Use Case:
Data Classification to Invoke User-based DLP for Uploaded Content

Cloud Access Security Broker CASB has integration with the Data Loss Prevention (DLP) and its policy engine, it will utilize this integration to tie a user attempting to upload an on-premise based document using its data classification technology to ensure that appropriate access is enforced.

Scenario

Data being created or manipulated locally by users will be classified based on content and identity by the data classification application and securely uploaded via the Cloud Access Security Broker (CASB) inspecting content for appropriate use. If the content is not allowed to be used, the CASB will respond according to policy.

Actions

– Click for larger image –

Success Criteria

  1. Document has been successfully classified using meta data markings.
  2. DLP engine successfully detects requests to manipulate marked documents.
  3. Sensitive documents are only allowed to be accessed and manipulated by authenticated users when explicitly allowed.
  4. Sensitive documents violating DLP rules in the CASB are quarantined for analysis.

IDSA Security Controls

Data Security through Classification Policies

Authentication based on risk posture derived from at least one risk engine (Cloud Access Security Broker, Fraud & Risk, UEBA, SIEM).