How to use DLP tools to achieve cloud computing security?

Source: Internet
Author: User
Keywords Cloud computing we traffic

One of the biggest concerns about using cloud computing is the potential risk to their data. Whenever we lose the physical control of our assets, we naturally become anxious about it. Since data-loss (DLP) technology has become one of the few technologies dedicated to protecting data, it is natural that we want to apply that technology to data protection based on cloud computing.

At present, cloud computing has three different business can let DLP technology a show of skill. The first is to use it as a tool for controlling data migration to cloud computing. The second is to control the protection of data in cloud computing. Finally, we can use DLP tools to find the "exposure" of sensitive data in the cloud.

Use DLP tools to control data migration

The most useful use of DLP tools in cloud computing is to monitor data migrations from traditional infrastructure to cloud computing. Most cloud computing services use the HTTP protocol as their primary output communication protocol (though often through custom APIs). So, if you monitor http (and HTTPS), you can capture a lot of potential data migrations in the context of the cloud services model.

All of the network DLP tools are able to monitor HTTP traffic, I strongly recommend that you insist on the use of both support HTTPS local monitoring or through the network gateway Integrated Monitoring methods. You can then ask your DLP vendors if they understand the main services and purposes of cloud computing, which will reduce the need to write custom rules. You can then apply any of your existing DLP content rules to cloud computing services or simply set up a generic warning when cloud computing is the target of sending your data.

Tracking data in cloud computing

Once the data is in the cloud, you may want to track its location. Or you might want to track your cloud infrastructure for storing sensitive data. This is the origin of content discovery, and you can use your DLP tools to scan sensitive data in a known library.

If you use infrastructure as a service, you can use your existing DLP tools to scan, as in your traditional data center, of course, you may need to add a VPN connection to facilitate access to the repository. If your DLP tools support, you can also view the deployment of DLP virtual devices in cloud computing. For a platform that is a service or software as a service, you need a way to let the DLP tools access the data (for example, an API based file storage access method) and a DLP tool that supports communication methods. This has gradually improved, and we see some vendors are starting to open up to major cloud computing storage services (such as Amazon S3 or Rackspace Cloud Files).

Finally, you can use DLP tools to monitor network traffic at key points in cloud computing. There are three ways to do this: Use an endpoint agent embedded in a cloud computing instance or a management program to plan traffic through a dedicated DLP server or device outside cloud computing, or run a cloud-computing instance of a DLP server and plan traffic through it.

If you are using public cloud computing, you do not have to force network routing to reach the level of DLP requirements, but should rely more on agent-based methods. However, once you are using private cloud computing or virtual Private cloud computing, you have control enough to plan traffic and use DLP for monitoring.

Limitations of cloud computing DLP tools

You should understand one of its limitations, that your public cloud computing platform may only support a single network interface for each instance, which means you need a virtual DLP that can monitor and send traffic under such a limit. Keep in mind that most of us do not use DLP to monitor data center based applications, nor is it the preferred technology I recommend to protect the server.

In short, in the cloud computing migration using DLP tools to monitor data, I saw the important value of DLP in content discovery based on cloud computing, but the value of deploying DLP in public cloud computing was small. (It has important value in private cloud computing, depending on where you use it). This will change over time and technology, and we will be able to deploy a wide range of services in cloud computing, but any cloud deployment we can use with DLP online protection is an application infrastructure and we will focus more on application security and encryption.

DLP may be an excellent tool for improving the security of data in cloud computing. It lets you track data cloud migration, discover sensitive data stored in cloud computing, and protect services that run in cloud computing. However, regardless of the technology, make sure that you have made adjustments based on your actual usage environment, and don't waste time deploying it in a place where it does not produce value.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.