About Sanctioned DLP Policies
As of Skyhigh Security Cloud 6.3.0, on March 28, 2023, all customer tenants will be migrated to use the new DLP Policy Wizard.
A Sanctioned Data Loss Prevention (DLP) policy defines the criteria for generating a violation for cloud services that are sanctioned for use by employers, and optionally sets specific actions that are triggered in response to the detected incidents for sanctioned services.
You can create or edit new Sanctioned and Shadow/Web DLP policies using the DLP Policy Wizard.
To view and administer your DLP policies, go to Policy > DLP Policies.
The DLP Policies page provides the following actions and information:
- Filters. Select options on the Filters tab to scope down your search.
- Search. Search Policies via the Omnibar.
- Actions. Click to perform the following actions.
- Sanctioned Policy. Sanctioned cloud services are services that are sanctioned or provided by your enterprise for employee use, like Microsoft Office 365.
- Create New Policy. Click to Create or Edit a Sanctioned DLP Policy using the DLP Policy Wizard.
- Create Policy from Template. Click to Create a DLP policy from a Template.
- Export to Template
- Shadow/Web Policy. Shadow cloud services, like Facebook, are accessed by employees but aren't specifically sanctioned for employee use.
- Create New Policy. Click to Create a Shadow/Web DLP Policy.
- Activate Policy
- Deactivate Policy
- Delete Policy
- Settings
- Edit Table Columns
- Evaluate
- Evaluate Policy. Test your policy to make sure it is detecting the correct incidents. For details, see Evaluate Policy.
- Sanctioned Policy. Sanctioned cloud services are services that are sanctioned or provided by your enterprise for employee use, like Microsoft Office 365.
- Policy Name. Displays the name of the DLP Policy. Click the link to edit the policy.
- Description. (Optional.) Display the description of the DLP Policy.
- Status. Displays the status of the policy: active or inactive.
- Deployment Type. Displays the type of deployment: API or Proxy.
- Service Instances. Displays the number of instances of the policy used.
- Last Updated. Displays the date and time that the policy was last updated.
- Last Updated By. Displays the username that last updated the policy.
DLP Policy Cloud Card
Click the table row of a policy to display the DLP Policy Cloud Card.
The DLP Policy Cloud Card provides the following information:
- Name. Displays the name of the DLP Policy.
- Description. Displays the description of the DLP Policy.
- Services. Displays the name of the Services that use the policy.
- Deployment Type. Displays the type of the deployment: API or Proxy.
- Policy Origin. Displays the origin of the policy.
- Policy Status. Displays the status of the policy: On or Off.
- Action. Select to Edit Policy or Delete Policy.
- Associated Scans. Displays the name of associated scans, if any.
- History. Displays the policy history, including time, date, and username of the last update.
Limitation
For Microsoft Word documents, there is a limitation where DLP policies cannot currently inspect text inside charts and bookmarks.