DataLeakTest

Updated 11/23/2020

DLP Validation & Testing

+Cloud DLP

Your public IP address is: 34.237.138.69; IP info : Session Info

DLP Help

SSL is: on ;  more info

DLP Auditor

POST Test

GET Test

Upload Test

Email Test

FTP Testing

**NEW DLP Info

**NEW Services

DLP architecture explained: on-premise - CASB - Cloud  

Data Loss Prevention (DLP) with work-from-home SASE secure edge 2020; 

SASE
Above: users on-premise or remote leverage a SASE solution
 to access applications (click for full size)

Data Loss Prevention (DLP) with work-from-home SASE secure edge 2020; 

Many companies entered a "transformation" in 2020 to an environment where users became work-from-home (WFH) while accessing a mix of on-prem and cloud based resources. Many companies found themselves quickly adopting collaboration toolsets to accommodate the WFH covid work culture. These toolsets, cloud apps, and WFH devices are within the scope of protected data for many, or at least the need to be sure critical data is not exposed; aka visibility & control of secret data.

A good example are the many tools to scan github for exposed secrets (dorks) including api-keys that grant full access to private data and worse.

VPNs have become smarter, more robust, and flexible virtual networks, coined "SASE" by analysts in 2019. SASE or "Secure Edge" for short, is a client that allows access to corporate apps and application environments while securing access to the public web. The SASE client can have its own scanning and direction  of traffic to secure authentication and CASB solutions (shown below). DLP monitoring can be put on the endpoint or within CASB. This can be used to effectively manage data on managed endpoints and manage data flow through managed cloud apps. This monitors and protects data both at the endpoint and at the cloud application gateway in advanced deployments.

Most startup companies have removed the VPN completely and are "Pure Cloud".  Any device from anywhere cloud based work environments. This allows data management on unmanaged devices like phones, where adding a client, or maintaining remote clients have become difficult. 

Many companies have also adopted cloud development operations (DevOps) to take advantage of IaaS architectures. These applications are often public facing and access critical data on the back-end. This provides another vector of data risk that must be protected and monitored for data leakage. DevOps should also implement one of the following DLP programs but not necessarily the same DLP program that is used for internal users.

The following articles discuss adding DLP to a secure user or app edge;  Edgeless-Cloud, CASB, and legacy on-premise DLP.


 

Data Loss Prevention (DLP) as a Cloud API, edgeless cloud infrastructure;
Cloud API
Above (left to right): users access cloud applications where the data is managed via API and finally,
the intelligence derives from cloud based analytics and controls (click for full size)

Data Loss Prevention (DLP) as a Cloud API, edgeless cloud infrastructure;

For many companies this is the future of the workplace which maximizes productivity, availability, compliance, and lowest cost of business.

SaaS; Security and data management as a service is available for user environments as well as application development environments.


The cloud based API architecture for DLP allows advanced features never before available like artificial intelligence that finds data with alarming
accuracy and minimal setup. The companies that build API based DLP can plug into nearly any app with an external API including on-premise apps.

These APIs can be accessed by AI to learn behaviors and apply accuracy to security and automation. This is especially useful when monitoring any behavior for abnormalities or predictive outcomes based on behaviors.

Web, data, email, and system security greatly benefit from cloud based AI and behavioral analysis when trained with massive global sample sets.


Advantages
-Scalable
-fast time to value
-greatest level visibility
-best option when starting a business of any size

Disadvantages  
-still requires expertise
-Cloud migrations are complicate

Get help with DLP for Cloud




 
 

Data Loss Prevention (DLP) in a CASB solution;
CASB
Above (left to right): SASE edge users are forced to a proxy for certain applications (click for full size)


Data Loss Prevention (DLP) in a CASB solution;

Cloud Access Service Broker (CASB) is the step in transformation between on-premise services and cloud DLP. A modern robust CASB solution will have elements of on-prem and Cloud API integration. CASB requires an endpoint or other redirection to proxy cloud communication.

Advantages
-a transitional step to full cloud
-Handles Shadow IT


Disadvantages 
-Data inspection is hard for CASB proxy architectures
-OCR is not possible for CASB rather, this should be done by cloud API
-Difficult phones and BYOD


Get help with CASB



 
 
Traditional on-prem Data Loss Prevention (DLP); 
Legacy DLP
Above: on-prem DLP with endpoint and proxy/ firewall traffic inspection points
Traditional on-prem Data Loss Prevention (DLP); 

Traditional on-premise DLP can consist of inspection gateways and endpoint agents covering; local applications, removable media, local app data controls, print screen/ copy & paste, email, web data leaks.


Advantages
-Most mature model

Disadvantages
-Requires DLP policy expertise for effectiveness
-Requires in-house application support and maintenance



Get traditional DLP help




 




Please bear with us as we add content to the items below (work in progress)

Data Security Solutions Topics

Risk and Compliance hints by Industry

Selecting a Solution

Deployment & Implementation of Data Security

Understanding Data Security

 

Federal Civilian & DOD
  • Dealing with air gap networks
  • IPv6 Challenges

Finance & Banking

  • PCI-DSS
  • Red Flags FACTA
  • GLBA & FTC
  • FDIC
  • FISMA

Healthcare

  • HIPAA and HITECH
  • PHI
  • PII
  • Scanned medical records
  • EHR

Manufacturing

  • Intellectual Property & Trade Secrets
  • Diagrams and technical drawings
  • Patent info

Retail

  • Coupon codes
  • Skew/ part/ model numbers
  • Mass mailings

International

  • Great firewall of China
  • Euro privacy regs
  • Personal ID number types by Country

Education

  • FERPA

General

  • Mass 201 CMR 17
  • SOX Sarbanes-Oxley

 

 

 

 

---ads here to fund our site, please turn ad blockers off---


Donate to help build free tools: donations help to pay the bills

---ads here to fund our site, please turn ad blockers off---


Instant DLP help

 

 

Have data security questions? Want expert advice? Just want to say hello or give suggestions?

Please use the form to instantly email our team.
Name:  
Email:  
Phone:  
Message:

---ads here to fund our site, please turn ad blockers off---


---ads here to fund our site, please turn ad blockers off---


 


2020 IGNITE Cyber