Create a Sanctioned DLP Policy
To protect your data, create a Sanctioned Data Loss Prevention (DLP) policy using the Policy Wizard.
A Data Loss Prevention (DLP) policy defines the criteria for generating an incident and optionally sets specific actions that are triggered in response to the detected incident. Use the following procedure to create or edit a DLP policy for any Skyhigh CASB sanctioned cloud service provider. You can apply a single DLP policy to multiple services, as long as they all support the rules and responses in the policy.
Once you create your DLP policy, it is enabled by default.
IMPORTANT:
- Skyhigh CASB does not support importing or exporting policies or policy templates that include more than 50 rule groups or that exceed 64 KB in size, whichever limit is reached earlier.
- When creating or editing DLP policies for IaaS services (AWS, Azure, and GCP), the options related to Users and User Groups are not applicable.
To create or edit a DLP Policy:
- In Skyhigh CASB go to Policy > DLP Policies.
- Click Actions > Sanctioned Policy > Create New Policy. (See Create a Policy from a Template for information about templates.)
- On the Description page, name the policy and describe its status and scope:
- Name. Enter a descriptive name to help identify the policy.
- Add Description. (Optional) Enter a description for your DLP Policy.
- Deployment Type. Select an integration method. Some user actions and response actions depend on the Type you choose. Choose from:
- API
- Lightning Link
- Reverse Proxy
- Services. Click Select Service Instances, then select the instances you want the policy to apply to from the list.
- Click Done.
- Users. Click Edit to select one of the options for Users to Include in the policy.
- All Users. Apply the policy to all users.
- Use a predefined dictionary. Apply the policy to users in a predefined dictionary.
- Manually enter users. Manually enter user emails in a list. Use a comma to separate email addresses.
- Click Save.
- Add Exclusions. Select any Users to Exclude from the policy.
- None. Do not exclude any users from the policy.
- Use a predefined dictionary. Apply the policy to users in a predefined dictionary.
- Manually enter users. Manually enter user emails in a list. Use a comma to separate email addresses.
- Click Save.
- User Groups. If your tenant has User Data (Active Directory) configured, click Edit to select the User Groups to include in the policy.
- Click Done.
- Add Exclusions. Select any User Groups to exclude from the policy.
- Click Done.
- Name. Enter a descriptive name to help identify the policy.
- Click Next.
- On the Rules & Exceptions page, enter the following information:
- Rules. Specify the rules that the policy enforces. You can specify one or more rules or rule groups. You can also delete the rule group. Deleting the rule group removes the included rules in that set.
When the rule is defined, the rule group name is automatically generated. You can edit and provide a new name for each rule group.
- Click AND to add another rule, if needed.
- Click THEN to add a severity: Critical, Major, Minor, Warning, or Info.
- For Create An Incident, from each option drop-down you can select:
- Incident Status
- Incident Owner
- Resolution Action
IMPORTANT: Due to the priority order, it is not supported to use the DLP Policy Wizard to automatically set the incident status and Incident Consolidation at the same time. Use one feature or the other.
- Click New Rule Group to add more, if needed.
- Click Add Exception. Add one or more exceptions, if needed. A DLP policy ignores any exception group within the policy. An exception group is ignored when ALL exceptions within the group match.
- Click Add Exception Group to add more.
- Click Next.
- Rules. Specify the rules that the policy enforces. You can specify one or more rules or rule groups. You can also delete the rule group. Deleting the rule group removes the included rules in that set.
- On the Response page:
- Response. Select one or more response actions that are triggered when the policy rules are matched. By default, all DLP policies create an incident.
- Click Done.
- Click Next.
- Response. Select one or more response actions that are triggered when the policy rules are matched. By default, all DLP policies create an incident.
- Click Save.
NOTE: You can view events for newly created or updated sanctioned DLP policies in the Audit Log. For details, see View Sanctioned DLP Policy Events in the Audit Log.