Use Case:
Data Classification to Invoke User-based Data Loss Prevention for Cloud Created Content

Cloud Access Security Broker (CASB) has integration with the Data Loss Prevention (DLP) and its policy engine, it will utilize this integration to tie a user attempting to interact with a cloud-based document using its data classification technology to ensure that appropriate access is enforced.


Data being created or manipulated in the cloud by users will be classified based on content and identity by the data classification application and securely downloaded via the Cloud Access Security Broker (CASB) inspecting content for appropriate use. If the content is not allowed to be used, the CASB will respond according to policy.


– Click for larger image –

Success Criteria

  1. Document has been successfully classified using meta data markings.
  2. DLP engine successfully detects requests to manipulate marked documents.
  3. Sensitive documents are only allowed to be accessed and manipulated by authenticated users when explicitly allowed.
  4. Sensitive documents violating DLP rules in the CASB are quarantined for analysis.

IDSA Security Controls

Data Security through Classification Policies

Controlling data encryption via security policy enforcement and/or risk posture.