Data Protection Top 6 Questions to Ask Your Cloud DLP Vendor: Shadow IT
Mar 26 2019

Top 6 Questions to Ask Your Cloud DLP Vendor: Shadow IT

We’ve put together an ebook of considerations when choosing a cloud DLP vendor to protect sensitive data in the various cloud services that your employees use. We’ll go over the second consideration in this blog post.

Sanctioned cloud services like Microsoft Office 365, G Suite, Box, and more are important to secure as organizations roll them out. Many CASBs include DLP policy enforcement for these sanctioned apps – but oftentimes sensitive data is shared in cloud services not sanctioned by IT (shadow IT). In fact, many ecosystem services connected to sanctioned services like Office 365 are used and have access to sensitive data, including apps like DocuSign, and should have DLP controls placed to prevent improper sharing of data.

Question 2: Will I be able to secure data in all cloud services, sanctioned and unsanctioned (shadow IT)?

Many CASBs only allow for DLP policy enforcement for sanctioned cloud services like Microsoft Office 365, Google G Suite, Salesforce, Box, and the like. For unsanctioned, shadow IT services, most CASB solutions either cover a limited amount of services (<20) or not at all.

What to look for: Look for CASBs that can cover all sanctioned cloud services as well as thousands of unsanctioned ones. With sanctioned services like Microsoft Office 365, make sure the solution allows for DLP policies to be set across the entire suite, not just SharePoint, OneDrive, and Outlook, but also services like Dynamics, Power BI, and more. For shadow IT, require solutions with comprehensive deployment options and a granular policy engine to thousands of unsanctioned cloud services as opposed to a handful.

Test for it: Test for it by setting a granular DLP policy like restricting upload of PII to top shadow IT cloud services used in your organization, especially from off-premises employees.

For the full ebook, go here.

author image
About the author
Greg Mayfield is a senior member of the Netskope Product Marketing team focusing on cloud security and data protection solutions. He has worked in network and cloud security for over 2 decades in various strategic and product marketing roles in multiple companies, including Gigamon, Blue Coat, Cisco, Novell and Nortel.
Greg Mayfield is a senior member of the Netskope Product Marketing team focusing on cloud security and data protection solutions. He has worked in network and cloud security for over 2 decades in various strategic and product marketing roles in multiple companies, including Gigamon, Blue Coat, Cisco, Novell and Nortel.