Professional Documents
Culture Documents
DLP CH Cloud Data Loss Prevention Cheat Sheet
DLP CH Cloud Data Loss Prevention Cheat Sheet
In an earlier era, most sharing and collaboration occurred via email and file servers. Today,
organizations use a wide variety of cloud-based applications that facilitate sharing of data.
These systems make it very easy to share vast amounts of corporate data with others,
both inside and outside the company, with a few clicks. While organizations generally aren’t
concerned about sensitive corporate data being stored in enterprise-grade cloud services,
they are worried about where this data may be shared. That’s why data loss prevention
(DLP) efforts have been expanded from email to include anywhere corporate data lives
in the cloud. This document will distill cloud DLP best practices to ensure that your
organization meets internal and external compliance requirements.
Inventory Existing Policies If an organization doesn’t have a DLP solution for their
Many organizations looking to apply DLP policies to the on-premises systems, but need one for data going to the
cloud have some form of DLP for their on-premises cloud, they must first identify sensitive data intended
systems, including DLP for data in email and on endpoint for the cloud, including regulated and restricted data,
devices. The first thing to do is examine the policies and across the organization. To do this, one should develop
the remediation actions and identify the ones that will a system to classify and map sensitive data against
also apply to the cloud. This exercise will both ensure relevant internal policies and government regulations.
that data in the cloud will be protected to the same From here, you can implement a solution to begin
degree it is in on-premises systems and reveal any policy enforcing policies across this information.
gaps, such as new policies needed for the cloud.
Connect With Us
Understand How a Cloud Service Is Being Used Gain Visibility into Collaboration
If an organization has already deployed a cloud service, Employees love to collaborate via the cloud, but
such as Box or Microsoft Office 365, a key first step is inadvertent sharing of data is one way for it to get lost.
understanding how that service is being used. No action An organization should know how many files are being
needs to be taken at this point. Instead, focus on getting shared with internal employees, how many with external
granular visibility into how a cloud service is being partners, and how many with personal email accounts
utilized, including: (Gmail, Yahoo! Mail), so that they can educate employees
on acceptable collaboration policies. This will also allow
■■ The number of files containing sensitive data
them to create and enforce sharing policies based
■■ The number of files being shared outside the on domain whitelist/blacklist and revoke untraceable
organization shared links for files containing sensitive content.
■■ Anomalous usage events indicative of threats such as
Know about Potential Insider/Outsider Threats
compromised accounts
Not all anomalies are a threat, but certain activity
Types of Sensitive Data to Look for patterns should be a cause for concern and could be
■■ Salaries indicative of a real threat. Though making numerous
failed login attempts to a cloud service might not
■■ Passports
necessarily be a sign of a compromised account, a user
■■ Social Security numbers who successfully logs into a service and then logs in
■■ Account numbers again from a faraway location within a short period of
■■ Credit card number time is likely a case of stolen credentials. Understanding
the frequency and the timing of these types of
■■ Spreadsheets with IP addresses
anomalous behaviors will lead to better DLP policies.
■■ File names containing “passwords”
Define Cloud-Centric and Cloud Service
■■ Outlook offline files (PST, MSG)
Provider-Centric Policies
■■ Draft press release announcements
The average enterprise uses 1,154 different cloud
■■ Source code services, 90% of which are unknown to the IT
■■ Encrypted files (ZIP, PDF, XLS) department. Employees store all kinds of sensitive and
■■ Health records and other personal health information regulated data in the cloud—which accounts for 15.8%
(PHI) of all data stored in the cloud. This, however, poses the
types of data loss risk that are unique to the cloud and
the cloud service provider.
2821 Mission College Blvd. McAfee and the McAfee logo are trademarks or registered trademarks of McAfee, LLC or its subsidiaries in the US and other countries. Other
Santa Clara, CA 95054 marks and brands may be claimed as the property of others. Copyright © 2018 McAfee, LLC. 3845_0418
888.847.8766 APRIL 2018
www.mcafee.com