Using DSPM Cloud DLP Integration for SaaS

Overview

This document explains how Proofpoint Cloud DLP (CASB) customers can leverage Proofpoint DSPM to discover and protect sensitive SaaS data using Proofpoint Unified DLP Detectors. It outlines what the integration offers, how it works, and how to use it.

What is Proofpoint DSPM?

Data Security Posture Management (DSPM) enables at-rest data discovery and contextual risk analysis across SaaS and IaaS environments.

Key capabilities include:

  • Discovering sensitive data at rest across cloud services

  • Classifying risks based on sources, sensitive content and exposure level (e.g., external sharing, public links)

  • Assessing data compliance and posture risk

DSPM provides posture-level visibility into where your data resides, how it’s exposed, and what actions you can take to mitigate risk.

What is Cloud DLP (CASB)?

Cloud DLP (also offered as part of Proofpoint CASB), focuses on monitoring cloud activity and enforcing data-in-use policies within SaaS environments. Key capabilities include:

  • Detecting data loss through user activity (e.g., file share, upload, download)

  • Alerting on policy violations using configurable security rules

  • Performing automated or manual remediations (e.g., removing shared links, quarantining files)

  • Leveraging Proofpoint Unified DLP Detectors for consistent content inspection

Cloud DLP helps enforce proactive controls for data-in-motion and user behavior in SaaS apps.

Benefits of Integrating Cloud DLP and DSPM

The integration connects discovery and enforcement workflows to deliver the following benefits:

  • End-to-end data protection: Discover risks in DSPM and enforce policies with Cloud DLP

  • Prioritized enforcement: Focus DLP efforts on DSPM-identified high-risk data

  • Fewer false positives: Reduce noise by basing policies on real-world posture insights

  • Audit readiness: Demonstrate which DSPM risks are actively protected by DLP rules

What Does the Integration Include?

Soft Linking of DSPM Risk Signatures to Cloud DLP Rules

The integration creates soft links between DSPM risk signatures (DSPM policies) and Cloud DLP rules based on shared logic.

Matching Criteria for Soft Linking:

  • Same Proofpoint Unified DLP Detectors

  • Same SaaS application (e.g., Google Drive, OneDrive)

  • Same exposure level (e.g., public, external, internal)

  • Matching activity types on cloud DLP (e.g., content sharing, update)

Soft links are dynamic and updated automatically when rules are created or changed. Multiple DLP rules can link to the same DSPM risk signature and the same DSPM risk signature can be linked to multiple rules. Cloud DLP Rules may include additional attributes or remediation actions and still retain linkage.

Example : DSPM Risk page showing linked Cloud DLP rules

Setting Up the Integration

No manual configuration is required: the integration is automatically enabled for customers with Proofpoint CASB/Cloud DLP and DSPM licenses.

Once both products are enabled, rule-risk linking is automatically evaluated and available in the UI.

How to Create Cloud DLP Rules from DSPM Risks

  1. In the DSPM console, navigate to the Risk Signatures (DSPM Policies) tab.

  2. Select a SaaS risk that supports Cloud DLP integration.

  3. Open the DLP Rules tab.

  4. Click + DLP Rule. A new tab opens the Cloud DLP rule editor in CASB, with settings pre-filled from the DSPM risk.

  5. Review and customize as needed

  6. Save the rule

If you modify the rule such that it no longer matches the original DSPM signature (e.g., change detectors, application, exposure level), you’ll receive a warning that the rule will no longer be linked.

Example: Rule creation from DSPM risk in CASB

Viewing Linked Cloud DLP Rules from DSPM

From a DSPM Risk signatures (Policies) page:

  • Select a SaaS risk that supports Cloud DLP integration

  • Open the DLP Rules tab to view all linked Cloud DLP rules

  • You’ll see rule name, criteria and attributes, response action and rule status

  • Click Edit Rule to edit it in the CASB UI

If no linked apps are connected to the selected CASB tenant, you will see a special message with a call to action to connect relevant SaaS apps.

Example: DSPM → Linked Cloud DLP Rules tab

Viewing Linked DSPM Policies from Cloud DLP Rules

From the Cloud DLP rules page in CASB, under the Data Rule category, a column titled DSPM Policies shows the number of linked risks.

To open the rule preview panel, click on a rule. The DSPM Policies tab shows all linked risks with the following information:

  • Risk name

  • Risk category and impact

  • Date discovered

  • Tags

Example: Cloud DLP rule showing DSPM Policies tab

Known Issues and Limitations

  • Only Proofpoint Unified DLP Detectors are supported for the integration. Customers with legacy DSPM detectors should contact Proofpoint Support to migrate their DSPM SaaS risk signatures (policies) to use the proofpoint unified DLP Detectors.

  • Integration is available only for SaaS apps (Google Workspace, Microsoft 365). Salesforce, Slack, and IaaS risk signatures are not yet supported for rule linkage

  • Only Data Rules in Cloud DLP are eligible for linking.