Data no longer resides behind the four walls of the traditional enterprise perimeter—it’s everywhere, and can be accessed from seemingly anywhere, thanks to the rapid embrace of cloud by enterprises and the acceleration of hybrid work, or work-from-anywhere, behind the global pandemic. Despite so much change, or perhaps because of these cloud, workplace, and data transformations, data protection is more important than ever—people and data have to be protected everywhere, so security controls must keep up.
In an increasingly hybrid world, more workers are actively choosing to work from home long-term, not just conforming to pandemic restrictions on office gathering. That means that every home network, peripheral, and device within range of a hybrid worker becomes a new expansion to the attack surface—more potential for data exfiltration to occur across networks, applications, and endpoint devices. Let’s say a departing employee decides they want to download sales records to take with them to their new job. They could easily pop in a USB thumb drive and download the data, and there’s nothing much that network or cloud-based data loss prevention (DLP) solutions can do about it: because the data isn’t being sent across the network or the cloud, exfiltration happens with no oversight.
Endpoint DLP solutions resolve this problem by providing visibility and protection capabilities at the device level. However, traditional endpoint DLP relies on cumbersome clients that enforce policies at the endpoint, using up valuable compute resources and slowing down users in the process. In addition, traditional endpoint DLP solutions are siloed off from other DLP functions, requiring individual policy management across each solution. For security teams, this kind of siloed policy management is not only tedious to keep up with, but also winds up costing the organization more in the long run, both in expenses and work hours.
Redefining endpoint DLP
In a hybrid work world, the Netskope Intelligent SSE platform helps to protect data everywhere it goes. A key feature of Netskope Intelligent SSE is Zero Trust Data Protection, which applies zero trust principles to make better context-aware decisions about trust and access for a given user based on a number of factors, including user identity, device identity, security posture, time of day, geolocation, business role, and the sensitivity level of the data. These contextual decisions result in robust data policies that are uniformly applied across the cloud, web, email, private apps, and devices.
With that in mind, we’re pleased to introduce Netskope endpoint DLP as an extension of Zero Trust Data Protection, allowing those context-aware decisions to extend to the endpoint without any of the hassles or limitations of traditional endpoint DLP solutions. Here’s what sets Netskope endpoint DLP apart:
- Lightweight, cloud-based agent: Netskope endpoint DLP leverages a lightweight agent for delivering endpoint DLP, securing access to the web and cloud, with almost all security inspection happening in the cloud. With Zero Trust Data Protection, IT defines context-based policies in the cloud that denote whether data should be shared or not, and these are then pushed down to apply on the endpoint as well. Any new data is sent from the endpoint to the cloud for inspection. Operating from the cloud helps make for a user experience that is less intrusive while still keeping sensitive data safe from potentially leaving an endpoint.