This post is authored by Arbel Zinger and Alon Yardeni, Program Managers, Microsoft Cloud App Security.
Today we would like to explain how Microsoft Cloud App Security integrates with third party Data Loss Prevention (DLP) solutions – Symantec Data Loss Prevention and Forcepoint DLP. This extends your current DLP engine’s ability to manage sensitive data across enterprise cloud apps. While customers all over the world use Office 365 DLP to protect their sensitive data in Exchange Online, SharePoint Online and OneDrive for Business, we also recognize that many customers have already invested in multiple DLP solutions across their environment and want to extend this investment to protect their cloud applications. At Microsoft Ignite 2017 we showcased how we extend the same DLP capabilities to other cloud applications like Salesforce, Box, and more.
Data Loss Prevention scenarios
Data Loss Prevention solutions can help an organization manage and monitor the usage and sharing of sensitive information such as financial data, intellectual property, and other critical company data. Malicious insiders, poor understanding of information protection processes, and employees that simply do not practice secure data management may all contribute to substantive data exposures, costing companies millions of dollars in damages and lost data.
One well-known use case is when an employee mistakenly tries to send sensitive company data to a partner, or to a private e-mail address. Strong DLP policies are then invoked and prevent data leakage. Microsoft Cloud App Security can detect when an employee uploads technical documents to a private cloud storage service, providing a strong indication of potentially malicious behavior resulting from either employee termination or an employee’s intent to exfiltrate intellectual property.
Holistic DLP strategy on-premises and in the cloud
Many organizations already use DLP solutions to manage on-premises sensitive data and to make sure that end users do not use sensitive or critical information in an unauthorized way. Organizations typically invest substantial time in fine-tuning their DLP policies to balance DLP and productivity.
While Office 365 DLP covers your Office 365 environment, Microsoft Cloud App Security is well suited to help extend these same DLP capabilities to other cloud apps. The service helps you govern the data in the cloud apps and leverage existing investments in third party classification systems as you move to the cloud. You can use the same policies for the cloud that you use in your on-premises environment, extending existing enterprise DLP policies to your cloud apps.
How external DLP integration architecture works with Microsoft Cloud App Security
Based on your file policy configuration, Microsoft Cloud App Security scans your cloud environment and decides whether to investigate files using the internal DLP engine or the externally integrated DLP solution. Integration is accomplished by leveraging the standard ICAP protocol, an HTTP-like protocol described in RFC 3507.
If an external DLP scan is queued up, the file is sent over a secure tunnel to your on-premises environment where the file is scanned according to the governance policy in-place. A DLP verdict is sent back: either Allow or Block. This response status is then combined with Microsoft Cloud App Security policy engine to determine subsequent actions such as notifications, quarantine, or sharing control. An example of this architecture is below.
Microsoft Cloud App Security integration with DLP solutions
Learn more and send us your feedback
For more detailed information about this new capability, as well as a step-by-step guide for how to integrate your existing DLP system to CAS, please visit our technical documentation website.
For more information regarding our releases, please refer to our release notes.
Your feedback is key to our product development process. If you have questions, comments or feedback, please leave a comment below or visit our Microsoft Cloud App Security Tech Community page.