Creating policies for data protection and application security

For CASB, you can create policies that apply to one, some, or all cloud applications in your enterprise. For each policy, you can specify:

  • The types of information to which the policy should apply – for example, content that includes credit card or Social Security numbers, files that exceed a specific size, or files of a specific type.

  • The users or groups of users to which the policy should apply, the folders or sites, or whether files can be shared internally, externally, or with the public.

  • You can assign one or more protection modes to each cloud application you onboard. These protection modes enable you to apply the types of protection most needed for the data stored on those cloud applications.

You can also create policies that control access to keys that protect encrypted data. If access to a key is blocked by a policy, users cannot access that data protected by that key.

Note about Slack cloud applications

When creating policies for Slack cloud applications, keep the following items in mind:

  • Remove Collaborator works only for the following content and context definition:

  • Content: NONE

  • Context: Member Type

  • Data Type: Structured

  • Addition of members to a channel is an independent event, which is not associated with messages, files, or any other event in the channel. (The group_add_user is the event type.)

  • The group_add_user contains no content. There is no structured or unstructured data.

  • Because files are org-level properties in Slack, they do not belong to any particular channel or workspace. As a result, you must select structured data as the event type.

  • Member Type context: By default, Slack is a sharing cloud, and uploading a file or sending a message to a channel is in itself a sharing event. As a result, a new context (apart from the existing sharing type) is available to help manage events for Slack cloud applications.

Note about Microsoft 365 cloud applications (OneDrive)

  • When files are uploaded to OneDrive, the Modified By field in OneDrive displays the name SharePoint App instead of the name of the user who uploaded the file.

Note about capturing events in the Slack thick app

To capture events in the Slack thick app in forward proxy mode, you must log out of both the application and the browser and log in again to authenticate.

  • Log out of all workspaces in the desktop Slack app. You can log out from the application grid.

  • Log out from the browser.

  • Log in to the Slack app again to authenticate.

The following sections provide step-by-step instructions for creating policies to meet your data protection needs.

  • Viewing policy lists

  • API Access policies