Netskope Help

Configure Encryption for API Data Protection Detection

To configure encryption, first you need to configure an app for API Data Protection (refer to API Data Protection API Connectors for more information).

To configure encryption for API Data Protection:

  1. Go to Policies > API Data Protection in the Netskope UI, and choose the app instance in which to enforce an encryption policy, and then click Next.

  2. Select the folders and users in which to enforce an encryption policy, and then click Next.

  3. Select the sharing options (public, private, etc.) and file types in which to enforce an encryption policy, and then click Next.

  4. Select a scan type for which to enforce an encryption policy (Retrospective + Future or Future only), and then click Next.

  5. Select the applicable DLP profile, if desired, and then click Next.

  6. Select Encrypt as the action for when a policy is triggered, and then click Next.

  7. Select the notification options for when a policy is triggered and file encrypted, including whom to notify, how often, and with what message, and then click Next.

  8. Name the policy, and enter a description if desired, and then click Create Policy.

  9. After the prompt, click Apply Changes.

Once the file is encrypted using an API Data Protection policy, the user would require a Netskope real-time deployment i.e., a reverse or forward proxy solution to decrypt and view the file on the SaaS app. Netskope does not share the encryption key with the SaaS app. The only way to decrypt and view the file is through a Netskope reverse or forward proxy solution. Hence it recommended to use the encrypt policy action only if the user has a Netskope real-time deployment on their tenant. For additional information on Netskope real-time deployment, refer Proxies.Proxies