Data Loss Prevention (DLP) is the term used to describe controls put in place by an organization to ensure that certain types of data remain under control, and in line with policies, standards, and procedures.

Through discovery and classification of data, monitoring and policy enforcement, DLP enables an organization to reduce risk and meet its regulatory or legislative requirements.

For hybrid cloud users this can present a real challenge so it is vital that DLP architecture is understood and appropriately structured to cover all environments, including ‘Data-in- Motion’ (network-based or gateway DLP), ‘Data-at-Rest’ (storage-based DLP), or ‘Data-in- Use’ (sometimes called client or endpoint-based DLP). As data in the cloud tends to move and replicate, whether between locations, data centres, backups or in and out of a hybrid environment, it can present a real challenge to an effective DL policy. Gateway and client-based scanning of all content can also have an impact on overall network performance.

To help you begin this data discovery and classification journey, start by considering the following:

• What kind of data do you store in the cloud?
• What jurisdiction applies?
• How should that data be stored? Should it be encrypted/tokenized?
• What kind of data access is permitted?
• Which devices and networks are allowed to connect?
• Which applications are permitted?
• Which tunnel is permitted?
• Under what conditions is data allowed to leave the cloud?

DLP can be an effective tool when assessing potential applications to migrate to the cloud. By working with MIC Solutions Ltd, we can help you analyse your data and deploy the right detection engine to enforce your policy.