Classic to Next Generation API Data Protection Migration

Classic to Next Generation API Data Protection Migration

As technology continues to evolve, so too must the platforms we rely on for critical functions such as data protection. Customers currently using the Classic API Data Protection platform are invited to transition to Netskope’s cutting-edge Next Generation API Data Protection platform. The Next Generation platform offers a host of modern features and enhanced capabilities designed to provide superior security, efficiency, and ease of use. This powerful upgrade ensures that data is protected with the latest advancements in technology, delivering robust performance and reliability that meets the growing demands of today’s digital landscape. Join us in embracing this transformative step forward, ensuring your data remains secure with the most advanced tools available.

Key Features of Next Generation API Data Protection Platform

Next Generation API Data Protection is the new generation platform for API Data Protection designed to provide the following benefits:

  • Dramatically simplified policy definition and management: Multi-app/all app policies and multiple DLP profiles in a single policy.

  • Tenant performance isolation, to eliminate noisy neighbor problems – Performance of one tenant does not affect the other tenant.

  • Ability to define threat protection policies.

  • Unified inventory page, for threat hunting and forensic analysis.

  • Tight controls on performance at an app/instance level.

  • Support Google badged labels as a policy condition. (only for Google Drive)

  • Embedded abstractions, to ensure faster development for new capabilities and supported apps.

  • Netskope encrypts API requests to SaaS apps using TLS 1.2 by default.

Why Switch to Next Generation API Data Protection?

Over the past few years, our security platform has evolved rapidly, making further development increasingly challenging. To implement major learning effectively, a new architecture is necessary. There have been significant changes in scale and performance expectations, along with an increase in the number and complexity of managed SaaS apps. This evolution underscores the need for operational simplification to manage these advancements efficiently.

The Next Generation API Data Protection platform is crafted to accommodate the emergence of new SaaS applications, features, and capabilities. It is highly scalable and robust, offering a range of modern features and enhanced capabilities aimed at delivering superior security, efficiency, and user-friendliness. This powerful upgrade leverages the latest technological advancements to ensure data protection, providing robust performance and reliability to meet the increasing demands of today’s digital landscape.

The Classic platform is nearing end of life. Adequate time and notification will be provided to all customers in due course. As described in Key Features of Next Generation API Data Protection Platform, Netskope recommends customers on Classic API Data Protection to switch to Next Generation API Data Protection. Next Generation API Data Protection is the platform where Netskope will continue to build new capabilities and features in the future.

How to Switch to the Next Generation API Data Protection Platform?

To learn more: Migration Steps to Next Generation API Data Protection.

Migration Videos

We have curated a set of videos related to migration process. Take a look!

Frequently Asked Questions

Do you support automatic migration of a Classic app instance to Next Generation?

No, Netskope does not support automatic migration of instances from Classic to Next Generation.

Do you have customers using the Next Generation API Data Protection?

Yes, Netskope has a number of customers who are using Next Generation API Data Protection. In fact, all new customers for OneDrive and SharePoint are on-boarded on the Next Generation API Data Protection starting May 2023.

Since automatic migration is not supported, to set up an existing Classic instance to Next Generation, does it require disconnecting the existing legacy connection first?

You need not disconnect the Classic instance first. But make sure that you disable all the Classic policies so that there is a very short window of time when file change notifications are processed on both the platforms. This will also eliminate duplicate alerts and incidents.

If there is no need to disconnect the existing Classic instance, can I use the same SaaS app admin account (e.g Office 365 admin account) and instance name to provision it on the Next Generation configuration?

Yes, the same admin account can be used.

Can I continue to use the existing Classic API policies mapped to older instances for Next Generation?

No, you cannot use the existing Classic policies with Next Generation API Data Protection. You will have to create new policies for use with Next Generation API Data Protection. The Next Generation policies offer significant expressivity and efficiency. Customers can combine multiple Classic policies into a single Next Generation policy for simplified ongoing maintenance. That is the reason we recommend you take this opportunity to optimize the number of policies.

Is it required to map the existing Classic policies to the Next Generation instances or configure new policies?

No, mapping of policies is required. In fact, with Next Generation policies, you can choose to combine multiple policies into a single one. e.g. now one policy can have multiple DLP profiles selected.

Why should I migrate to Next Generation API Data Protection? What’s in it for me?

You should plan to switch to using Next Generation API Data Protection at the earliest possible time as it offers the following benefits:
– Superior end-to-end processing times for out-of-band events.
– Superior policy expression capabilities that allows you to consolidate policies into a more manageable number.
– Netskope offers new applications and improvements in existing application coverage on the Next Generation API Data Protection. Migrating to the Next Generation platform as soon as possible positions you to fully benefit from these enhancements.
For more benefits, see Key Features of Next Generation API Data Protection Platform.

I have multiple instances of Microsoft 365 SharePoint configured in Classic. Can I take a phased approach and migrate just one of the many Microsoft 365 SharePoint instances over to Next Generation?

Yes, you can.

Will there be loss of security coverage at any point during the migration process?

No, there will be no loss of security coverage as long as you follow the Netskope-recommended steps described in Migration Step.

Will there be duplicate incidents or alerts at any point during the migration process?

Not many, as long as:
– you have created policies in Next Generation and,
– you have deleted the policies in Classic.
Note: There could be a few duplicate incidents/alerts due to a lag in creating Next Generation policy and deleting Classic policies.

Do I also have to recreate DLP, quarantine, forensic, legal hold profiles for the Next Generation policies?

Yes, you have to create new quarantine, forensic, and legal hold profiles for the Next Generation policies. However existing DLP profiles can be reused.

Is there a way to automatically migrate policies from Classic to Next Generation API Data Protection?

No, you cannot migrate Classic policies to the Next Generation automatically.

I have tens of policies for Microsoft 365 SharePoint in Classic. Before migrating to Next Generation, I want to test the policies in a test environment. I need to therefore create these policies in a test environment and then again recreate them in production. These manual steps can be time consuming and erroneous. Is there any way I can export my test environment policies and import them to my production environment?

No, there is currently no method to export and import policies and quarantine, forensic, and legal hold profiles.

I have several incidents, DLP and threat, which have to go through a manual remediation process. Incident remediators decide if they have to restrict access to sensitive files after reviewing the incidents carefully. This process can take several days, sometimes weeks. Will my Incident remediators continue to have the ability to invoke a manual remediation action on Classic-generated incidents even after the migration to Next Generation?

Yes, your incident remediator will have the ability to remediate both Classic and Next Generation quarantined files as long as you keep the old app instance configuration enabled. After all the files are remediated, you can then delete the Classic app instance.

I have several hundred files that are quarantined by Classic. Deciding what to do with them (release from quarantine or something else) will take time. Can I still proceed with the migration process and just deal with these files over the next several days and weeks?

Yes, you can still work on the files and restore them as long as you have kept your Classic app instance enabled.

How much time will Next Generation API Data Protection take to update the inventory?

Our benchmark tests have indicated that the process can take a few hours to a few days depending on the number of files and users you have in the application instance. Get in touch with your Netskope sales representative for more details.

Do I require a new license to migrate or use the Next Generation API Data Protection platform?

No, you do not need a new license to migrate or use the Next Generation API Data Protection platform. You can configure the Next Generation apps for which you already have entitlements in Classic.

Share this Doc

Classic to Next Generation API Data Protection Migration

Or copy link

In this topic ...