“Best-of-Breed” — CASB/DLP and Rights Management Come Together
- Mar 30, 2021
Data-centric protection…the ultimate means to an end
McAfee and Seclore have come together to address the problem of protecting information at the endpoint, email, or cloud. This integration fundamentally answers the question: If I create or share sensitive data anywhere, can I still protect and control the data regardless of where it lives?
Let’s look back…how have DLP/CASB Solutions been traditionally deployed
The simple solution to data protection has been to ensure confidential and sensitive information stays contained. Blocking information has been the default answer: block information from leaving the endpoint, block the copying of information to USB drives or network file folders, block emails from leaving the enterprise, or block the download of information from sanctioned or unsanctioned cloud applications.
The fact of the matter is that contained (blocked) data becomes useless. Data must be fluid, shared, collaborated upon; all during the course of performing everyday business workflows. Hence, customers have traditionally deployed DLP/CASB Solutions in “monitor” mode — monitoring data which has already left the enterprise. This places the customer in the “chasing game” where they must chase their sensitive data, or chase their “bad actors.” The by-product of “monitor” mode is, 1) information leakage and all the repercussions associated with data loss, and 2) escalating SOC remediation efforts, plus the cost of staffing.
Automatic data-centric protection changes how DLP/CASB Solutions are deployed
The Seclore/McAfee combined solution works like this:
The combined solution places guardrails around data usage, but also adds significant regulatory compliance and data visibility for the organization about how their data is being used in a business context, versus abused in the traditional SOC remediation context.
Data-centric protection replaces the “blocking” or “monitoring” of data with access and usage controls to alleviate the risk of data leakage, enable secure external collaboration, while accelerating the DLP/CASB deployment and eliminating/reducing SOC remediation efforts.
Data visibility, compliance, & security operations
A customer’s administrator can assign a DLP policy to find sensitive data such as credit card data (PCI), customer data, personally identifiable information (PII) or any other data they find to be sensitive. Once an unprotected sensitive file has been created, emailed, or uploaded to a cloud service, McAfee UCE then detects the file.
Sample MVISION Cloud DLP Policy
If data is found to be in violation of a DLP policy, it means the file must be properly protected. For example, if the DLP engine finds PII data, this predefined McAfee policy would enact protection on the file instead of letting it reside unprotected in the cloud service. This action is known as a “response,” and MVISION Cloud will show the detection, violating data, and actions taken in the incident data. In this case, McAfee will call Seclore to automatically protect the file.
“Seclore-It” — Protection Beyond Encryption
When a file has been protected with usage controls, downstream access to the file is managed by Seclore’s policy engine. Examples of policy-based access are end-user location, data type, user group, time of day, or any other combination of policy choices. The key principle is that the file is protected regardless of where it travels and enforced by a Seclore policy set by the organization. If a user accesses the file, an audit trail is recorded. Tracking user activities on a file gives organizations the confidence that data is properly protected, as well as prove regulatory compliance. The audit logs show allows and denies, completing the data visibility requirements.
Addressing one last concern is if a file is “lost” or the need to restrict access to files that are no longer in direct control such as when a user leaves the company, or if the organization simply wants to update policies on protected files. With Seclore, the policy on those files can be dynamically updated. Dynamically updating security policies addresses a major data loss concern that companies have for cloud service providers and remote users’ data usage. Ensuring files are protected regardless of the scenario, is simple to achieve with Seclore by changing the access or usage policy. Once the policy has been updated, even files on a thumb drive stuffed in a drawer reflect the updated policy and are re-protected from accidental or intentional disclosure.
This blog addresses several notable concerns for customers who have deployed DLP/CASB Solutions. Sensitive or regulatory data can be seamlessly protected as it migrates to and through endpoints, email, and cloud services to its ultimate destination. The organization can prove compliance to auditors that the data is protected and continues to be protected, and SOC remediation teams can become more efficient. Finally, the joint solution between Seclore and McAfee is easy to use and enables organizations to confidently conduct business workflows leveraging any and all collaboration tools.
McAfee and Seclore partner both at the endpoint and in the cloud as an integrated solution. To find out more and see this solution running in your environment, send an inquiry to firstname.lastname@example.org or email@example.com. Or sign up for a free trial from the McAfee Marketplace.