Cloud resources

Cloud applications resources are instances of cloud application types (such as Office365) that can be defined as destinations of sensitive data rules. These resources are available only to customers who have Forcepoint DLP version 8.7.1 or later, and a Forcepoint DLP Cloud Applications license.

Use the Main > Policy Management > Resources > Cloud Applications page in the Data Security module of the Forcepoint Security Manager to view a list of cloud applications.

Administrators can add and edit cloud applications that support DLP Cloud API and Cloud Data Discovery, but not DLP Cloud Proxy. All cloud applications that support DLP Cloud Proxy are defined in the Forcepoint CASB portal, and are automatically displayed on this page. The page also includes links to the CASB portal, where custom policies can be configured, or applications can be completely removed.

The Show/Hide Columns button enables control of the columns to display, including:

  • Application Name
  • Application Type
  • Description
  • DLP Cloud API Status
  • DLP Cloud Proxy Status
  • Cloud Data Discovery Status

To add a cloud application that supports DLP Cloud API and Cloud Data Discovery:

  1. Click the Add button at the top of the page.

    The Add DLP Cloud Application window appears, displaying a list of all the available cloud application types defined in the system.

    Note:
    • Pop-up blockers may prevent this page from opening. If this occurs, disable the pop-up blocker and try again.
    • It might take a while for the tab to open. Wait for the tab to load, and then complete the steps below. Do not close the page while it is still loading.
  2. Select an application type, and then click OK.

    The application is added to the list of application resources.

    Note: If you select the Office 365 cloud application type, you can choose to monitor OneDrive, SharePoint, Teams, or Other in Main > Policy Management > DLP Policies.

To edit a cloud application:

  1. Click the name of the application in the Application Name column.

    The Cloud Application Properties window appears in a new browser tab.

    For more information on managing these properties, see Forcepoint CASB Administration Guide, “Managing Service Assets”.

  2. Enter a descriptive Application name and Service description to help administrators manage the service.
  3. Under Connection, enter the Key and Secret to enable a connection to the selected cloud application, then click Configure Connection.

    The Cloud Applications service uses the connection to retrieve activity logs, scan files at rest, and retrieve user lists. It does not store the user credentials.

  4. Under Service Type, specify whether or not to Enable activity import and allow the Cloud Applications service to access and import user activity logs for the selected cloud application.
  5. Under Mitigation, configure an Archive folder within the cloud service for files moved or copied in response to a DLP incident.
  6. Under Quarantine, optionally configure messages than can be left in place of quarantined files to explain to users that their file has been moved.

    Click Test Connection to verify that the message file can be copied to the cloud application.

  7. To save the changes, click OK.
    • The new application is added to the cloud applications list, which shows the application’s name, type, description, and status.
    • The Edit link opens the properties window in the CASB portal, which can be used to update configuration for the application.

Repeat these steps as many times as needed to enable the CASB service for each cloud application to which DLP policies will be applied.