Hello all,

I’m looking for recommendations/examples of global default DLP policies.

Currently, my organization has a default block policy at the bottom of the tenant for categories that we’ve deemed to have no business use case (weapons, security risk, etc) or to be risky for usage (cloud storage, social media, etc.).

In a similar fashion, I’d like to have DLP rules at the bottom of the tenant to act on web traffic before Netskope allows it through. I’ve done some testing with just outright blocking any activities that could be used to exfil data (upload, post, send, edit, etc.) and very quickly ran into issues, and example being background traffic for the Microsoft Edge browser being classified as upload and resulting in a large number of user notifications. I’m currently working through using app tagging to exclude any standard user applications from this policy.

Given that not all websites have support for DLP, I’d ultimately like the behavior to be “If the website supports DLP, check the data, if no rules are matched, allow the activity. If the website does not support DLP, block the activity, unless the website is excluded.”

Does anyone have experience doing this at scale? We’ve been successful in doing so for specific applications.

Thanks in advance!