Netskope Global Technical Success (GTS)
Shielding Sensitive Data: Blocking Watermarked Document Uploads on Grammarly Web App with DLP Controls
Netskope Cloud Version - 122
Objective
Implement DLP Controls on Grammarly to Prevent the Upload of organization watermarked Documents.
Prerequisite
Netskope CASB license is required
Context
This document provides detailed guidance on implementing DLP controls using a custom DLP profile to prevent the upload of sensitive, watermarked organizational documents to the Grammarly Web App.
Do You Know?
- Netskope acknowledges Grammarly as a Cloud Application and provides a pre-defined cloud app connector.
- As of Dec 17, 2024 with Netskope’s Predefined connector, Customers can exercise following activities on Grammarly Web Application.
Lab Recreate
- In this scenario, we are using a data sample of documents containing the organization's watermark. For example, the company enforces a policy that designates all watermarked documents as sensitive, and such documents must not be uploaded to Grammarly.
- Consider organization watermark expressions as oCompany Name(ABC)-Document first 4 letters-Document Code]. In this case, the regular expression will be like ABC-kA-Za-z]{4}-\d{4}
- We will create a custom DLP Profile for this Use case.
- To create Custom DLP Profile, The Order is as follows:
- Create Custom Data Identifier
- Add the Data Identifier to newly created custom DLP Rule
- Add the DLP Rule to DLP Profile
- Step 1: Let us start creating a Custom Data Identifier for the regular expression: ABC-oA-Za-z]{4}-\d{4}
Path: Netskope Tenant UI >>> Policies >>> DLP >>> Edit Rules >>> Data Loss Prevention >>> Entities >>> New Entity
You can also validate the regex by clicking on ‘Validate Regex’ and reviewing the expression.
- Step 2: Now, add this identifier to a Custom DLP Rule like below:
Path: Netskope Tenant UI >>> Policies >>> DLP >>> Edit Rules >>> Data Loss Prevention >>> Rules >>> New Rule
Now add the above created Entity to DLP Rule like below:
The DLP rule will appear as shown below after configuring the identifiers, selecting the appropriate scan section, and setting the threshold level based on business requirements.
- Step 3: Add the above created DLP Rule to DLP Profile and set the Profile Name:
Path: Netskope Tenant UI >>> Policies >>> DLP >>> New profile
- Step 4: Create a Real-Time Protection Policy and associate the previously created custom DLP profile with the policy as shown:
Verification
- The end-user attempted to upload a document containing the organization's watermark to the Grammarly Web App and received the following message.
You may verify the Policy Hit as below:
You may also verify the DLP Incidents from
Path: Netskope Tenant UI >>> Incidents >>> DLP
You may find the DLP Incident details as below containing the Object Name, Object Type, Violated data properties like below:
Terms and Condition
- All documented information undergoes testing and verification to ensure accuracy.
- In the future, it is possible that the application's functionality may be altered by the vendor. If any such changes are brought to our attention, we will promptly update the documentation to reflect them.
Notes
- This article is authored by Netskope Global Technical Success (GTS).
- For any further inquiries related to this article, please contact Netskope GTS by submitting a support case with 'Case Type – How To Questions'.