Configure DLP policies for cloud applications in the Forcepoint Security Manager
When configuring DLP Cloud policy rules, you must select DLP Cloud Applications as the destination, and you must select one or both of the DLP Cloud Applications channels – DLP Cloud API and DLP Cloud Proxy.
Steps
- In the Forcepoint Security Manager, go to DATA > Policy Management>Manage DLP Policies.
- Expand a policy in the tree view and click a rule, then select Edit or Add > Rule.
- On the Policy Rule page, configure the rule through the General, Condition, Severity & Action, Source, and Destination tabs. Configuring a rule for a cloud application is similar to any DLP rule, but requires specific configuration settings in the Severity & Action and Destination tabs (see steps 3 and 4 below). For more information about creating a policy rule, see the Forcepoint DLP Administrator Guide.
-
On the Severity & Action tab, select an action from the Action Plan drop-down menu. Click the button to the right of the drop-down menu to open the Action
Plan Details page.
On the Data Loss Prevention tab, in the Cloud Applications Channels section, select the actions for the available operations.
- For DLP Cloud Proxy, you can select the following actions:
- Permit: Allow the operation.
- Block: Block the operation.
- For DLP Cloud API, you can select the following actions:
- Permit: Allow the operation.
- Safe copy: Save a copy of the file to a cloud archive that is accessible only to administrators.
- Quarantine: Save the file in a quarantine folder defined in the CASB portal.
- Quarantine with note: Quarantine the file and leave a message in place of the original file.
- Unshare external: Remove sharing permission for external addresses.
- Unshare all: Remove all sharing permissions from the file.
- For DLP Cloud Proxy, you can select the following actions:
-
On the Destination tab, in the DLP Cloud Applications section, select DLP Cloud API, DLP Cloud proxy, or both. For each channel, select at least one
cloud application (or All) and at least one operation, as follows:
- Click Edit.
-
Select one or more cloud applications in the Available Elements list.
If you want to use all of the cloud applications, leave this as All and then continue with step 5e to select an operation.
(Forcepoint DLP 8.9 and above) If you have an Office 365 cloud application, then you can choose to monitor OneDrive, SharePoint, Teams, or Other. Select Other to monitor Office 365 applications that are not part of OneDrive, SharePoint, or Teams.
- Click the right arrow button to move the selected cloud applications to the Selected Elements list.
- Click OK. The cloud applications are now shown in the box under the channel name.
- Select user operations to monitor: For DLP Cloud API these include File uploading/attaching, File downloading, External file-sharing, and Unrecognized file-sharing. For DLP Cloud Proxy operations include File uploading/attaching or File downloading.
- Click Next to show a summary of the rule.
- Click Finish to save the rule.
-
To deploy all the configured changes, click Deploy.
Note: If you do not want to monitor certain operations for DLP Cloud API, you must configure this in Forcepoint CASB.
In the Manage DLP Policies screen, the rule summary (right pane) shows whether DLP Cloud Applications are selected as a Destination.