Cloud DLP (Data Loss Prevention)
DLP for Cloud Security
Cloud adoption by organizations around the world has benefitted multifold. Cloud applications like G Suite, Office 365, Dropbox, Zoho, etc. have enhanced productivity, team collaboration as well as eased data sharing among businesses that have offices in one or several locations. However, moving to cloud has given way to multiple avenues of data leakage. In order to curb the data leak, an organization first needs to be well aware and vigilant on how the data is being used and shared by its users.
CloudCodes for Business provides one of the leading cloud based data loss prevention(DLP) solution for organizations. With the CloudCodes solution, enterprises can ensure that their employees do not send any sensitive information outside the corporate network. CloudCodes DLP (Data Loss Prevention) detects potential data breaches or data exfiltration transmissions, prevents data loss by monitoring, detecting and blocking sensitive data while in-use (endpoint actions), in-motion (network traffic) or at-rest (data storage).
With the advanced mechanism of CloudCodes DLP solution, admin can control the upload and download of documents on G Suite, Office 365, Google Drive, OneDrive and Dropbox. Admin can give permission to a single user, to an OU or the entire organization, as per the requirement.
An admin can set various DLP policies from the CloudCodes console, using any of the predefined templates or by adding one of their own. Using these policies, an organization can monitor, audit and control any unauthorized data activity occurring in the organization.
CloudCodes DLP supports G Suite, Microsoft Office 365, Google Drive, OneDrive and Dropbox.
The DLP policies for CloudCodes can be applied for the entire organization or to small set of users within the organization. This flexible approach helps IT to scope the implementation on few users if required.
There are two aspects of CloudCodes for Business DLP solution
Scan the data stored on cloud, detect violations and take actions as defined by the IT team
Prevent the occurrence of incidents using this approach, which alerts the IT of any attempt made
CloudCodes for Business allows the IT to define various policies based on the compliance and regulatory requirements. The IT can define policies to check -
- Documents stored on cloud contains PII/PCI/PHI information
- Documents are shared outside the organisation
- Documents are shared to personal email
- Documents are shared across organisation units
For the IT, analyzing documents stored within user’s account, to detect violations is nearly impossible due to humongous amount of data stored on the cloud. To overcome this, CloudCodes provides an API based approached which scans the documents stored on the cloud periodically and looks for violation of the above mentioned rules.
It also allows the IT to define actions to be taken when such violations are identified. For e.g, if it is found that a document is shared outside the organisation, the IT can define policies to revoke the external access. CloudCodes will scan the documents and will revoke access to external users when such documents are found. This really mitigates the risk for the organisation.
Another example for EU based organisation would be to ensure documents stored on the cloud meet GDPR compliance. One of the most important aspects of GDPR is PII (Personally Identifiable Information) . CloudCodes can help organizations meet regulatory compliance such as GDPR and others.
Unlike other CASB vendors who focuss on using API based approach, CloudCodes uses preventive control in addition to the API based approach. In preventive controls based approach, the focus is on preventing any form violations, i.e., in API based approach the identification happens after damage has been done, but in case of preventive controls we prevent the incident from occurring and alert the IT if an attempt takes place.
The following are the preventive controls that are provided as part of CloudCodes CASB solution -
- Block/Track sharing of documents outside organisation
- Block/Track downloading documents
- Block/Track access to personal account such as gmail or dropbox
- Block/Track sharing of documents across different departments within organization
This provides the IT with additional controls to control the behaviour of its users and prevent from any form of data leakage.