How Cloud App Security Works

To protect users from advanced threats and to prevent data loss, Cloud App Security searches for security risks and undesirable data sent through email or saved in cloud storage by performing real-time scanning on files in supported cloud applications, including Exchange Online, SharePoint Online, OneDrive for Business, Box, Dropbox, Google Drive, and Gmail.

  • For email services, scanning occurs when an email message arrives at a protected mailbox.

  • For the other cloud applications, scanning occurs when a user uploads, creates, synchronizes, or modifies a file.

Through a cloud service connector, Cloud App Security scans email messages in protected mailboxes and files in protected cloud storage. Cloud App Security provides default policies for protected services after they are successfully provisioned. The default policies are disabled upon creation and do not scan targets until you enable them. Upon detecting malicious or undesirable content, Cloud App Security automatically takes action against the email or file according to enabled scanning policies. Configure policies to scan specific targets and then take certain action or send a notification based on the security risk. Each policy applies only to the targets configured within the policy.

The following illustrates how Cloud App Security works.
Note:

Cloud App Security adopts an API-based architecture rather than a proxy-based architecture to provide advanced protection. It starts scanning when an email message arrives at a protected mailbox or a file is saved to cloud storage. This unique API-based architecture guarantees that Cloud App Security has "zero impact" on your email message delivery or file sharing as well as commitments defined in your service level agreements.