Migrate Dropbox from Classic to Next Generation API Data Protection

Migrate Dropbox from Classic to Next Generation API Data Protection

The article provides guidance for customers currently using the Classic API Data Protection for Dropbox. It outlines a clear process for migrating to the enhanced Next Generation API Data Protection, which offers improved performance and functionality. The migration involves key steps, including preparation, configuration updates, and verification, ensuring a smooth transition to the more advanced platform.

If your real-time policy includes quarantine as an action, you cannot create a Next Generation API Data Protection quarantine profile. This limitation exists because real-time policies currently support only the classic API Data Protection quarantine profile. Stay tuned for updates on when real-time policies will support the Next Generation API Data Protection quarantine profile.

Migration Steps

Here are the broad steps to migrate your classic Dropbox instance to Next Generation.

  1. Create a new Next Generation API Data Protection Dropbox instance. To learn more: see sample video.

  2. If you use the forensic feature in classic, follow these steps:

    1. Create a new Next Generation forensic instance, profile, and enable forensic. To learn more: see sample video.

    2. Delete the classic forensic profile from Policies > PROFILES > Forensic, then navigate to Settings > Configure App Access > Classic, select the SaaS app, click the instance and uncheck Forensic.

  3. Disable the existing classic API Data Protection policies from Policies > API Data Protection > SAAS > Classic.

  4. Create new policies on Next Generation API Data Protection from Policies > API Data Protection > SAAS > Next Gen. To learn more: see sample video.

  5. Delete the existing classic API Data Protection policies from Policies > API Data Protection > SAAS > Classic.

    Running Classic and Next Generation policies simultaneously can lead to unexpected behavior if legal hold or quarantine profiles exist on both platforms. Additionally, this setup risks upstream throttling due to rate limits, potentially interrupting all protections. Therefore, Netskope strongly discourages running Classic and Next Generation policies and legal hold/quarantine profiles concurrently.
  6. Go to Settings > Configure App Access > Classic. Select the Dropbox app, click the instance and uncheck CASB API.

  7. Wait for six months or the duration of your incident retention period. Consult your Netskope sales representative to confirm the exact retention period. During this time, you can manage incidents and work with quarantined files.

  8. Delete the classic Dropbox instance. To do so, navigate to Settings > Configure App Access > Classic, select the SaaS app, then click the Remove Instance icon to delete the app instance.

There are a few noteworthy differences in the way Netskope displays DLP incidents and Skope IT alerts in classic and Next Generation API Data Protection. If you have any forward integration like log ingestor, etc where these values are ingested, you should update these values. To learn more: Classic vs Next Generation DLP Incidents & Skope IT Alerts.

To learn more about the Next Generation API Data Protection feature matrix per cloud app, see Next Generation API Data Protection Feature Matrix per Cloud App.

Share this Doc

Migrate Dropbox from Classic to Next Generation API Data Protection

Or copy link

In this topic ...