Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Enable Policyless Data Discovery for NRT-based Events

  1. Last updated
  2. Save as PDF

Limited Availability: To enable Policyless Data Discovery for the NRT-based Events feature, contact Skyhigh Support or your account manager for assistance. 

The Skyhigh DSPM facilitates auto-discovery (Policyless discovery) of data, which is aimed at automatically categorizing sensitive data from sanctioned apps based on near-real-time (NRT) events. Events performed on sanctioned cloud services trigger an automated DSPM scan to identify sensitive data contained in the target file.

Unlike traditional DLP methods that only track data matching specific policies, the Skyhigh DSPM Policyless Scan automatically captures every file-based interaction to classify the content of the file, the user, date modified, location, digest information—all without mandating pre-defined DLP policies.

NOTE: The Policyless Scan is applicable for CASB NRT events only. 

However, the Policyless Scan continues supporting exclusions for users, file size, and file extensions, which are a part of Configure Scan Settings,  to have control over the scan purview. For example, if a user is excluded from the Policyless scan, then the DSPM engine ignores capturing the user and their activities. However, the user will still be referenced if scanned as a part of the policy.

This visibility allows data administrators to proactively discover all sensitive data in their sanctioned services, along with data risks identified based on several factors such as risky service or risky user. With the discovery of sensitive data characteristics, the Data Explorer streamlines risk assessment and strengthens the organization’s overall security posture.

Key Capabilities

  • Data Logging. Captures sensitive data interactions without requiring pre-configured policies.
  • Pre-canned Classification-based Scan. Scans content against predefined classifications to reveal hidden risks.
  • Real-time Discovery. Provides an immediate overview of users, services, and data classifications across the network.

Use Cases

Goal: To optimize security performance by focusing deep content inspection on high-risk cloud locations while excluding trusted cloud environments.

Use Case: A company uses Google Drive to store data of daily operations, but worries that employees might move sensitive data to personal or unsanctioned cloud accounts. The challenge is that scanning every single file across every CSP is resource-heavy and irrational. Without granular control (no policies), the admin is forced into a scan-all approach—either wasting budget scanning safe internal files or leaving a massive bandwidth for data leaks to the unsanctioned cloud storage.

How to achieve this?

The DSPM Data Explorer Policyless Scan gives admins the flexibility to define exactly which cloud environments get inspected.

  • Select CSPs. Admins can choose to monitor specific Cloud Service Providers (CSPs) like Box, Google Drive, and their instances.

How does it help the admin?

Policyless Scanning shifts the admin from broad, inefficient monitoring to targeted, high-impact oversight:

  • Provider Optimization: Admins can focus on scanning required CSPs and their instances, rather than focusing on robust scanning involving unwanted data.
  • Customize Policies: Provides the flexibility to scale protection up for new, unknown cloud apps while keeping trusted internal operations fast and efficient.

 For creating a policy to block uploading sensitive data to Cloud Storage, see Create a Shadow/Web DLP policy.

Protect Source Code from Exfiltration

Goal: To identify and secure sensitive data—such as Source Code that falls outside the scope of existing DLP policy definitions, preventing accidental or malicious exfiltration.

Use Case: An organization stores sensitive files (Source Code, PII, and Financials) in OneDrive or SharePoint. While a user tries to share a file with the source code internally, which is confidential, the standard DSPM engine successfully flags the PII based on active policies; however, critical assets like Source Code remain unnoticed because no specific policy has been defined for them.

How to achieve this?

The DSPM Data Explorer Policyless Scan gives additional protection by scanning and classifying content regardless of active or missing policies.

  • Enable Policyless Scanning. When a user attempts to share a file containing source code internally, maybe to the Slack or G-Chat account, the system triggers a deep scan regardless of active policies.
  • Automated Identification. The DSPM engine detects sensitive data types (like Source Code) even without a pre-existing policy match.
  • Centralized Logging. The system automatically logs these newly identified risks in the DSPM Data Explorer.

How does it help the admin?

This Policyless Scan enables admins to gain deep insights into the location, user, and service instance where the source code is shared by logging all the related data in DSPM Data Explorer. Additionally, the SOC admins can create Sanctioned DLP policies to protect data at risk and prevent its misuse.

Identify PHI Data Loss in Medical Institution

Goal: To eliminate visibility gaps by detecting Protected Health Information (PHI) moving outside of sanctioned healthcare systems and establish DLP policies.

Use Case: A hospital has stringent DLP policies for Patient Billing and Social Security Numbers (SSNs), but hasn't defined rules for clinical research spreadsheets. Since no specific policy exists for these research files, the policy-driven scan (primary scan) is never triggered. When a researcher uploads a spreadsheet containing patient diagnoses and treatment dates to a personal cloud drive, the admins have zero visibility into the movement of this sensitive medical data.

How to achieve this?

The DSPM Data Explorer Policyless Scan provides an additional layer of security by scanning and classifying data regardless of active policies.

  • Automatic Data Classification. The DSPM engine uses pre-defined classifications to categorize sensitive PHI data bearing patient details and ICD codes within the spreadsheet, labeling it as Health Data.
  • Data Detection. It identifies the sensitive nature of the file based on the content itself, and not based on a pre-set/undefined policy.
  • Metadata Logging. The DSPM Data Explorer records the user, the specific personal email destination, and the PHI classification.

How does it help the admin?

The Data Explorer Policyless Scan enables admins to gain insights into proactive risk management. They will be able to see exactly which unregulated research files are leaking to unsanctioned apps/cloud storage with the help of DSPM Data Explorer. Additionally, this provides a full audit trail of PHI movement, helping meet HIPAA/GDPR requirements for data that previously went unmonitored. Admins can now create targeted DLP policies based on DSPM Data Explorer analytical reports.

For creating a policy to block uploading sensitive data to Cloud Storage, see Create a Shadow/Web DLP policy.

  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    Topic
  2. Tags
    This page has no tags.