It’s really difficult to protect something if you don’t know where it is. This is a fairly obvious statement, but the reality is that when it comes to the notion of cloud data protection, understanding precisely where your sensitive information resides clearly remains a sizable challenge.
For today’s enterprises, keeping tabs on “protected” information has become even more difficult as cloud models evolve forward at a furious pace. If organizations have become proficient at tracking data at rest and data in motion in relatively predictable workflows, the explosion of cloud based-resources, from collaboration tools to back office systems, has driven complexity to frightening heights.
Even if we’re not talking about internal stakeholders sharing crown jewels of intellectual property on a Slack thread or stored in Box (and we are), the data security and privacy risks introduced by a simple email interaction carried out on Office 365 or G Suite could result in huge security and compliance implications. If one of your workers inadvertently shares PII in an inappropriate manner, or somehow exposes it to an unauthorized third party, your company may be dealing with the repercussions for years.
And neither traditional on-prem controls nor the native data security capabilities built into cloud today’s systems themselves can account for every potential risk, especially within the context of today’s enterprise multi-cloud environments – a landscape further intensified by remote workers accessing the cloud from both managed and unmanaged devices.
We’ve seen it time and again in real-world breach scenarios – someone leaves a huge cache of sensitive data on an unsecured cloud system and eventually an outsider finds the information, triggering all the commensurate impacts – including hefty fines and public recrimination. Cloud data use is simply expanding so quickly across so many systems, apps and users that keeping tabs on every scenario – and addressing exposures as quickly as possible – has become a prospect where the only real alternative must involve a heavy dose of purpose-built automation.
Fishing for any lurking sensitive data… and securing it
Enter CipherCloud CASB+ Data Discovery
Serving as a key advancement in the CipherCloud CASB+ end-to-end Data Security Platform, Data Discovery allows organizations to uncover and inspect sensitive information used in public cloud and SaaS applications faster and with greater efficiency than ever before. Further, by complementing existing CASB+ data classification, access control, data loss prevention (DLP), data masking, and information rights management (IRM) capabilities, this innovation deepens the platform’s position as an all-encompassing solution for organizations’ pressing data security requirements.
Scanning Historical Data at Scale
There are no shortage of solutions designed to handle scanning of historical data on-premise but the need to execute holistic data discovery in the cloud is another story. For most organizations, the challenge of invoking proper data classification, gaining 360-degree cloud visibility, and maintaining control of sensitive data across SaaS environments is still a significant work in progress. By detecting and remediating data exposures related to open file shares and other historical data handling activities across both public cloud and SaaS apps, CipherCloud CASB+ with Data Discovery is able to prevent inadvertent or intentional transmission of PII, PCI, PHI, intellectual property, and other sensitive information.
Integrated Discovery and DLP Enforcement
By combining Data Discovery with the CASB+ solution’s integrated Data Loss Prevention (DLP) and automated remediation actions, we’ve created an end-to-end data security lifecycle approach that addresses both data in motion and data at rest – enabling organizations to address the full breadth of their unique workflows and business processes.
To help address customer requirements, CipherCloud CASB+ ships with an extensive library of DLP templates accessible using Data Discovery, along with custom templates. Out of the box capabilities cover a wide variety of established standards to identify PII, PHI or financial data while custom templates can utilize regular expressions and keywords among other constructs. CASB+ DLP also supports Optical Character Recognition (OCR) to scan for sensitive information violations in images.
The Compliance Crucible
With an increasing focus on data privacy and the introduction of laws such as GDPR and CCPA, organizations are pulling all the stops to ensure their sensitive data in the cloud remains protected. While many cloud security solutions attempt to perform real-time checks on data moving into the cloud to ensure compliance, what can be done about information that somehow sneaks through those filters, or hides in the cloud for many years?
Backed by policies covering both structured and unstructured data, Data Discovery provides rich pre-built templates for unearthing any data covered by regulatory requirements including GLBA, PCI, GDPR, CCPA and HIPAA, among others.
CipherCloud Data Discovery
So there you have it, now more than ever before, CipherCloud CASB+ Data Discovery offers 360-degree visibility and remediation control over both real-time and historical cloud data. Data Discovery enables enterprises to perform historical scanning of all existing data within a cloud application to scope existing threat vectors and ensure compliance readiness.
With CipherCloud, practitioners can continuously analyze all of their data resident in the cloud to identify risks and enforce remediation – thereby preserving data integrity and compliance. While scheduling historical scans, security practitioners can map new or existing policies to protect any sensitive data ignored in the past.
Through API integration, Data Discovery scans content, collaboration tools, and links across multiple popular SaaS clouds, adding another layer of automated intelligence by specifying context type and exceptions. Remediation policies can also be attached as an element of each scan to address violations or compliance issues as they are discovered. Data security and compliance policies can then be optimized on an ongoing basis to meet changing business demands..
With CipherCloud Cloud Data Discovery organizations can:
- Report on external and public sharing, sensitive content exposure and enforce remediation with intelligent policies
- Perform periodic incremental or full scans to ensure compliance with existing and updated data residency laws
- Generate deep insights into cloud applications with comprehensive reports and dashboards about violations, results, and recommendations.
Schedule a demo of CipherCloud CASB+ today.
The post Starting from the Right Place: Introducing CASB+ Data Discovery appeared first on CipherCloud.
*** This is a Security Bloggers Network syndicated blog from CipherCloud authored by CipherCloud. Read the original post at: https://www.ciphercloud.com/starting-from-the-right-place-introducing-casb-data-discovery/