Glass Class - A Deep Dive On DLP
Hi guys. This is Mike from Products, and I want to talk a little bit today about the basics of data loss prevention (DLP). With DLP, typically you're looking for sensitive information inside of content.
Let's say we have a file here. We want to look for a few things. One would be personally identifiable information - that is, obviously, something you should care about and is sensitive. Payment card information - PCI - regulations around that. Or personal health information. But there's many other different types, so we'll put et cetera here, as well, for different types of ways you want to identify that something is sensitive, and you may want to apply a different type of action from a protection perspective.
Say I have this content that's sensitive. Most of the time when you're talking about DLP, you're talking about a vertical that's more regulated, something like a health care or financial services company. In that case, you might already have a Vontu or some other type of DLP solution that's already been in place. The rules you have may already have been tuned. From that perspective, you want to import those rules and apply the security to endpoints and to cloud. You can do that.
Other times you want different types of libraries, where you have different sets of rules that you can just match upon if maybe you haven't really tuned your rule base and aren't as adept into the development of these rules and processes.
From a perspective of identifying information, there's a couple places to look for it. Inside of a cloud application (things like Office 365, maybe some enterprise file sync and share application like Box, or even Salesforce from a CRM perspective), there can be data inside of it that's sensitive, and you may want to look for a couple different things.
So let's say I have this file here, and it's inside Box, and I share it outside to an external party. That might be all right, but it might not be all right if I find personal healthcare information inside of that file. So you want something that can control that and, in certain situations, be able to block that.
To accomplish this, typically you connect in something like an API. APIs can connect to cloud access security broker solutions and monitor what's going on inside of the application. That's great, but what about devices? So let's say I have a PC here and it's a managed device and it can connect up and download and author different types of content, and let's say I have an iPad that's an unmanaged device that I'm allowing in my organization. I might want to do different policies for this. It might be okay to take a file here and upload or download it to Box in this case, but that might not be okay for this unmanaged mobile device. So from that perspective, you want to insert something that is typically a proxy-based solution to look at these different types of DLP mechanisms and apply an action. So, from an upload perspective, it might be to protect the content before it gets into the cloud, so that it's already encrypted, for example. Could be outright block. Could be encrypt the content as it comes down to the mobile device, so then it's protected and it requires a password to access that content. Or it could be things like DRM.
So there's a number of different flavors you might want to do here. Typical solutions involve both of these things. So you want a solution that does both API and proxy, so you can provide that really real-time protection from a proxy, as well as this more out-of-band type protection that you get from an API. So without both of those, you're at the whim of the cloud solution, where it's trying to tell you that something's changed. And if this API isn't up to snuff from a perspective of scanning and processing times, you may have something that is not as near real-time as you'd hoped.
You combine both these things to result in a hybrid CASB or something that Gartner calls a multimode CASB, which should be really something that you're looking for when you're evaluating things like DLP and matching and whatnot.
From a high level, typically, people already have DLP and they want to import it - or they have libraries that they want to include. So Bitglass offers a number of different types of libraries and importing capabilities that you can include for things like patterns in the US, things like patterns in the UK and in EMEA and across Asian countries.
Feel free to come check it out, and we're hoping that you can learn more.