Any detector assigned to a policy group will attempt to load any/all policies assigned to it. 

Release : 15.x.x / 16.x.x

Component : Any

Its considered best practice to separate policy groups based on detection types. If you have a policy group assigned to both Email and WSS/CASB detectors, then the policy and response rules will get assigned to both. Since most response rules should only be assigned to specific detector types, it will have issues handling the response rules, which can impact policies/performance.  

Create a policy group only for CASB data-at-rest policies, and assign it only to the CASB detector. Do this for WSS, Email, and endpoint as well. 

Update: The Engineering teams have released an update to the Cloud Services that is expected to change this behavior.

The permanent fix has been applied on the Cloud Detection Service, as per the Advisory: 

Some policies fail to trigger with Cloud Detection Service (CDS) after upgrading to DLP 16.0