Skyhigh Security CASB Connect is an API framework used for onboarding long-tail SaaS applications. This section provides an overview of CASB Connect, use cases, pre-requisites, and approach/process for requesting and adding new cloud SaaS applications to CASB Connect.
The CASB Connect framework supports any of the following use cases for SaaS applications:
- Enforce Data Loss Prevention (DLP) policies to protect sensitive and regulated data.
- Enforce internal and external collaboration policies.
- Inspect login, data upload, data download, and administrator activity to maintain an audit trail for forensic investigation.
- Detect any anomalous behavior.
CASB Connect API
The CASB Connect API platform is a unique solution developed with the vision of letting cloud service providers (SaaS vendors) build API connectors for their REST APIs to join Skyhigh Security's CASB Connect catalog, so that mutual customers of Skyhigh Security and cloud service providers can mutually benefit from the security use cases supported by Skyhigh Security's CASB while continuing to leverage productivity gains from using the SaaS application.
CASB Connect API FAQ
Who provides APIs? Is it Skyhigh Security or the SaaS application provider?
APIs are always provided by the SaaS application provider. Skyhigh Security will only write connectors to consume those APIs.
What kind of APIs are supposed to be provided by the SaaS application?
REST APIs with support for OAuth 2.0 (or other ways of third party application authentication/authorization), monitoring activities (logins, downloads, uploads, admin activity, sharing activity), download content, modify content/delete content (will be called based on response action configured in DLP policies)
Detailed API pre-requisites are provided in the attachments section (refer to CASB Connect API Requirements Overview.pdf, Skyhigh Security CASB Connect Detailed API Requirements.pdf, CASB Connect API Checklist.xlsx).
Can I share the API pre-requisites with the customer?
Yes, but please note that these documents are intended for the cloud service provider (CSP). It would be helpful to share CASB Connect API Checklist.xlsx with the cloud service provider by taking help from the customer and attach the filled document with the support request being filed for new cloud service (SaaS) support through CASB Connect.
What is a connector file?
A connector file is a JSON file that describes what APIs cloud service provider has, in what order those APIs have to be called by Skyhigh Security, and how to map the response structure returned by SaaS APIs with the structure expected by Skyhigh Security.
Is the format of JSON connector file standard?
No, this is a format developed by Skyhigh Security engineering.
Who develops these connector files?
It is recommended for cloud service providers to take ownership of building and maintaining the API connectors. However, depending on priority and the cloud service provider's ability to take ownership, Skyhigh Security engineering can build these API connectors. This needs to be prioritized by product management.
How long does it take for Skyhigh Security to build an API connector using CASB Connect?
This depends on the maturity of APIs from the cloud service provider, the current backlog of the Skyhigh Security engineering team, and the priority of the cloud service provider as determined by the PM team.
Is there any guide that contains the detailed steps for creating this connector file and can it be shared with the SaaS application provider who is willing to build a connector?
Yes, please reach out to the PM team to get this document. This document/guide for creating JSON connector files is confidential and is shared with the cloud serivce provider or customer once an NDA is signed. Soon, this guide will be available for registered partners from the Skyhigh Security CASB Connect portal.
How do I know which cloud services are in the backlog for CASB Connect API?
Contact your PM.
Request new CSPs
Create a support ticket and attach the following two documents
- Use Case Checklist - to be filled by customer
- CASB Connect API Checklist - to be filled by CSP (request customer's help in getting this filled by CSP)