Identify Sensitive Data in Cloud Environments – Cisco Cloud Security

Identify Sensitive Data in Cloud Environments

Cisco Cloudlock continuously monitors cloud environments with a cloud data loss prevention (DLP) engine to identify sensitive information stored in cloud environments in violation of policy. With Cisco Cloudlock, security professionals enforce out-of-the-box policies focused on common sensitive information sets, such as PCI-DSS and HIPAA compliance, as well as custom policies to identify proprietary data, such as intellectual property. Advanced capabilities such as custom regular expression (RegEx) input, threshold settings, and proximity controls ensure high true-positive and low false-positive rates.

Cloudlock protects against exposures and data security breaches using a highly configurable DLP engine with automated, policy-driven response actions. Cloudlock has over 80 predefined policies. Figure 8-5 illustrates some of the Cisco Cloudlock predefined policies.


Figure 8-5 Cisco Cloudlock predefined policies

Mitigate Increased Risk of Data Exposure in Cloud Applications

Combating data leakage in the cloud is a formidable challenge given the collaborative nature of cloud environments and the ease with which they enable users to access, create, and share sensitive information. Organizations are struggling to bridge the gap between legacy data protection tools and the often-limited level of visibility and control within cloud environments, particularly when accessed by external users or employees off of the corporate network.

Mitigate Risk Through Automated Responses

Cisco Cloudlock takes cloud DLP beyond discovery by offering configurable cross-platform automated response actions. Through an API-driven CASB architecture, Cisco Cloudlock supports deep, integrated response workflows that leverage the native capabilities of the monitored application, such as automated field-level encryption in Salesforce.com and automated file quarantining in Box. Cisco Cloudlock enables efficient risk reduction without the resource-intensive operation of many data protection tools. Figure 8-6 shows the Cisco Cloudlock dashboard.


Figure 8-6 Cisco Cloudlock dashboard

App Security

The Cloudlock Apps Firewall discovers and controls cloud apps connected to your corporate environment. You can see a crowd-sourced Community Trust Rating for individual apps, and you can ban or allow-list them based on risk. Cloudlock Apps Firewall discovers and controls malicious cloud apps connected to your corporate environment and provides a crowd-sourced Community Trust Rating to identify individual app risks.

The following are Cloudlock use cases for user and entity behavior analytics, Cloud DLP, and Cloudlock Apps Firewall:

• Analyze and take action: Analyze application risk in order to block access to risky applications so they don’t introduce unnecessary cost or risk to your organization.

• Continuously monitor cloud environments for sensitive information and exposures.

• Enforce cross-platform automated response actions to mitigate risk rapidly.

• Application governance: Categorize applications as sanctioned or unsanctioned and baseline cloud usage in order to prevent the loss of your company’s IP and to remain compliant.

• Integrate with SIEM solutions for simplified incident investigation and incorporation in broad security analysis.

• Alerting: Proactively notify you about any apps in your environment that are very high-risk so that you can triage them before they do any damage in order to protect company’s data.

• Pinpoint sensitive data within cloud apps through custom and out-of-the-box DLP policies.

• Anomaly detection: Alert you when there are spikes in traffic passing between a user and a discovered app, so that you can investigate and potentially ban the app in order to protect company’s data.

• Reduce false positives through advanced DLP capabilities such as threshold and proximity controls

• Reporting: Exportable reports of cloud services in use with detailed risk analysis and insight into data usage, user specifics so you can have this information at your fingertips, share with stakeholders.

Activate automated end-user notifications to educate employees and reduce future DLP violations

Figure 8-7 illustrates Cisco Cloudlock use cases.


Figure 8-7 Cisco Cloudlock use cases

Leave a Comment