Netskope Help

File-Level Encryption

Netskope provides file-level encryption for a number of sanctioned and unsanctioned cloud applications. It does this in two scenarios: one, as the result of an API Data Protection policy on content at rest, and two, as the result of an Real-time Protection policy. Both are typically the result of the discovery or detection of sensitive data and are designed to seamlessly protect and control sensitive content regardless of where it is stored.

Organizations can use Netskope's cloud DLP to identify sensitive data using industry-leading API Data Protection or Real-time Protection detection methodologies, taking advantage of more than 3,000 language-independent data identifiers across hundreds of categories combined with the capability to handle more than 500 file types, to trigger encryption, as well as encrypt files as they await advanced workflows such as quarantine and legal hold.

Netskope's encryption enables organizations to maintain the confidentiality and privacy of sensitive data at rest in or en route to a variety of cloud apps, especially cloud storage or enterprise file sync and share providers. Files can be selectively encrypted en route to apps in order avoid indexes for sensitive data, augmenting the confidentiality capabilities of providers that already offer encryption, or bulk processed to bring encryption to services that don't offer it natively.

Netskope uses strong AES-256 encryption and per-file key management in addition to fault-tolerant, FIPS 140-2 Level 3 certified Hardware Security Modules (HSMs), or the option to integrate with an on-premises, KMIP-compliant key management system to ensure control over encryption keys and their lifecycle.