Data loss prevention (DLP) tools are designed to stop your confidential or valuable information leaving the enterprise.
Most are thoroughly competent. But it’s worth noting that while DLP developers are very good, hardly a week passes without a new collaborative tool sprouting online, complete with facilities that allow end-users to upload files into cloud storage systems so they can be retrieved whenever and wherever users connect to the Web.
To help you understand the threat you face, here’s five cloud services you may need to think about when fine-tuning your DLP.
Dropbox offers two gigabytes of online storage and can synch files between several computers, running different operating systems, so long as they share the same account. The good news is you can block access to dropbox as you would any other website. The bad news is that you may not have thought to do so already, so get those software inventory tools out and figure out who’s running this on their PCs and why.
A favourite among graphic artists and anyone who deals in large files, YouSendIt.com makes it easy to send 100MB files. There’s a desktop client to make uploads easy, and web application too. Perhaps the worst threat is its professional service: if you’ve signed up for that, how can you ensure users are doing the right thing?
- Google Cloud Connect
Google’s new Cloud Connect plugin sees Microsoft Office upload a copy of all files into the Google Apps cloud. Are you really sure you want them there?
- PDF-sharing sites
Here’s where things get tricky. Sites like Scribd that let you upload files and share them with the world are probably already on your radar, because while they are convenient for end-users they are an obvious security nightmare. But there are numerous other sites of this sort, and some even scrape the net to find certain types of document, then provide an index of what they find complete with download links. Throw in the fact that some even include translation services (Google thoughtfully provides these for free) and you have a scenario where lax security in an offshore office can make documents available to the world. Good luck defending against these.
- P2P networks
Nobody wants to be busted with a collection of pirated movies on a server, so by now you’ve probably made it very, very hard for anyone in your team to run BitTorrent or similar peer-to-peer networks. But are you aware of all the P2P networks? Emerging players like WASTEare designed to be very, very secure. Are you very, very ready to detect their presence and prevent your files from reaching connected nodes?