We’ve written an ebook of considerations when choosing a cloud DLP vendor to protect sensitive data in the various cloud services that your employees use. We’ll go over the first consideration in this blog post.
There are many ways for sensitive data to leak into the cloud, outside of the purview of security teams. With employees accessing cloud services from various devices (managed and unmanaged), networks, and locations, it’s hard for security teams to gain the visibility and control needed to detect sensitive content like PII, PHI, PCI, confidential documents, and more. One consideration organizations need to think about when choosing a cloud DLP vendor is whether that vendor can secure all methods in which sensitive data can leak in the cloud – whether that’s from unmanaged devices, off-premises locations, unsanctioned/shadow IT cloud services, and more.
Question 1: Can I cover all the ways sensitive data can leak?
Over 50% of all cloud traffic comes from mobile devices. Workforces are distributed and access cloud services from various locations and networks. You need to be able to enforce your policies wherever your users are and whatever their device or method of access.
What to look for: Pick a cloud security platform with comprehensive monitoring and control at the activity and content level, whether users are on-premises or remote, on a mobile device or even using mobile apps or sync clients. Make sure your team can differentiate your policy enforcement between managed (corporate) and unmanaged (personally-owned) devices. Ensure the solution covers all possible cloud traffic regardless of location, device, or network.
Test for it: Test for it in your CASB by triggering a DLP policy in a native sync client. Confirm the policy enforcement and look for a coaching message to the user offering an alternative to the violated policy. Also, verify two policies that have the same triggers but different actions based on device ownership.
For the full ebook, go here.