Security "Bits"

Moving to the cloud? Here's why you need cloud DLP.

By Salim Hafid | September 8, 2016 at 2:00 PM


As organizations migrate to the cloud, they inevitably lose control over the infrastructure and application, delegating responsibility for security of these critical pieces to app vendors like Microsoft and Salesforce. The new data reality, where corporate information is accessible from any device, anywhere, the enterprise remains responsible for data security. 

Data Leakage Prevention (DLP) has long existed as a premises-based solution, capable of quickly identifying sensitive information and limiting access to that data. These traditional DLP solutions, however, struggle to distinguish between trusted and untrusted devices, they are limited in their ability to protect data on unmanaged devices, and they provide inadequate protection beyond the network perimeter.

Cloud DLP, a powerful component of broader CASB offerings, provides real time protection over data at access and after download. Among the benefits of a cloud-based CASB DLP are:

1. Real-time protection applied to all data at download, even on unmanaged devices.

For all the benefits of public cloud apps, easy access from any device does pose a risk to corporate data. Unmanaged devices in particular offer limited control over data after download. To mitigate this threat, organizations can use cloud DLP in conjunction with a proxy-based CASB to control data at access. By proxying traffic on unmanaged devices, IT can ensure that every session is secure and every file protected.

2. Granularity of protection based on context.

Robust cloud DLP solutions offer granular controls and broad support for all major cloud apps, particularly useful in organizations that want to limit access in a particular set of cases. Where a context aware DLP engine can distinguish between managed and unmanaged devices, between users, and more, different policies can apply to different groups - stringent controls in riskier contexts and lightweight policy actions on managed devices, for example. Say a financial services organization wants to redact all SSNs and customer credit card numbers on unmanaged devices. This is easily accomplished with cloud DLP, where emails, text documents, spreadsheets, and more are redacted in real time. 

3. Control over external sharing.

Office 365, Dropbox, and other cloud apps have made collaboration incredibly easy. One-click external sharing, however, may result in unintended data leakage - it's no surprise that such capabilities make IT leaders uneasy. With a content-aware cloud DLP engine, data-at-rest is regularly scanned to identify sensitive data that matches set policies, and offending files automatically blocked or quarantined for review. 

4. Ease of deployment.

Whether you have an existing premises-based DLP solution and need to migrate those policies or need to create new policies that take advantage of granular controls, a robust CASB DLP solution makes rules easy to create and modify. What's more, DLP policies set with a CASB like Bitglass apply across all cloud apps you have deployed in your organization.


Try a Bitglass demo today to learn more about our powerful DLP solution.

15 minute live demo



see all