Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Protect Downloaded Files with Ionic DRM

Skyhigh CASB Secure users can use Ionic DRM to automatically encrypt files generated inside your Sanctioned SaaS programs (for example, a report created in Salesforce or a document generated in Microsoft Office Online). Once encrypted, the files can only be viewed by authorized users through the Ionic plugin. Please follow these steps to configure Ionic DRM to protect your sensitive files on download.

Define Rules in Ionic DRM Dashboard

  1. Go to the Ionic DRM Dashboard > Data Policy
  2. The Data Policy needs to have a rule which indicates users who are allowed access and users (if any) who are specifically denied access.
    Ionic DRM_Define Policies.png

Please consult Ionic’s help documents for instructions on building rules in their dashboard.

Set Service Level Properties on Skyhigh CASB

  1. Go to Settings > Sanctioned Services > Service Management.
  2. For the service to be protected by Ionic DRM, click Add Properties.
  • cloud.access.policy.enabled = true
  • shn.drm.enabled = true
  • shn.ionic.data-marking = Ionic Data Marking

Define Rules in Skyhigh CASB

Once the configuration is complete in the Ionic Dashboard, you must create a rule in the Skyhigh CASB to check for sensitive content such as SSN and pass the downloaded file to Ionic for encryption. Follow these steps to define the appropriate rule:

  1. Go to Policy DLP Policies.
  2. Click Create Policy.
  3. Set type Proxy.
  4. Select the Service to be Managed (i.e., Salesforce).
  5. If you want all downloaded files to be protected by Ionic DRM, set the Rule Collaboration: Report Download for Salesforce or Download for other Secure CSPs
    1. If you want other conditional rules to determine encryption (for example, to only encrypt documents that contain Social Security Numbers), add the rules in addition to the rule. For example, to protect documents with Social Security Numbers, add the rule Data Identifier: SSN
  6. Because Ionic DRM’s plug-in cannot decrypt .xlsx files, set the exception rule for File Type: Microsoft Excel.
  7. Set the response Apply DRM.

Any file downloaded for the selected service (that matches any other rules) will be encrypted by Ionic DRM. Authorized users can view plain-text versions of the files through the Ionic Plugin

  • Was this article helpful?