Use SaaS Security API to have visibility into and control
over how your users are accessing and sharing data across SaaS applications.
SaaS Security API enables you to consistently define
and enforce policy for securing data across all your sanctioned
software as a service (SaaS) applications. Although each application
has its own settings to secure how users can store and share data,
the settings and levels of enforcement vary by application. By adding
your applications to SaaS Security API, you have visibility into
and control over how your users are accessing and sharing data across
your sanctioned applications.
When SaaS Security API first connects to an application, it scans
all the assets in the application and matches against the policy
rules to retroactively uncover incidents and then displays all active
incidents on the Dashboard. To maximize the results from this initial
discovery process, configure the global scan settings for policy,
examine your corporate acceptable use policy for SaaS applications,
and review the default policy rules in SaaS Security API before you
start the scan.
Configure SaaS Security API to control unmanaged device access
to your sanctioned applications by redirecting traffic through your
next generation firewall. Utilizing your existing corporate Identity
Provider, add SaaS Security API and SaaS application integration
to authenticate requests and grant access to users using SaaS Security
API as SAML proxy.
Additionally, you can use SaaS Security API to connect to your
Cortex Data Lake to access your next-generation firewall or GlobalProtect
Cloud Service logs to present a holistic view of sanctioned and
unsanctioned SaaS application usage. This visibility on SaaS Security
API provides you granular control over access, sanctioned application
usage, and external exposure of data.
While SaaS Security API performs deep content inspection, it
does not store any data from your monitored applications. It stores
only metadata about your assets, which is data about your data.