As the transformation of IT infrastructure to cloud-based solutions turns 10, it’s clear that traditional on-premises approaches to data security are becoming obsolete. DLP solutions need to refocus their efforts on where the corporate stuff lives (in the browser) rather than protecting the endpoints.
LayerX’s new guide, titled “On-Prem is Dead. Have You Adjusted Your Web DLP Plan?” (download here) takes a deep dive into this shift, detailing its root causes, possible resolution paths, and what’s possible implementation example. After reading this guide, security and IT professionals will have the information they need to update and upgrade their DLP solutions.
Guide highlights include:
Why choose DLP
The guide begins by explaining the role of DLP. DLP protects data from unnecessary disclosure by classifying it, determining its level of sensitivity and implementing protective measures. This should allow organizations to detect and prevent data breaches and other malicious activity and meet compliance regulations.
What happened to DLP and company data
However, DLP is designed with the local environment in mind. In these scenarios, the data leaving the environment is typically attached to an email or a hardware device. Therefore, DLP has traditionally been placed at the gateway between the enterprise network and the public Internet. The rise in the use of SaaS applications and websites requires a way to handle business data in a new location: online.
3 ways forward for data protection
To bridge this gap, security and IT teams can operate in three ways.
1. No change – Use the DLP solution as-is while limiting the uploading of data to unsecured online locations. As explained, the solution is partially effective.
2.CASB DLP – Use SaaS applications to inspect files and enforce policies across applications, devices and applications. This solution works for some approved apps but not all or unapproved apps.
3. Browser DLP – Monitor data activity at transaction points. This solution enforces principles across all media (devices, applications, and browsers).
Since the browser is the interface between the device and websites and SaaS applications, it is the best place to put DLP. Enterprise browser extensions can operate as browser DLP because they enable in-depth monitoring of user activity and web page execution. It can also enforce actions such as alerts and blocking dangerous user actions.
Browser DLP Policy Example
Here are some examples of DLP strategies designed to answer the question of where data is in a cloud environment:
- Alerts about confidential documents attached to email web applications.
- Block confidential files from being uploaded to your personal Google Drive.
- Block confidential files from being downloaded to unmanaged devices.
This guide is a must-read for any organization that handles online materials. You can read it here.
