Netskope Global Technical Success (GTS)
Netskope DLP – Enforcing Netskope DLP Policies
Netskope Cloud Version - 127
Introduction
This article explains how to create and apply DLP Policies in Netskope.
DLP Policies represent the final enforcement layer — they determine where DLP scanning occurs, who is impacted, and what action is taken when sensitive data is detected.
Policies are where DLP Profiles meet real-world enforcement across cloud apps, web traffic, private applications, and endpoint activity.
What is a DLP Policy?
A DLP Policy defines:
- Which DLP Profile is applied
- Which users, groups, or locations are affected
- Which traffic channels or applications are inspected
- What action is taken on policy violations (e.g., Alert, Block, Bypass, Coach)
It is the final step in operationalizing your DLP setup.
Key Policy Configuration Options
Section | What is it? | Why does it matter? | Example |
Source | Defines who the policy applies to – users, groups, or IP ranges. | Helps target only the intended users or devices. | Apply policy only to the Finance team. |
Destination | Defines what apps and actions are monitored – choose applications and user activities. | Determines where and how the policy will apply in traffic inspection. | Monitor uploads to Google Drive or downloads from SharePoint. |
Profile & Action | Apply a DLP Profile (rules to detect sensitive data) and choose an Action (response type). | This is the enforcement engine – defines what data to detect and how to respond. | Use "HR Sensitive Data" profile with Alert action for Outlook and Google Drive. |
Available Actions | - Allow-Allow activity Block: Prevent the activity- Alert: Allow and Log the event- Quarantine: Secure the file for review | Actions define how Netskope responds when sensitive data is detected. | Start with Alert for visibility, then move to Block once policy is tuned. |
Policy Name | Name your policy clearly for easy identification. | Helps in organizing and managing multiple DLP policies. | Finance_GDrive_Upload_Alert or HR_Email_PII_Block |
Best Practices Summary
Recommendation | Why It Helps | Example |
Start with Alert mode | Avoids blocking user activity too early and gives visibility into actual data movement. | Use Alert for the first few weeks to observe behavior, then gradually shift to Block if needed. |
Review incidents regularly | Keeps policies effective and ensures they adapt to new risks or user behavior. | Schedule a weekly or bi-weekly check of DLP logs and fine-tune rules or scopes based on incident patterns. |
Name policies clearly | Makes it easier to understand and manage rules over time. | Use names like Sales_OneDrive_Upload_Block or IT_PersonalEmail_Alert for easy identification. |
Test with specific apps first | Allows gradual rollout and reduces chances of widespread issues. | Start with a few cloud apps like Google Drive or Outlook before expanding policy scope. |
Conclusion
DLP Policies are where the detection logic (Entities + Rules + Profiles) is operationalized and enforced.
Proper policy design ensures that sensitive data is protected — without impacting business operations.
By monitoring, refining, and iteratively improving policies, you can evolve a responsive and scalable data protection program across your organization.
What’s Next?
If you haven't yet configured Profiles or Rules, refer to the previous KBs in this series:
- Creating and Using DLP Entities in Netskope
- Building Effective DLP Rules in Netskope
- Designing DLP Profiles and File Filters
Terms and Conditions
- All documented information undergoes testing and verification to ensure accuracy.
- In the future, it is possible that the application's functionality may be altered by the vendor. If any such changes are brought to our attention, we will promptly update the documentation to reflect them.
Notes
- This article is authored by Netskope Global Technical Success (GTS).
- For any further inquiries related to this article, please contact Netskope GTS by submitting a support case with 'Case Type – How To Questions'.