Glass Class – Integrating CASB with DLP
Hi everyone and welcome to another edition of Bitglass Glass Class. Today we're going to be talking about DLP, which stands for data loss prevention. Now, traditionally DLP tools were deployed on the endpoint and they were designed to protect data from leaking outside of the organization.So endpoint DLP is where it all started and these solutions were typically deployed on premises. Now as organization's started to move out into the cloud, some of these end point based on-premises DLP solutions were not able to keep up with cloud applications. And so as a result, many organizations are now rolling out CASBs, which stands for cloud access security brokers and the CASBs protect cloud based sensitive data. So with a CASB, as people upload and download files into a cloud application, the CASB can scan that data via the proxy and maybe encrypt or block sensitive data as it goes into an out of the application. It can also scan for malware and block malware going into the application as well. CASBs can also do an API scan for data that's already at rest in the application. If it matches a particular DLP pattern, the CASBs integrated DLP solution can either quarantine or remove sharing from that sensitive file to prevent unnecessary exfiltration of that data. Now many organizations already have an investment in a on-premise endpoint based DLP solution and they're wondering how they can integrate that when they move into a CASB so they can leverage their existing investment. So for integration options, there are a couple of different things that we can do. The easiest of course is to export your existing DLP policies from your on-premises system and import them into your CASB. This will allow you to leverage the hard work you've already put in in creating those DLP rules and to reuse the same rules within the CASB for both the API and proxy deployments. The other option is what's known as ICAP. ICAP is a protocol that is used by on premises DLP solutions to integrate with other solutions such as CASBs. Now when a CASB does an API scan of a cloud application such as Google drive, the CASB now has the option to scan that file itself, but to also forward that file via the ICAP protocol to the on-premises DLP engine. The on premises DLP engine can then perform its own analysis of that file and it can take action such as logging that transaction or potentially flagging that file for the administrator to talk to whoever owns that file so that they can become aware that sensitive data is residing in the cloud. If you have any questions, we'd be happy to go into this integration and answer any questions you might have in greater detail. And thank you for joining us for another session of Glass Class.