Manage Sanctioned Services via Skyhigh CASB
Skyhigh Security provides the Skyhigh CASB Sanctioned Apps modal for granular visibility into the usage of sanctioned services within your organization. The Skyhigh CASB Sanctioned Apps modal allows you to analyze usage metrics of sanctioned services, identify sanctioned services that are secured/unsecured via API integration, and enable API integration for sanctioned services. For details, see Skyhigh CASB Sanctioned Apps Modal.
You can use the Skyhigh CASB Sanctioned Apps modal to enable API integration for unsecured sanctioned services. This enables you to apply security controls such as Data Loss Prevention (DLP), Threat Protection, Activity Monitoring, and Configuration & Posture-based controls to secure your corporate data from exfiltration and ensure compliance. For details, see Enable API Integration for Unsecured Sanctioned Services.
For example, a Security Operations Center (SOC) can use the Services page to identify risky trends, such as significant data uploaded to Box that is not secured via API integration with Skyhigh CASB. Subsequently, the SOC can enable API integration for Box with Skyhigh CASB and create a sanctioned DLP policy that detects and blocks all personally identifiable information (PII) from being shared by Box users.
Skyhigh CASB Sanctioned Apps Modal
The Skyhigh CASB Sanctioned Apps modal provides a unified list of sanctioned services that are supported for API integration with Skyhigh CASB.
You can access the Skyhigh CASB Sanctioned Apps modal via the following pages:
- Analytics > Services
- Governance > Cloud Registry
- Analytics > Services > Service Name > Service Details
- Analytics > Services > Select up to four Sanctioned Services > Actions > Compare Cloud Services
On the Services or Cloud Registry page, click any of the following API status icons next to the Service Name to view the list of sanctioned services that are supported for API integration.
| API Status Icon | Icon Significance |
|---|---|
.png?revision=1){kind=icon} |
API integration is not enabled for the sanctioned service. Click to enable API integration for the sanctioned service. |
.png?revision=1){kind=icon} |
API integration is enabled for the sanctioned service. |
Skyhigh CASB Sanctioned Apps Modal Components
The Skyhigh CASB Sanctioned Apps modal provides the following information and actions:
NOTE: Skyhigh CASB displays data for sanctioned services only for the last 30 days.
- Service Name. The name of the sanctioned service.
- Users. The number of users for the sanctioned service.
- Data Uploaded. The amount of data uploaded to the sanctioned service. An upload is any activity that is more than 8 KB.
- Total Requests. The total number of allowed and denied requests for the sanctioned service.
- Status. The status of API integration for the sanctioned service. Click Enable API or + to enable API integration for the sanctioned service. For details, see Enable API Integration for Unsecured Sanctioned Services.
Enable API Integration for Unsecured Sanctioned Services
Skyhigh CASB enables API integration for unsecured sanctioned services. You can enable API integration for unsecured sanctioned services to apply security controls on the sanctioned service.
To enable API integration for unsecured sanctioned services:
- Go to the Services (Analytics > Services) or Cloud Registry (Governance > Cloud Registry) page.
- In the Filters sidebar tab, select the API Not Enabled checkbox for the Sanctioned SaaS filter.
- Click the + icon next to the Service Name.
You are redirected to the Skyhigh CASB Sanctioned Apps modal.
- On the Skyhigh CASB Sanctioned Apps modal, click Enable API or + in the Status column corresponding to the sanctioned service.
- You are redirected to the Service Management page for the sanctioned service.
NOTE: If no instances exist for the sanctioned service, you will be redirected to the Add Service Instance page to create one.
You can now enable API integration to apply security controls on the sanctioned service.