Traditionally there have been two ways to host a data loss preventionsecurity service: An on-premise application managed by the customer, or an on-premise application managed by the DLP supplier. BEW Global, a managed security service provider, has a third way: Through the cloud.
DLP services work basically by identifying information that needs to be protected, indexing it and securing it. The DLP system can prevent, for example, sensitive data, such as customer credit card information, from being downloaded onto an employee’s USB drive.
BEW’s cloud-based offering, which it announced at the recent RSA conference and the company claims is the first of its kind, uses a hybrid cloud approach. It combines an on-premise hardware application that identifies sensitive data, then pumps the flagged information up into the cloud to be analyzed by BEW security workers. This hybrid model allows users to benefit from the advantages the cloud provides of less on-site hardware, while still having a comprehensive DLP system. But, is the cloud right for DLP? Not all security experts are buying in.
“A completely cloud-based DLP offering just wouldn’t fly for most enterprises,” says Sean Steele, senior director of security services for infoLock Technologies, another security consultancy and provider. “It wouldn’t even get off the runway.” It’s just simply not efficient to copy all of the data into the cloud for analysis, he says.
But BEW Global President Robert Eggebrecht stresses that his company’s offering still has an on-premise component, which it calls a consolidated appliance. It consists of Dell hardware running Windows or Linux-based virtual machines and sits at the edge of the network, where it scans for sensitive data. BEW works with individual customers to determine what traffic flows up into the cloud to be analyzed by the security workers.
Eggebrecht says undoubtedly some customers may have questions about BEW workers analyzing sensitive information. But, he says the 15 analysts that currently pore over 40 client accounts are trained security experts who often go through the end user’s own security training process.
Having security experts analyze the information is better than the alternative, Eggebrecht says, which is to have the DLP system monitored by an enterprise’s in-house IT staff, who may not be trained in data security.
“If you manage it yourself and you don’t have the expertise around security services, then you’re not getting the most out of the system,” he says. The human component of the system, Eggebrecht says, is the differentiating factor between BEW and other managed security service providers, such as Cybertrust (now owned by Verizon), Dell SecureWorks and IBM ISS.
“They look at the bits and bytes, the firewalls, routers and switches, they are privy to the border protection of an organization’s network,” he says. “We look at the actual content of the data.”
The service is custom priced, Eggebrecht says, depending on the size of the enterprise, the amount of data being analyzed and if the customer has international operations.
Themis Papageorge, a computer security expert at Northeastern University’s Computer and Information Science college, says using the cloud to deliver DLP services can create efficiencies, but it can also create more risk.
“The cloud generally has benefits, when implemented correctly,” he says. “Clearly the economic benefits can be realized by having reduced infrastructure, but at the same time it presents new challenges, and chief among them is security.”
Enterprises, he says, should analyze if the benefits of having a cloud-based system outweigh the increased risk of having third-party analysis of that data. That is something that each individual enterprise must consider on a case-by-case basis.
Ultimately, Eggebrecht doesn’t expect DLP to be delivered solely through the cloud.
“I really see this as another delivery mechanism,” he says. “Security is not going to be commoditized and sold out of a box, but offering certain services through the cloud does provide some inherent advantages.”