Warakorn - Fotolia

Cloud DLP: What are the benefits for enterprises?

Expert Dan Sullivan explains how enterprises can manage cloud DLP for data in cloud file storage services that offer offline synchronization.

With services such as Enterprise Box, Dropbox for Business and Microsoft OneDrive for business, how can enterprises...

tackle the cloud DLP aspect, especially given the fact that most of these services offer offline synchronization?

Cloud file-sharing services are a staple of business collaboration. A draconian --and probably counterproductive -- option is to block access to file-sharing services entirely. This approach may prevent employees from sharing confidential or sensitive information, but it also blocks legitimate business use cases.

Alternatively, organizations can use the security controls in enterprise-grade services, such as Dropbox for Business and Enterprise Box. For example, Dropbox for Business enables administrators to define passwords and expiration dates on shared links. In addition, groups of users can be defined to limit access to specific folders. Enterprise Box has its own set of security controls that can do reporting and maintain audit trails, and that include reports on users' activities.

When more control over the type of content that is shared on these services is required, consider cloud DLP tools. Cloud access security broker SkyHigh Networks, for example, offers a service that enables compliance with HIPAA, PCI DSS, the Sarbanes-Oxley Act and the Gramm-Leach-Bliley Act, among other regulations. McAfee Total Protection for Data Loss leverages data classification techniques to reduce the volume of data that must be examined by data loss prevention policy enforcement mechanisms. Data loss prevention tools typically enable administrators to define policies that describe file types, regular expressions, and keywords that indicate sensitive or protected content that should not leave the corporate network.

Offline synchronization can lead to problems if sensitive content is copied to personal mobile devices. Look for services that enable remote, selective wiping of content on mobile devices. Dropbox Business offers such a feature.

The cloud DLP tools described here can help mitigate the risk of losing sensitive and confidential data, but they depend on well-designed policies and effective monitoring. These are not products or services that one can turn on and forget about -- they require regular management.

Next Steps

Dig deep into cloud file sharing with the "ultimate" guide

Learn how to get more accurate benchmarking results for cloud file-sharing services

Find out how to protect cloud file sharing against "man-in-the-cloud" attacks

Dig Deeper on Cloud Data Storage, Encryption and Data Protection Best Practices