Data Leakage Prevention in the Age of Cloud Computing: A New Approach


As the shift of IT infrastructure to cloud-based solutions celebrates its 10-year anniversary, it becomes clear that traditional on-premises approaches to data security are becoming obsolete. Rather than protecting the endpoint, DLP solutions need to refocus their efforts to where corporate data resides – in the browser.

A new guide by LayerX titled “On-Prem is Dead. Have You Adjusted Your Web DLP Plan?” (download here) dives into this transition, detailing its root cause, possible solution paths forward and actionable implementation examples. After reading the guide, security and IT professionals will be equipped with the relevant information they need to update and upgrade their DLP solutions.

Guide highlights include:

The guide commences with an explanation of the role of the DLP. DLPs protect data from unwanted exposure by classification, determining its sensitivity level, and enforcing protective action. This is supposed to allow organizations to detect and prevent data breaches and other malicious activities and meet compliance regulations.

However, DLPs were designed with on-prem environments in mind. In these scenarios, data that leaves the environment is usually attached to an email or a hardware device. Therefore, DLPs were traditionally placed on the gateway between the corporate network and the public Internet. The rise of SaaS apps and website use requires an approach that addresses corporate data in its new location: online.

To address this gap, there are three ways security and IT teams can operate.

1. No Change – Using DLPs solutions as they are while limiting data uploads to insecure online locations. As explained, this solution is partially effective.

2. CASB DLP – Inspecting files with SaaS apps and enforcing policies between apps and devices and apps. This solution is effective for some sanctioned apps, but not for all or for unsanctioned ones.

3. Browser DLP – Monitoring data activity at the transaction point. This solution enforces policies across all vectors – devices, apps and the browser.

Since the browser is the interface between the device and websites and SaaS apps, it is the optimal location for placing the DLP. An enterprise browser extension can operate as a browser DLP, thanks to its ability to deeply monitor user activities and the web page execution. It can also enforce actions like alerting and blocking dangerous user actions.

Here are some examples of DLP policies that are designed to answer data location in a cloud environments:

This guide is an essential read for any organization dealing with data that is online. You can read it here.


Please enter your comment!
Please enter your name here