As the shift of IT infrastructure to cloud-based solutions celebrates its 10-year anniversary, it becomes clear that traditional on-premises approaches to data security are becoming obsolete. Rather than protecting the endpoint, DLP solutions need to refocus their efforts to where corporate data resides - in the browser.
A new guide by LayerX titled "On-Prem is Dead. Have You Adjusted Your Web DLP Plan?" (download here) dives into this transition, detailing its root cause, possible solution paths forward and actionable implementation examples. After reading the guide, security and IT professionals will be equipped with the relevant information they need to update and upgrade their DLP solutions.
Guide highlights include:
Why DLP
The guide commences with an explanation of the role of the DLP. DLPs protect data from unwanted exposure by classification, determining its sensitivity level, and enforcing protective action. This is supposed to allow organizations to detect and prevent data breaches and other malicious activities and meet compliance regulations.
What Has Changed for DLP and Corporate Data
However, DLPs were designed with on-prem environments in mind. In these scenarios, data that leaves the environment is usually attached to an email or a hardware device. Therefore, DLPs were traditionally placed on the gateway between the corporate network and the public Internet. The rise of SaaS apps and website use requires an approach that addresses corporate data in its new location: online.
3 Data Protection Paths Forward
To address this gap, there are three ways security and IT teams can operate.
1. No Change - Using DLPs solutions as they are while limiting data uploads to insecure online locations. As explained, this solution is partially effective.
2. CASB DLP - Inspecting files with SaaS apps and enforcing policies between apps and devices and apps. This solution is effective for some sanctioned apps, but not for all or for unsanctioned ones.
3. Browser DLP - Monitoring data activity at the transaction point. This solution enforces policies across all vectors - devices, apps and the browser.
Since the browser is the interface between the device and websites and SaaS apps, it is the optimal location for placing the DLP. An enterprise browser extension can operate as a browser DLP, thanks to its ability to deeply monitor user activities and the web page execution. It can also enforce actions like alerting and blocking dangerous user actions.
Example Browser DLP Policies
Here are some examples of DLP policies that are designed to answer data location in a cloud environments:
- Alert about confidential files being attached to email web apps.
- Blocking confidential file uploads to personal Google Drives.
- Blocking confidential file downloads to unmanaged devices.
This guide is an essential read for any organization dealing with data that is online. You can read it here.
