What Is Cloud DLP?
Cloud data loss prevention (DLP) helps keep an organisation's sensitive or critical information safe from cyber attacks, insider threats and accidental exposure. Cloud DLP solutions provide visibility and protection for sensitive data in SaaS and IaaS applications. Cloud DLP is a primary capability of a Cloud Access Security Broker (CASB).
Proofpoint research on Office 365 and G Suite tenants found that 25% of cloud file sharing activity constitute files that are shared broadly—publicly, externally and internally across the whole tenant.
- Prioritise data. Not all data is equally critical and in need of cloud data loss prevention. You need to identify which data would cause the biggest problem if it were stolen or which data is most likely to be targeted by attackers.
- Classify the data. This means associating a classification with the source application or the user who created the data. Data that is widely understood to be sensitive includes Social Security Numbers or credit card numbers of customers, vendors and others. There are also pre-configured rules for payment card industry (PCI), personally identifiable information (PII), and the like.
- Understand when data is at risk. Files in the cloud are often at risk when they have broad sharing permissions such as public, external or internal across all tenant. In addition, sensitive files owned by privileged and highly targeted users can also be at risk.
- Monitor data in motion. Organisations must monitor data in motion to see what’s happening to their sensitive data and to determine the scope of any issues that their cloud based DLP strategy should address.
- Practice exact data matching. Exact data matching allows you to create custom dictionary items or other custom identifiers that are unique to your company or your industry, such as financial services account numbers, local forms of ID, or medical record numbers.
- Communicate and develop controls. At first, controls can target common behaviours that most line managers would agree upon. But as the cloud DLP program matures, organisations can develop more granular, fine-tuned controls to reduce specific risks as they emerge. CASBs enable you to combine context (device, network, user) and content (data classification) to enforce more granular controls.
- Train employees and provide continuous guidance. User training can reduce the risk of accidental data loss by insiders. Employees often don’t recognise that their actions can result in data loss and will do better when educated. CASBs allow you to notify users of DLP violations in the cloud.
- Rollout. When implementing a new DLP program, apply the new security controls to just one subset of the most critical data. That way, cloud based DLP is simpler to implement and manage. Over time, more information will be included, with minimal disruption to business processes.
Cloud DLP Issues & Risks
As organisations expand their use of IT to manage their businesses, and do more computing in the cloud, more cybersecurity risks arise. These new threats demand more use of cloud data loss prevention (DLP) technology. Cloud DLP solutions use business rules to classify and protect confidential and critical information—and deploy the necessary cloud security solutions — so that users and compromised user accounts cannot accidentally or maliciously share data, which would put their organisations at risk.
Organisations are adopting cloud DLP because of emerging threats based on social engineering and rigorous new data privacy laws that require stringent data protection or data access requirements.
At the same time, many of your current or former employees may have access to sensitive or valuable information and could misuse that access for personal or professional gain. According to Ponemon, the number of insider-caused cybersecurity incidents has increased by a whopping 47% since 2018. And the average annual cost of Insider Threats has also skyrocketed in only two years, rising 31% to $11.45 million. Being aware of the threats originating inside or outside your organisation is more important than ever.
Cloud DLP Threats
As your company grows, so does the threat of a cyber attack. With data breaches making the headlines more than ever, organisations are forced to consider the safety of their cloud data, the policies they have in place to protect it, and the strategies and tools they must have at their disposal for breach mitigation.
Also, the threat from a cyber-attack is not just in terms of money. Organisations also need to remove the risk of the wrong material leaving their company. This includes proprietary material, offensive material, material not in compliance with government regulations or your own policies, or sensitive material addressed to the wrong person.
Tips for Cloud Protection
Among the things you should do to effectively roll out cloud data loss prevention is to evaluate all the security issues within your organisation, classify the various types of data you manage, and the risks associated with that data being compromised. Provide employee user training, which can reduce the risk of accidental cloud data loss by insiders. And deploy people-centric controls to your sensitive data.
Finally, understand that cloud data loss prevention is an evolving approach to cybersecurity. Start by securing a subset of the most critical data in your organisation. That way, cloud data loss prevention will be simpler to implement and manage. That successful pilot program will make it easier for expansion of the program to more of your organisation.