How to control enterprise data security in the cloud era

In the cloud era, enterprise data security should be controlled in this way. In the 20 16 security industry event RSA 20 16, DLP (data loss prevention) became the most concerned product for enterprise users, and there were as many as 88 DLP classification manufacturers at the conference. From this conference, we can see some development trends of enterprise data leakage prevention products.

Integration of DLP and gateway functions

Integrate DLP with the traditional security functions of gateway products, and realize security detection and defense from the content level, such as adding DLP function to Web gateway, adding DLP function to URL and anti-spam gateway, etc. , the representative manufacturers are Forcepoint and ClearSwift.

DLP+ Based on Terminal Encryption and Access Control

Block data leakage from the source. At the terminal, different access rights, operation rights and going out rights are controlled, and different permission policies are formulated for the sender and the receiver. The data is encrypted when it is sent out, and only the trusted receiver can see the contents of the file or perform corresponding operations on the file. I represent Vera and Fasso.

Application-specific DLP

DLP detection only for specific applications (such as Exchange, outlook, office365, SharePoint) or specific channels (e-mail cloud services). Such products will control access, printing, copying and other operations at the terminal, define sensitive information detection strategies for file types, senders and contents, and realize DLP detection of fixed terminals and mobile terminals. Representative manufacturers include Messageawre, Mimecast, etc.

CASB has become an important direction of public cloud environment.

With the increasing dependence of foreign (especially American) enterprises on SaaS(Office365, DropBox, Box, Facebook and other cloud services), many data and services are migrated to cloud services and cloud platforms, and the use of public cloud environment by enterprise employees will also become a security issue. Data leakage has become a major threat to cloud security. When uploading or sharing files through cloud services such as Office365, DropBox and cloud storage, data leakage may occur. The method of CASB(Cloud Access Security Broker) is a solution to protect enterprise data from being leaked anytime and anywhere. DLP implementation based on CASB can be divided into two forms:

Form 1: Dealing with DLP problems within enterprises

Keep the original DLP product hardware and software form unchanged, and increase the support for cloud services and cloud applications on the original gateway, which can be deployed at the terminals and boundaries of enterprise networks. On behalf of traditional DLP vendors such as Symantec, Intel Security (McAfee) and AvePoint.

Table 2: Dealing with the DLP problem of employees' mobile office.

As a cloud service, CASB is deployed on the cloud platform used by enterprise employees, and provides users with services such as single sign-on, access control, behavior monitoring, data protection, security and compliance in the cloud. DLP is an important issue to be considered by CASB, and it is also the clear direction of product landing. CASB is also actively seeking cooperation with traditional DLP manufacturers. For DLP, compared with the traditional border deployment scheme, CASB is different in that it combines the dimensions of users, devices, content and applications to understand how data is shared or used in the cloud environment, so as to make corresponding policy configuration. The DLP product form based on CASB has also changed from the traditional network+endpoint+storage DLP to cloud+mobile DLP. Representative manufacturers include Skyhigh and BlueCoat.

How to control enterprise data security in the cloud era

Data is the most important asset in an enterprise, and it needs to be protected most, so data security becomes more and more important. With the continuous development of public cloud and BYOD technology, Data Loss Prevention (DLP), as the most important technical product in the field of data security, is also facing the challenge of "realizing data leakage protection in the cloud". Although domestic enterprises and individual users are less dependent on cloud services and applications, cloud+mobile DLP will become the development trend of DLP products, and domestic DLP products also need to quickly adapt to the transition from on-premise to cloud-based.

Data leakage prevention system: This is a set of software system to ensure data security and safe use from the source. Including transparent file encryption and decryption, internal file circulation function, security level control, offline management, file delivery management, flexible approval process, working mode switching, server white list and other functions. Fundamentally prevent information leakage and ensure information security.