The Next Frontier for Data Loss Prevention is the Cloud
Posted by skyhighnetworks on April 16th, 2014
“I no longer worry about employees emailing sensitive information. What keeps me up at night is the thought of data being uploaded to cloud apps,” says Jordan Michaelson, Director of Security at Henderson Electronics. As technology has changed in the last 5 years, corporate security teams have to keep up.
During the last decade, companies invested heavily in data loss prevention solutions to protect them from data leakage via email, USB drives, and printing. The fear at the time was a well-intentioned employee accidently emailing sensitive or regulated information like social security numbers or credit card numbers. Many regulations including HIPAA, HITECH, and GLBA place strict controls on the movement of data.
With the explosion of cloud services in the last few years, employees now have access to thousands of low-cost or free applications for everything from cloud storage, marketing applications, sales, and financial applications. The new threat is sensitive data being uploaded to the cloud and either being lost via a security breach at the cloud provider, or being transferred or sent outside the company.
What companies need is a new solution that extends their data loss prevention policies from on-premise applications like email to where employees work and collaborate today – in the cloud. “The same way we enforce our policies for regulated data on the network, we want those same controls whether data is in the cloud or wherever it goes,” says Michaelson.
When a potential issue arises, companies either elect to investigate, or some data loss prevention policies require the a policy violation to be prevented before it exposes the company to risk or compliance violations. For instance, a company may want to encrypt certain data such as social security numbers in the cloud, while stopping credit cards from being uploaded altogether.
Since many companies invested in on-premise DLP software from companies like Symantec, Websense, and McAfee, they also want to use the same policies and escalation workflows without splitting their DLP efforts between 2 different technology solutions. These vendors will hopefully invest in extending data loss prevention to cloud services, or partner with companies who can.
Skyhigh Networks, the Cloud Security Services company, enables companies to embrace Cloud Security Services with appropriate levels of security, compliance, and governance while lowering overall risk and cost. With customers in financial services, healthcare, high technology, media, manufacturing, and legal verticals, the company was a finalist for the RSA Conference 2013 Most Innovative Company award and was recently named a "Cool Vendor" by Gartner, Inc. Headquartered in Cupertino, Calif., Skyhigh Networks is led by an experienced team and is venture-backed by Greylock Partners and Sequoia Capital. For more information, visit us at http://www.skyhighnetworks.com/cloud-data-loss-prevention/ or follow us on Twitter@skyhighnetworks.