Use Case - Cloud Access Security Broker Initiated Data Classification Discovery
Recommended Implementation Details
Scenario Data at rest will be classified based on content and identity by the data classification application and securely protected via the Cloud Access Security Broker (CASB) inspecting content for appropriate use. If the content is sensitive, the CASB will respond according to policy.
Description Cloud Access Security Broker has integration with Data Loss Prevention (DLP) and its policy engine, it will utilize this integration to action at rest files and documents scanned and classified. If a document is classified at a certain level, the CASB will respond appropriately.
IDSA Security Controls
Success Criteria
  1. At rest data has been successfully classified
  2. CASB engine successfully detects sensitive data markings as appropriate based on their risk level
  3. Sensitive documents are encrypted