Scan SaaS applications with DLP
You can use Cloudflare Data Loss Prevention (DLP) to discover if files stored in your SaaS application contain sensitive data. To perform DLP scans in a SaaS app, first configure a DLP profile with the data patterns you want to detect, then enable those profiles in a CASB integration.
Configure a DLP profile
Refer to the DLP documentation.
Enable DLP scans in CASB
Add a new integration
- In the Zero Trust dashboard, go to CASB > Integrations.
- Select Add integration and choose a supported integration.
- During the setup process, you will be prompted to select DLP profiles for the integration.
- Select Save integration.
CASB will scan every publicly accessible file in the integration for text that matches the DLP profile. The initial scan may take up to a few hours to complete.
Modify an existing integration
- In the Zero Trust dashboard, go to CASB > Integrations.
- Choose a supported integration and select Configure.
- Under DLP profiles, select the profiles that you want the integration to scan for.
- Select Save integration.
If you enable a DLP profile from the Manage integrations page, CASB will only scan publicly accessible files that have had a modification event since enabling the DLP profile. Modification events include changes to the following attributes:
- Contents of the file
- Name of the file
- Visibility of the file (only if changed to publicly accessible)
- Owner of the file
- Location of the file (for example, moved to a different folder)
In order to scan historical data, you must enable the DLP profile during the integration setup flow.
Supported integrations
Limitations
DLP will only scan:
- Files that are visible to anyone on the Internet.
- Text-based files such as documents, spreadsheets, and PDFs. Images are not supported.
- Files ≤ 100 MB.