With services such as Enterprise Box, Dropbox for Business and Microsoft OneDrive for business, how can enterprises...
tackle the cloud DLP aspect, especially given the fact that most of these services offer offline synchronization?
Cloud file-sharing services are a staple of business collaboration. A draconian --and probably counterproductive -- option is to block access to file-sharing services entirely. This approach may prevent employees from sharing confidential or sensitive information, but it also blocks legitimate business use cases.
Alternatively, organizations can use the security controls in enterprise-grade services, such as Dropbox for Business and Enterprise Box. For example, Dropbox for Business enables administrators to define passwords and expiration dates on shared links. In addition, groups of users can be defined to limit access to specific folders. Enterprise Box has its own set of security controls that can do reporting and maintain audit trails, and that include reports on users' activities.
When more control over the type of content that is shared on these services is required, consider cloud DLP tools. Cloud access security broker SkyHigh Networks, for example, offers a service that enables compliance with HIPAA, PCI DSS, the Sarbanes-Oxley Act and the Gramm-Leach-Bliley Act, among other regulations. McAfee Total Protection for Data Loss leverages data classification techniques to reduce the volume of data that must be examined by data loss prevention policy enforcement mechanisms. Data loss prevention tools typically enable administrators to define policies that describe file types, regular expressions, and keywords that indicate sensitive or protected content that should not leave the corporate network.
Offline synchronization can lead to problems if sensitive content is copied to personal mobile devices. Look for services that enable remote, selective wiping of content on mobile devices. Dropbox Business offers such a feature.
The cloud DLP tools described here can help mitigate the risk of losing sensitive and confidential data, but they depend on well-designed policies and effective monitoring. These are not products or services that one can turn on and forget about -- they require regular management.
Dig deep into cloud file sharing with the "ultimate" guide
Dig Deeper on Cloud Data Storage, Encryption and Data Protection Best Practices
Related Q&A from Dan Sullivan
Docker's recent upgrade introduced support for hardware signing and in the future, automated security analysis on Docker images. Expert Dan Sullivan ... Continue Reading
Cisco's new project Contiv automates operational policies for containerized applications in the cloud. Expert Dan Sullivan explains the benefits of ... Continue Reading
Dropbox API abused by attackers posing as legitimate users in a huge spear phishing campaign. Expert Dan Sullivan explains how to mitigate the risks ... Continue Reading