File Encryption in API Data Protection FAQ
File Encryption in API Data Protection FAQ
This article talks about the commonly asked queries around the file encryption feature in API Data Protection.
- Are there any prerequisites to use the `Encrypt` action in API Data Protection?
If you use the encrypt policy action, ensure that you have a Netskope real-time deployment i.e., a reverse or forward proxy. The Netskope real-time deployment is required to decrypt the file. - How can an administrator use the `Encrypt` feature in API Data Protection?
To encrypt a file, the Netskope tenant administrator can either create an API Data Protection policy with `Encryption` as the policy action or navigate to API-enabled Protection > click the relevant SaaS app > instance name > click the Total Files number > identify the file name > select the checkbox next to the file name > Take Action > click Encrypt. - Where are the encryption keys stored?
Once the file is encrypted, the encryption keys are stored in Netskope managed Key Management Service (KMS). - Once the file is encrypted, who can access/decrypt the file?
Only users who have Netskope client enabled can access the encrypted file.- encrypted files can be opened/read by users within the organization as long as the Netskope client is enabled.
- encrypted files cannot be opened/read by users outside the organization, or users within the organization who do not have Netskope client enabled.
- Where can the administrator view the status of an encrypted file?
Navigate to API-enabled Protection > click the relevant SaaS app > instance name > click the Total Files number > identify the file name > click the file name to open the file details page. If encrypted, the status will be Encrypted. If decrypted, the status will be Not Encrypted. If neither of the two, the status will be Not Available.
Note: Once you encrypt the file, it may take a while to update the Encryption Status.
Encrypted:
Decrypted:
Neither encrypted or decrypted: