Upload
netskope
View
812
Download
0
Embed Size (px)
Citation preview
DO YOU MEASURE UP? A NEW REFERENCE ARCHITECTURE FOR DATA LOSS PREVENTION IN THE CLOUD
Rajneesh Chopra, VP Product Management
BIG PICTURE OBSERVATIONS
Enterprise assets
© 2015 Netskope. All Rights Reserved.
PRIVATE DATA
CENTRES
PUBLICDATA
CENTRES
Move it, or lose it
4© 2015 Netskope. All Rights Reserved.
Data access patterns have evolved – almost completely
What are people doing in these apps?
17.9%
OF ALL FILES IN ENTERPRISE-SANCTIONED CLOUD APPS CONSTITUTE A DATA POLICY VIOLATION.
22.2%
OF THOSE ARE SHARED PUBLICLY.
Source: Netskope Cloud Report, Summer 2015
6© 2015 Netskope. All Rights Reserved.
DLP solutions have been tuned over and over again
7© 2015 Netskope. All Rights Reserved.
DLP inspection remains firmly on-premises
8© 2015 Netskope. All Rights Reserved.
DLP for the cloud: It’s here and it’s ready for prime time
9© 2015 Netskope. All Rights Reserved.
How are vendors helping you make sense of all this…
WE NEED A NEW WAY OF THINKING
We need a newway of thinking
about DLP
11© 2015 Netskope. All Rights Reserved.
But first… let’s establish some goals
12© 2015 Netskope. All Rights Reserved.
DON’T BACKHAUL ALL CLOUD TRAFFIC!
13© 2015 Netskope. All Rights Reserved.
PROTECT PREVIOUS INVESTMENTS!
14© 2015 Netskope. All Rights Reserved.
DON’T RE-INVENT INCIDENT RESPONSE
INTRODUCING A REFERENCE ARCHITECTURE FOR CLOUD DLP
16© 2015 Netskope. All Rights Reserved.
6 KEY ARCHITECTURAL TENETS
17© 2015 Netskope. All Rights Reserved.
1. Deploy a cloud access security broker (CASB) to find sensitive content in cloud apps.
2. Derive context from cloud app transactions.
3. Perform early classification of content in the cloud.
4. Quarantine and redirect potentially sensitive content to on-premises DLP solution.
5. Make users part of the solution.
6. Enforce policies and initiate incident response.
18© 2015 Netskope. All Rights Reserved.
19© 2015 Netskope. All Rights Reserved.
Quarantine Folder
Quarantine Workflow
On-prem DLP
Netskope MgmtPlane
Netskope DLP Engine
Rest API
Permit or Block
User
1
QuarantineAlert 23
4
5
6
7
Emailuser outcome and next steps
File upload attempted
File sent to Quarantine Folder
File upload denied
File pulled by DLP
for secondary inspection
User notified of quarantine
QuarantineApprover
Email toQuarantine
Approver
8Install DLP
bypass rule if “Permit”
THANK YOU