As the shift of IT infrastructure to cloud-based solutions celebrates its 10th anniversary, it is becoming clear that traditional on-premise approaches to data security are becoming obsolete. Instead of protecting the endpoint, DLP solutions must refocus their efforts where business data resides: in the browser.
A new guide from LayerX titled “On-Prem is Dead. Have You Changed Your Web DLP Plan?” (download here) delves into this transition, describing in detail the root cause, the possible solution paths to follow and viable implementation examples. After reading the guide, IT and security professionals will receive the relevant information they need to upgrade and upgrade their DLP solutions.
Guide highlights include:
Why DLP
The guide begins with an explanation of the role of the DLP. DLPs protect data from unwanted exposure by classifying it, determining its level of sensitivity, and enforcing protective action. This should enable organizations to detect and prevent data breaches and other malicious activities and meet compliance regulations.
What has changed for DLP and enterprise data
However, DLPs were designed with on-premise environments in mind. In these scenarios, data leaving the environment is usually attached to an email message or a hardware device. Therefore, DLPs were traditionally placed on the gateway between the corporate network and the public Internet. The rise of SaaS apps and website usage requires an approach that addresses business data in its new location: online.
3 future paths for data protection
To fill this gap, there are three ways IT and security teams can work.
1. No change – Use DLP solutions as-is by limiting data upload to insecure online locations. As explained, this solution is partially effective.
2. DLP CASB – File inspection with SaaS apps and enforce policies across apps, devices and apps. This workaround is effective for some sanctioned apps, but not for all or non-sanctioned apps.
3. Browser DLP – Monitoring data activity at the point of transaction. This solution applies policies across all vectors: devices, apps and browsers.
Since the browser is the interface between your device, websites, and SaaS apps, it is the optimal place to place the DLP. An enterprise browser extension can function as a browser DLP, thanks to its ability to deeply monitor user activities and webpage execution. It can also enforce actions such as warning and blocking dangerous user actions.
Browser DLP policy example
Here are some examples of DLP policies designed to respond to data location in cloud environments:
- Warning about sensitive files attached to email web apps.
- Block uploads of confidential files to personal Google Drives.
- Block downloads of sensitive files to unmanaged devices.
This guide is essential reading for any organization dealing with online data. You can read it here.