Skip to main content
Skyhigh Security

Data Classifications

Data Classification is the process of organizing data based on specific criteria such as Advanced Patterns, Keywords, Document Properties, etc, and categorizing data with predefined categories such as PII, regulations, sensitivity, and more. It involves assigning labels, tags, or metadata to organize and manage data effectively. Categorizing data makes it easier to locate and retrieve data, allowing organizations to control data more efficiently and manage security, compliance, and risk within or outside your organization.

How do Data Classifications and DLP Work?

A data classification and data loss prevention (DLP) system works together to monitor and protect critical data, eliminate insider threats, and prevent unauthorized access or transmission of confidential or sensitive data. A robust data security strategy can be implemented by combining data classification with a DLP solution.

To enhance data classification within your organization, data classification collects details such as the creation date of a document, its storage format, and sharing methods. A DLP policy engine then utilizes these details to make informed decisions and implement appropriate measures for safeguarding sensitive data as per the defined response actions in the DLP policy. For details on the various response actions, see Sanctioned DLP Policy Response Actions and Shadow/Web DLP Policy Response Actions.

Unified Data Classifications in Skyhigh SSE

Skyhigh Security allows unified data classification across Skyhigh SSE products such as CASB, SWG, CNAPP, Private Access, and Endpoint DLP. The unified Data Classification promotes consistent data protection rules and improved operational efficiency for users. Data Classification provides a range of built-in classifications for standard requirements, and you can use them to comply with required regulations. You can also create custom classifications to suit your organization's needs. Both built-in and customized classifications are consistent and can be used across your Skyhigh SSE data protection policies.
clipboard_eda2763c2f030c0be33ad29ef12e7ec20.png

The following are several ways of organizing data using the key classification components:

  • OCR. Find and prevent data loss in screens and images.
  • Advanced EDM. Fingerprint and secure organization data.
  • Advanced IDM. Fingerprint and secure custom documents.
  • Unified AIP. Apply labels to secure documents and emails.
  • Advanced Patterns. Use built-in advanced patterns or custom regular expressions to secure sensitive data.

Unified DLP Engine Use Cases

Skyhigh SSE promotes consistent policy enforcement across its products through Unified Data Classifications and common DLP engines. 
clipboard_e97d9c2755be9ed5ef62684c25fa55c06.png

Each product has its own set of typical DLP use cases as described below:

Products DLP Use Cases

 

 

CASB

Enforcing DLP for Sanctioned SaaS applications such as Box, Salesforce, and Slack allows you to:

  • Enable file sharing between authorized parties
  • Prevent collaboration with unapproved 3rd parties\
  • Block access, uploads, or downloads from unauthorized unmanaged devices

Enforcing DLP for Email DLP allows you to :

  • Enable emails of sensitive files to an internal recipient
  • Can't share with unapproved 3rd parties
                                CNAPP Enforcing DLP policies for IaaS applications such as AWS, Azure, and GCP enables in-tenant scans and prevents malware and data loss.
Private Access Enforcing DLP policies for corporate data center protect data in private applications and restrict sharing of sensitive data when needed. It works with managed or unmanaged devices.
Endpoint DLP Enforcing DLP policies for Devices and Local Network prevent copying to cloud personal apps, USB, print, screen capture etc.
SWG

Enforcing DLP policies for :

  • High-Risk Web and Shadow applications such as Gmail, and Evernote blocks access or isolated sites with a poor reputation or tenant restrictions
  • Medium-Risk Web and Shadow applications block upload of sensitive docs

DLP Policies Methods and Actions 

DLP Policy Methods

Data Classification classifies data on multiple levels. Classified data can be seen on the DLP rules interface to apply the data protection rules. The DLP rules identify sensitive data using these various methods:

DLP Policy Methods Description
Classification Label Classification Label rules allow you to categorize files based on their confidentiality and apply the unique label identification to configure the policy.
Dictionaries Dictionaries are collections of related keywords and key phrases used to compare the dictionary entries where each entry is assigned a score.
Regular Expression Regular expression rules allow you to define custom regular expression patterns to match arbitrary text. 
Fingerprints

The Fingerprint rules identify Structured and Unstructured content (EDM and IDM).

Keyword The keyword is a specific word or phrase. The related keywords can be added to the keywords list to classify the content and identify the sensitive data.
Metadata The rules can also be used to identify the file-level metadata which includes file conditions such as File Name, File Path/Folder ID, File SizeFile Type, Document Properties, and File Encryption Type.

clipboard_e48830930a6c61f6043b67b2c5d6219a8.png

DLP Actions

Once the data is classified, data can be monitored for activity or controls through DLP to prevent content from entering or leaving the cloud service by applying specified remediation actions in the DLP policy. For details, see Sanctioned DLP Policy Response Actions and Shadow / Web DLP Policy Response Actions

  • Was this article helpful?