Use Case:
Cloud Access Security Broker Initiated Data Classification Discovery

Cloud Access Security Broker has integration with Data Loss Prevention (DLP) and its policy engine, it will utilize this integration to action at rest files and documents scanned and classified. If a document is classified at a certain level, the CASB will respond appropriately.


Data at rest will be classified based on content and identity by the data classification application and securely protected via the Cloud Access Security Broker (CASB) inspecting content for appropriate use. If the content is sensitive, the CASB will respond according to policy.


– Click for larger image –

Success Criteria

  1. At rest data has been successfully classified.
  2. CASB engine successfully detects sensitive data markings as appropriate based on their risk level.
  3. Sensitive documents are encrypted.

IDSA Security Controls

Data Security through Classification Policies

Controlling data encryption via security policy enforcement and/or risk posture.