Configure protected cloud apps

The Web > Settings > Protected Cloud Apps feature allows you to nominate a set of cloud applications to use within your organization that are protected by Forcepoint CASB. Forcepoint CASB is an integrated solution for cloud application access discovery, activity analysis, access control, security monitoring and enforcement, governance, policy compliance, and data loss prevention.

Note:

The Protected Cloud Apps feature requires an additional license. If you would like further information on accessing this feature, please contact your account manager.

The Protected Cloud Apps feature cannot be used with the Direct Connect endpoint or Neo when it is in direct connect mode.

Use the Protected Cloud Apps page to connect the service to your Forcepoint CASB account, to manage the applications that are protected, and to open the Forcepoint CASB management portal. When an end user accesses one of your protected cloud apps, the service forwards traffic to Forcepoint CASB for analysis, and CASB determines whether to allow the request or apply an enforcement action, based on your CASB configuration.

To protect cloud app usage via Forcepoint CASB:

Steps

  1. Navigate to Web > Settings > Protected Cloud Apps.
  2. Set the Enable connection with Forcepoint CASB toggle switch to ON.
  3. In the dialog, enter the connection details provided in the fulfillment letter you received when you purchased your Forcepoint CASB license.

    If your fulfillment letter did not include these details, configure a new API access key on the Settings > Access Management > API page of the Forcepoint CASB portal. See Create a new API access key in the Forcepoint CASB Administration Guide for instructions.

    • Access key ID
    • API key secret
    • Service URL
  4. Click Connect.
    The list of cloud apps (referred to as assets in CASB) is automatically populated with the list that is in CASB, including customer apps that were created. The list changes based on changes made in the CASB portal.
  5. From the list of cloud apps, select which apps to protect in Forcepoint CASB. You can select up to the maximum number of apps that your CASB license covers.
    Use the scrollbar, or begin typing the name of an app in the Search field. To view only the apps that are currently selected, set the search menu drop-down menu to Selected apps.
  6. The list of selected apps can be used by all policies or applied to a specified subset of policies. In the Traffic Forwarding section, Forward traffic to Forcepoint CASB:
    • For all policies (the default) to forward all user requests to any of the selected apps to Forcepoint CASB for enforcement.
    • Per policy to select the policies that should use the list of selected apps when the policy is enforced.
  7. When Per policy is selected, the Forward to Forcepoint CASB column provides the complete list of existing policies. Use the arrows to move selected policies for which protected cloud apps should not be applied to the Do Not Forward to Forcepoint CASB column.
    Use the arrows to move policies from one list to the other.
  8. When you are done, click Save.

Next steps

While the Enable connection with Forcepoint CASB switch is set to ON, traffic for these cloud apps is forwarded to CASB for analysis and protection.

To stop CASB from protecting your traffic, set the switch to OFF and click Save.

Note: Setting the connection with Forcepoint CASB to OFF has no effect on the cloud app usage and risk reporting features available in the Cloud Apps Dashboard and Cloud App reports. Reporting information is always recorded for cloud app activity, allowing you to discover and monitor cloud app usage in your organization.

See the Cloud Security Gateway Integration Guide for additional information.