Times have changed. Traditional DLP coverage – network, email, and endpoint – cannot fully protect organizations against the leakage of sensitive or compliance related data. With the widespread adoption of cloud apps and services, a new threat vector has emerged that necessitates the extension of DLP capabilities into the cloud. And since organizations still have an obligation to comply with relevant regulatory requirements like PCI, DSS, and HIPAA standards when data leaves the network perimeter, the need for consistent DLP policies on-prem and in the cloud is critical.
Given that cloud DLP necessitates a fundamentally different approach to data loss due to different sharing semantics, etc., addressing this challenge is not straight forward. While the first generation of Cloud Access Security Broker (CASB) solutions partially addressed this problem by providing DLP capabilities designed specifically to address cloud requirements, they also introduced additional complexity and management.