glass class - limitations of traditional DLP approaches
Hi, guys. This is Mike from Bitglass Product Management. I want to talk a little bit about the limitations of traditional DLP (vs cloud DLP). Traditional DLP is basically application of DLP policies at the send time. If you think about email, what you get from a traditional DLP solution is things like matching for keywords, like confidential, or proprietary or whatnot, regex patterns, as well as things like more advanced combinations, which would be things like a keyword in combination with a regex pattern in some proximity, and then weighted by the number of occurrences to give you confidence level for how sensitive this either body, let's say, of an email or a content inside of attachment may be.
What this is all based on is rules at that sending time, so should I be able to take a document that contains a large number of social security numbers? Let's say I have access to that because I'm in HR. And send that out to outside of the company? This works great for that, but what about the use cases for internal uses of DLP material? If I am in HR, and I am supposed to be able to operate on large amounts of sensitive data, some PII, and let's say it's in the healthcare world, maybe PHI, there can be problems with the synchronization of that data to various different locations. This is important and I want some traditional DLP approaches where I can say, "Don't send."
What it doesn't solve is some of the more holistic type of DLP approaches that are really focused on the download side, so Bitglass has a solution that allows us to analyze content at download time and take different actions. I can say, for a manage device, I'm allowed to download an attachment, let's say, from an email that contains these large number of social security numbers because I have to work ... I was an HR individual, but I don't want that to happen on a un-manage device, so Manage vs. Not. Another concept is analogous to that, if you're not in the PC world, for something like a BYOD device. If I have a BYOD device, and if we go back to that HIPAA example a second ago, you really don't want me to download large amounts of content to a device that I own because I can get in violation of a compliance law, and cause me to pay actual fines, which is a major problem.
In essence, what you really want is a combination of both these kind of traditional type DLP, as well as some of this more advanced, contextual DLP that can do things like match on groups, match on trusted device, match on the context of user, and maybe even match on the user's basic baseline of activity. They're normally in San Jose, California, and all of a sudden they're going on a trip around the world and maybe they're in China, for you think there's censorship issue there, and they may be inspecting content that's being download in some of those networks, maybe you don't want them to download that content at all, whereas you would have if they were in the US. Contextual type DLP at the download time is also critical as well. We'd love to talk more about that with you. Thanks again.