DLP (Data Loss Prevention), which protects highly confidential and important data and minimizes the risk of information leakage, is an indispensable mechanism for corporate security measures. However, depending on the DLP product, the detection accuracy for cloud services may not be sufficient, making reliable monitoring difficult. In order to solve this problem, more and more companies are switching to DLP products. This time, while introducing actual examples, we will explain the migration to Microsoft’s DLP solution that can support a wide variety of cloud services.
Confidential Data Protection Issues Companies Face in the Cloud Era
As the use of cloud services becomes more common, the importance of security measures including cloud services is increasing. In particular, it is extremely difficult for IT departments to control cloud services introduced by employees at their own discretion, raising concerns about so-called “shadow IT.” The only countermeasures IT departments can take are to indiscriminately monitor communications to external sites and user operation histories, analyze logs, and block high-risk communications. However, this method is burdensome and costly for the IT department.
In order to solve these problems, there are increasing cases of using DLP products that identify highly confidential data and control its transmission and removal outside the company. However, some DLP products do not fully support cloud services that use various data transfer mechanisms, and the accuracy of monitoring and detection of cloud services that use special file formats and protocols is particularly low. In many cases.
Therefore, we have recently seen a movement of companies switching to new DLP products that are compatible with cloud services. This time, while introducing a migration example of a DLP product handled by DXC Technology, we will consider the optimal DLP product for the cloud era.
The unauthorized removal of confidential data cannot be completely controlled
A major manufacturer, Company A, had an urgent issue to prevent the unauthorized transmission of confidential data to external cloud services and unauthorized removal by users. Therefore, we introduced a DLP product to monitor and restrict data transmission to unspecified external sites and data removal by users. Detects the URL of the upload destination in the case of an external site, and the sensitivity label in the file in the case of user operation, and if there is a problem, displays a warning screen and asks the user to allow or deny the operation, risk of information leakage. I took a method to reduce the
However, the IT department did not know what cloud services employees were using to carry out their work, so they had no choice but to indiscriminately monitor external sites. In addition, since many cloud services have their own data transfer mechanisms, sufficient monitoring and detection accuracy could not be obtained.
Regarding sensitivity labels, it is necessary to train employees in advance on how to handle each classification, such as “top secret,” “confidential,” and “confidential.” In addition, in order to understand the content of the training, employees had to understand the company’s security policy in detail, which hindered their work. In the first place, the sensitivity label was set manually, so if it was rewritten, it would not be possible to prevent unauthorized removal.
Data leakage countermeasures realized by Microsoft products
Company A, which had such a problem, started evaluating a new DLP product. Company A consulted with DXC Technology, which had been doing business in the past. DXC Technology divided “unauthorized transmission to external sites” and “unauthorized removal by users” and proposed the optimal Microsoft DLP solution for each.
1. “Microsoft Defender for Cloud Apps” as an anti-fraud measure
“Microsoft Defender for Cloud Apps” (former product name “Microsoft Cloud App Security”) was selected to prevent unauthorized transmission to external sites. This product is categorized as a so-called “CASB (Cloud Access Security Broker)” and supports log collection, API connectors, reverse proxies, etc. It provides rich visibility, data transfer control, and advanced analytics to identify and respond to threats across Microsoft and third-party cloud services. Deter shadow IT and better protect sensitive information across the cloud.
The product can also assess the compliance of cloud services. In addition to reducing the burden of monitoring and evaluation, which has increased the workload of the IT department, it is also possible to visualize the status of cloud services used in the company and rank the risks. By the way, Microsoft Defender for Cloud Apps is integrated with “Microsoft 365 Defender” and included in the Microsoft 365 E5 license. Microsoft Defender for Cloud Apps is also attractive because it can be easily introduced while reducing the cost burden.
2. “Microsoft Purview” as a countermeasure against unauthorized removal
We chose “Microsoft Purview” as a countermeasure against unauthorized removal by users. This product is an integrated data governance and compliance solution that manages and protects the entire enterprise data asset. Prevent data loss by automatically discovering, identifying, and classifying sensitive data in on-premises environments and cloud services, and performing consistent sensitivity labeling.
With Microsoft Purview, you first define a sensitivity label, and when a certain file or e-mail meets the conditions, that label is automatically assigned. You can also label the user terminal side when editing a document or replying to or forwarding an email. In addition, it is possible to label content stored in “Microsoft SharePoint” and “Microsoft OneDrive” as well as sent emails. Since these are basically all executed automatically, there is no need to train employees or notify them of changes in work procedures. In addition, it reduces the risk of malicious users intentionally rewriting labels.
DXC Technology helps strengthen security in the cloud era
In the process of considering the migration of Company A’s DLP product, DXC technology does not depend on the policy set by the conventional DLP product and is designed with a focus on how to reflect the requirements of the new Microsoft DLP solution.
At DXC Technology, we conduct security assessments on both the management and technical sides as necessary to determine what assets should be protected within the company. Where is the information leakage route and what countermeasures should be taken? We will propose a total solution after clarifying the above. We have a wealth of experience and knowledge regarding security-related products from various vendors and security measures in general, including security solutions for Microsoft 365 E5. Regardless of the DLP product, if you are considering strengthening security measures, especially in the cloud, please contact DXC Technology.