Netskope Help

API Data Protection Use Cases

API Data Protection provides policy and access control, risk anomalies forensics, and data governance. The following sections walk you through each key benefit of API Data Protection and how to get the most out of your API Data Protection policies.

Find and Secure Sensitive Customer or Employee Information

Discover sensitive data in sanctioned cloud storage or customer relationship management (CRM) using either predefined or custom DLP profiles,  like personally identifiable information (PII), protected health information (PHI), payment card industry information (PCI), or other confidential profiles.

Take advantage of features like:

  • 3,000+ language-independent data identifiers

  • 500+ file types

  • Proximity analysis

  • Volume thresholds

  • International support including double-byte characters

  • Document fingerprinting

  • Optical character recognition (OCR)

  • Content exact match

  • Validation mechanisms like Luhn check to increase detection accuracy.

Secure sensitive content using strong encryption with keys you manage, by removing external links, by quarantining the data for further review, and/or by removing it from the cloud. See who's got access, including people outside your company, and what collaborators have done with the content (download, share, edit, etc.). Notify collaborators of the action you take.

Protect your Intellectual Property

Discover content containing your intellectual property (IP), such as source code, product designs, process or network diagrams, patent work in progress, roadmaps, and other proprietary content that could be considered IP in sanctioned cloud storage or CRM.

Use either predefined or custom DLP profiles to find:

  • Source code and IP

  • Your most sensitive product designs

  • Terms associated with your IP such as chemical compounds, soil analysis, latitude/longitude of strategic locations, and more.

Secure your IP using strong encryption with keys you manage, by removing external links, by quarantining the data for further review, and/or by removing it from the cloud. You can discover what collaborators have done with the content (download, share, edit, etc.), and notify collaborators of the action taken.

Audit All Activities Associated with your Sensitive Content

Discover sensitive content in your cloud apps, see who's done what. Drill down to see who's got access, including people inside and outside the company. If people outside your company can access your data, you can see who did what, and when, with your sensitive content. Was it downloaded? Shared? Edited?

If you have Netskope deployed for Real-time Protection, you can query to see that content. For example, you can construct an audit trail in just a few clicks that looks like "Bob Jones downloaded a sensitive product design from our corporate Cloud Storage app and uploaded it to his personal Dropbox, and then shared it with jane.smith@competitor.com".

Find and Secure (or Remove) Sensitive Forms that should not be in the Cloud

Discover sensitive forms in sanctioned cloud storage or CRM by taking a fingerprint of forms in a sensitive repository, like HR employee onboarding documents, healthcare applications, financial or insurance applications, compliance forms, and more. Secure those sensitive forms using strong encryption with keys you manage or remove them from the cloud entirely. Also, notify collaborators of the policy violation, so they are aware for next time.

Isolate and Take Granular Action on Different Types of Sensitive Content

When you detect sensitive data in your sanctioned cloud apps, filter on contextual criteria to isolate the risks and then take action. For example, quickly drill down to see only publicly-exposed PII in spreadsheets, only binary stream files flagged as source code, only PHI content that's externally-owned, or only encrypted files created in the last week.

By isolating just the highest-risk or most interesting items, you narrow the aperture to what's important, which helps you cancel the noise, increase detection accuracy, and address one issue at a time. For example, you may wish to put the source code in legal hold, remove the externally-owned PHI, and encrypt the PII.

Integrate with On-Premises DLP and Incident Response Solution

If you have an on-premises DLP solution in which you've invested significant effort tuning DLP policies, you may want to funnel suspected DLP violations from the cloud. Perform a first pass discovery of sensitive content in your cloud apps, and pull that subset of your cloud content (only funneling back a small amount of data rather than the full set in your cloud) into your on-premises solution for a more accurate detection using your highly-tuned system. Also, preserve your existing work flows, such as security information and event management (SIEM) and other incident management or ticketing systems.

Govern Activities on Data-at-Rest

Govern activities on content in your sanctioned cloud storage or CRM app by setting No Sharing or other activity-level policies. For example, enforce a No Sharing Externally policy for anybody in R&D, or encrypt all files for anybody in the insiders group in the enterprise directory.

Put Users' Content in Silent Legal Hold

For users under review, like those involved in a regulatory action, create a discreet copy of all content they produce and place into a legal hold folder for review by regulators or legal professionals. Create Legal Hold profiles to secure content involved in regulatory action.