The Fastest Way to Extend DLP from Device to Cloud

By on Oct 30, 2019

The rise of cloud computing and bring-your-own device (BYOD) trends have expanded the traditional network perimeter to the point that business-critical information lives in places outside of the corporate-managed domains and devices. In our latest global study on cloud adoption and risk, 83% of the 1,000 enterprises we spoke to told us they store their sensitive data in the cloud. Our global study on cloud adoption and risk also highlights that Office 365 and other collaboration applications contain 42% of the most sensitive data, while Salesforce and other business SaaS applications store 24% of sensitive data.

In order to increase personal productivity and business agility, employees and organizations are adopting SaaS and IaaS at a rapid rate. Highly valuable sensitive and confidential data stored in cloud services (e.g. Office 365, Box) is shared via document sharing, email, and chat-based communication channels. Many enterprises have been using mature on-prem data loss prevention (DLP) products to protect against data loss at endpoints and throughout the network. But in our global study, only 36% told us they could enforce DLP in the cloud.

DLP Evolution: The Fastest Way to Stop Cloud Data Loss

Find out the fastest way to stop data loss in the cloud

Register Now

Enterprises using on-prem DLP can protect documents being uploaded to the cloud from managed devices. But once the document is in the cloud, it can easily be shared with other users, but on-prem DLP may not be able to detect the activity on documents stored in the cloud. There are a couple of other scenarios in which on-prem DLP will not be able to detect activity on documents in the cloud. When data is created directly in the cloud or uploaded to the cloud via an unmanaged device, on-prem DLP simply can’t be expected to detect the activity. Imagine if you are a bank or a healthcare company and your employees store sensitive and confidential data in the cloud, you introduce the risk of non-compliance and data breach.

Enterprises which run DLP see hundreds or thousands of events each month. Companies that don’t run DLP risk exfiltrating data out of the cloud. Enterprises can’t rely on on-prem DLP to monitor activity on data shared within cloud or created in the cloud. One approach is to implement a new DLP solution for cloud, which requires recreating DLP classifications, content rules and policies, causing redundant work, significant time, and inconsistent policy enforcement. If two DLP engines are running one in the cloud and another on-prem, there may be inconsistent detections and different places for handing incidents, making this nightmare approach ineffective.

It’s worthwhile to take a look at the way enterprises such as Boeing, Marsh and McLennan Companies, and US Bank implement Cloud Access Security Broker (CASB) technology to gain visibility and control over data within a cloud context. These joint customers of McAfee DLP + McAfee MVISION Cloud skip recreating content rules and policies and manage incidents and reports in one place using McAfee ePO.

Figure 1: Setup MVISION Cloud Server in ePO

McAfee ePO-based device to cloud DLP integration provides universal data protection, where enterprises can protect data in any cloud service faster than before, with full context of cloud-native collaboration and sharing. Additional CASB features, like On-Demand Scans, can be used to evaluate policies against data in a cloud service, supporting targeted investigations and continuous audits around specific types of data and collaboration. In fact, when a MVISION Cloud tenant is initially set up, an On-Demand Scan can be run to set a baseline for activity in cloud services, grabbing a valuable snapshot of expected activities. Moving forward, you could limit scans to new or updated files for malware threats, or just to specific users or folders. In fact, On-Demand Scans can be configured to look at one specific user before he or she is off-boarded, providing granular insight on short-term employee activities.

Figure 2: Creating On-Demand Scan (ODS) in MVISION Cloud

Finally, all DLP incidents from endpoint and MVISION Cloud, including anything identified by On-Demand Scans, are routed to ePO, providing customers a single pane of glass experience for managing incidents.

Figure 3: McAfee ePO showing incidents from MVISION Cloud

If you would like to learn more about the fastest way to stop data loss in the cloud, join us for an informative webinar on November 14, 2019.

About the Author

McAfee Cloud BU

Learn about cloud threats, the latest cloud security technologies, and the leading approaches for protecting data in cloud services.

Read more posts from McAfee Cloud BU

Categories: Cloud Security

Subscribe to McAfee Securing Tomorrow Blogs