matters

The big difference between externally shared files and publicly shared files is control. Externally shared files are restricted to specific people outside your organization, while publicly shared files can be accessed by anyone who gets the link. The latter option creates a much bigger security risk because it’s hard to track who has viewed or downloaded the file, making it tough to contain any damage caused by unauthorized access.

Understanding this distinction is critical, especially in industries where data security is a top priority, like healthcare or finance. Sharing a file publicly that contains sensitive information could result in massive breaches, fines, and damage to your company’s reputation. Nobody wants that!

Understanding this distinction is critical, especially in industries where data security is a top priority.

The Role of dope.security in Data Loss Prevention (DLP)

With innovative solutions like dope.security’s CASB Neural, businesses can protect their sensitive data through behind the scenes monitoring and access control to cloud services, making sure your data stays safe from unauthorized access or transfers. By using machine learning and smart analytics, CASB Neural can flag for potential data risks in real time, and allow you to update file access permissions directly from the console.

Have a file accidentally available to anyone with the link? Remove Public access. Have a file shared with an external vendor, who doesn’t need the document anymore? Remove External access. You can rest easy knowing that even in tricky cloud environments, your information is well-managed.

CASB systems are essential for keeping your important data secure by monitoring and preventing unauthorized sharing of confidential files. CASB Neural automatically scans for sensitive content, like financial details, personal information, or proprietary data, before anything is shared. It’s like having a reliable watchdog that helps keep your data safe from accidental or intentional leaks.

Adding DLP to your file-sharing process offers an extra layer of protection, especially when using platforms where it’s easy to accidentally share files too broadly. With tools like CASB Neural, you get peace of mind knowing your sensitive information is safeguarded without any hassle. This added security lets you enjoy the flexibility and convenience of cloud-based platforms while keeping your data protected. It’s a simple, smart way to stay secure and stress-free.

Wrapping Up

As file-sharing continues to evolve, so do the risks that come with it. Understanding the difference between external and public sharing, along with using robust data loss prevention strategies, is crucial for keeping your data safe. It’s a great idea for organizations to regularly review their file-sharing policies, educate employees about the risks, and use technology to protect sensitive information from getting into the wrong hands.

With dope.security, you can easily review all Publicly and Externally shared files within CASB Neural, and with a click of the button turn your shared files Private. Integrate this with department-wide Secure Web Gateway (SWG) Policies and Cloud Application Control (CAC) settings and you’ll be flying the internet skies safely with your files secured in tow.

Stay safe and share smartly!

Everyday, people fly the friendly internet skies, visiting different websites, and sharing files with each other. They are accessing everything from Gaming to Gambling to General Entertainment websites and sharing files that may contain personal information. Now this is fine if it’s personal activity—but what if you’re part of a professional organization?

If I’m part of the security team at that organization, I’d want some controls to know where you’re going on the internet, how you’re accessing it, and who you’re sharing files with in order to keep you safe from malicious attacks and data leakage.

Is that really necessary?

Let’s take a look at some trends we’ve seen:

Total Blocks in the last 7 days? Over 60k! Where were these users going?

Almost 50% of the blocks were…you guessed it: AI/ML

Organizations are clamping down on Artificial Intelligence usage.

Top blocked categories

• 49.1% AI/ML: ChatGPT, Gemini, DALL-E, etc.
• 8.8% File Storage: Dropbox, Box, WeTransfer, etc. ‍
• 7.8% Malicious/Suspicious: Block users from being unknowingly exposed to dangerous sites
• ‍1.9% Software Downloads: Prevent employees from downloading non-approved IT apps

This data begs the question, are employees doing this intentionally?

While it’s hard to know for sure without asking them directly, we can deduce a few things.

1. AI is on the rise, and every employee is looking to automate their work, the data clearly shows a desire to access these tools. But they’re being blocked because company policies don’t want you uploading proprietary code or sensitive content.
2. Categories like ‘File Storage’ are blocked to ensure employees can not access their personal cloud storage drives, reducing the risk of data exfiltration. The most common use case we see here is a recently terminated employee trying to take company files with them.
3. Most of the time employees are completely unaware they are accessing a Malicious site so these blocks are protecting the accidental misstep.

‍

This is why having a reliable and easy to use secure web gateway solution is so important. You need to be able to monitor activity and block access to sites that could be harmful, or non-productive to your organization.

Now what about those company files? I can not tell how many times leaders have said, “No I’m good…we have tight controls and I know we don’t have any publicly exposed files.”

‍

Well, we challenged one of those leaders to run CASB Neural, here are those results:

Out of 84M Files scanned, 2.4% are Publicly exposed. That may not sound like a lot, but it’s over 2M publicly exposed files.

2M Publicly exposed files!

Another way of saying this is that the file is “publicly accessible.” That means while you personally may have never shared this file or folder with anyone outside of your organization, it still has the ability or “sharing permissions” that allow it to be exposed to an external party.

Of those 2M files, over half a million, or 25% of the found public files, fall into either Intellectual Property (IP), Personally Identifiable Information (PII), Protected Health Information (PHI) or Payment Card Industry (PCI).

• IP 6.2%‍
• PII 53.2%
• ‍PHI 5.8%
• ‍PCI 34.8%

That means either your data, your customers, vendors, or anyones data who you work with could potentially be at risk of being exposed.

What are some examples of the types of files and data we found in these categories?

1. Publicly exposed data rooms where anyone could download sensitive information (stock purchase agreements, equity, offer letters, etc.) about major startups
2. PHI documents publicly available because it was the default setting when creating a sharing link
3. Troves of sensitive files shared publicly, with no possible way to find out, including bank statements, etc.

So what does all this mean?

Most of the time people are not sharing sensitive information, or going to malicious websites on purpose. So having these filters in place is crucial for catching those accidental human errors that will ultimately happen.

Because as the data shows, people are trying to access sites they shouldn’t be, and unknowingly have file sharing permissions that could be huge security risks to your organization.

These solutions keep you productive and safe. So make sure you have a SWG and CASB DLP solution that is fast, reliable and invisible because at the end of the day you want it to work really well and not get in the way.