Cloud DLP

Quick definition  ⓘ
Why it matters: As everyday work moves into the cloud, data loss prevention (DLP) technologies need to address cloud software and data.
Proportion of enterprise workloads and related data now occurring in the public cloud, contrary to the expectations of just a few years ago.

Key Points

  • Data loss prevention (DLP) is a key technology in the battle to keep data safe and secure
  • Today, companies are relying on cloud services for more and more everyday work
  • Simple access control isn't sensitive to the data itself, or to user behavior
  • Cloud DLP solutions enable organizations to shape guardrails around both
© Rafal Olechowski / Dreamstime

The entire cloud world is designed to enable data to flow with minimal friction. That fact alone calls for powerful cloud DLP solutions.

Quick Read

Data loss prevention (DLP) solutions aren't new, but have traditionally been substantially endpoint-driven. As even the largest enterprises in the world move toward computing in the public cloud, a new generation of "Cloud DLP" solutions is needed to provide the same kinds of protections.

Endpoint-driven DLP software is focused primarily on data stored in the local computing environment—but cloud computing increasingly takes place entirely in the web browser, with little or no data ever making its way out of the browser sandbox and into the local environment.

This creates a vexing new source of risk, particularly because cloud data "sharing" is designed to be as user-friendly as possible, and can often occurs without the related data ever traversing the local network connection at all, much less passing through memory, filesystems, and other local resources.

Cloud access security broker (CASB) solutions, already popular, go some of the way toward mitigating against this risk, but tend to lack specific controls around content and data, and often miss the holistic use envelope—things like copying and pasting sensitive data from a cloud application into another tab containing cloud-based email applications.

Addressing cases like these requires a purpose-built solution able to straddle the local environment and the cloud and remain sensitive to both the content and rules around the data in question and the way in which cloud services interact with each other and with the local environment, and often comprise components in the local environment, in the browser, and in the API space of the cloud services, all working in concert.

Cloud DLP solutions step into the breach here, bringing DLP into the cloud age to ensure that sensitive and confidential data is safeguarded by sound controls.

Further Reading

—Aron Hsiao

Need Data Loss Prevention solutions?
We can help!

Plurilock offers a full line of industry-leading cybersecurity, technology, and services solutions for business and government.

Talk to us today.


Thanks for reaching out! A Plurilock representative will contact you shortly.

What Plurilock Offers
Generative AI Safety and Guardrails for Workforces
SSO, CASB, and DLP with Real-Time Passive Authentication
Passwordless SSO, CASB, and Endpoint Data Loss Prevention

More to Know

© BiancoBlue / Dreamstime

Everyone is Moving to the Cloud

In the early cloud years, any suggestion that enterprises would move operations to the cloud was met with doubt and disbelief. Not so today, as enterprises move their operations not just to private clouds, but to hybrid and public clouds as well.

© Alphaspirit / Dreamstime

Endpoint DLP Isn't Enough

Endpoint DLP solutions without substantial cloud awareness can miss the avenues for data movement, and the substance of data, that flows in, through, and across browsers and browser tabs, where much of cloud computing activities occur, as users interact with them.

© Spettacolare / Dreamstime

Legacy Providers are Struggling

Simplicity and efficiency are among the key benefits of cloud computing. In many ways, legacy cybersecurity providers are struggling to provide cloud solutions that echo these benefits. Younger, more agile providers are increasingly offering more "cloud-like" DLP solutions for cloud.

Quick Definition

Data loss prevention (DLP) tools enable organizations to implement controls on who can act on data, in what ways, based not only on file or resource-level access controls, but on awareness and classification the substance of the data as well.

DLP software platforms often consist of a variety of components notably including endpoint controls that enable policy to be set around the means by which data is transmitted or shared—file copy and send operations, clipboard copy and paste, email and other communications channels, and storage devices, among other things.

From an integrated perspective, data loss prevention also includes considerations around physical and building security, policy and procedure, and other factors that help to protect organizations' most sensitive and confidential data.

As cloud computing grows, data loss prevention is also evolving to include controls and policy to manage how data moves through and between cloud systems, in many cases never traversing local endpoints or local networks at all.