Scan SaaS applications with Cloudflare CASB

Note

Only available on Enterprise plans.

Cloudflare CASB provides comprehensive visibility and control over SaaS apps to prevent data leaks and compliance violations. It helps detect insider threats, shadow IT, risky data sharing, and bad actors.

Cloudflare's API-implemented CASB addresses the final, common security concern for administrators of SaaS applications or security organizations: How can I get insights into the existing configurations of my SaaS tools and proactively address issues before there is an incident? CASB integrates with a number of leading SaaS applications and surfaces instant security insights related to misconfiguration and potential for data loss. CASB also powers risk score heuristics organized by severity.

For more information on Cloudflare CASB, including available SaaS integrations, refer to Scan SaaS applications.

Manage CASB integrations

When you integrate a third-party SaaS application or cloud environment with Cloudflare CASB, you allow CASB to make API calls to its endpoint and read relevant data on your behalf. The CASB integration permissions are read-only and follow the least privileged model. In other words, only the minimum access required to perform a scan is granted.

Prerequisites

Before you can integrate a SaaS application or cloud environment with CASB, your account with that integration must meet certain requirements. Refer to the SaaS application or cloud environment's integration guide to learn more about the prerequisites and permissions.

Add an integration

1. In Zero Trust ↗, go to CASB > Integrations.
2. Select Connect an integration or Add integration.
3. Browse the available integrations and select the application you would like to add.
4. Follow the step-by-step integration instructions in the UI.
5. To run your first scan, select Save integration.

After the first scan, CASB will automatically scan your SaaS application or cloud environment on a frequent basis to keep up with any changes. Scan intervals will vary due to each application having their own set of requirements, but the frequency is typically between every 1 hour and every 24 hours.

Once CASB detects at least one finding, you can view and manage your findings.

Pause an integration

1. In Zero Trust ↗, go to CASB > Integrations.
2. Find the integration you would like to pause and select Manage.
3. To stop scanning the application, turn off Scan findings.

You can resume CASB scanning at any time by turning on Scan findings.

Delete an integration

Warning

When you delete an integration, all keys and OAuth data will be deleted. This means you cannot restore a deleted integration or its scanned data.

1. In Zero Trust ↗, go to CASB > Integrations.
2. Find the integration you would like to delete and select Manage.
3. Select Delete.

Integrate DLP policies

If you use both Cloudflare CASB and Cloudflare Data Loss Prevention (DLP), you can use DLP to discover if files stored in your SaaS application contain sensitive data. CASB integrations supported by DLP include:

• Google Drive
• Microsoft OneDrive
• Microsoft SharePoint

For more information, refer to Scan SaaS applications with DLP.

Was this helpful?

What did you like?

Accurate

Easy to understand

Solved my problem

Helped me decide to use the product

Other

What went wrong?

Hard to understand

Incorrect information

Missing the information

Other

Thank you for helping improve Cloudflare's documentation!