Protecting data in the modern business world is no small task. The widespread adoption of cloud-based resources like SaaS apps, the rise of bring your own device (BYOD), and much more have introduced a myriad of new data security gaps. Unfortunately, legacy tools lack the needed functionality to address these novel challenges. They were built for a long-gone era of security when use cases revolved around on-premises-only users, apps, and data; not to mention the performance and scalability issues that arise with legacy tools’ appliance-based architectures (you can read more about why that matters here).
In particular, there are four primary data leakage paths that organizations must address if they are to stay secure as they embrace digital transformation. You can find them below along with the technologies that are needed to address them—technologies that are readily available with Zscaler, which was designed from the beginning to secure any transaction and address the data protection needs of the future.
Data loss to the internet
The internet has become the new corporate network, connecting users around the world to resources like websites and SaaS apps so that they can do their jobs. But this gives ample opportunity for data to leak to these web destinations—particularly for organizations attempting to backhaul traffic to security appliances that lack scalability and provide little to no inspection of SSL traffic. With the vast majority of web traffic now being encrypted, this is a significant issue when it comes to securing data.
Full SSL inspection at scale is critical for stopping leakage today. Zscaler is built upon the world’s largest security cloud, with over 150 data centers around the world processing over 200 billion transactions daily. As a result, Zscaler’s inline DLP can easily scale to inspect all SSL traffic for data loss. With advanced measures like EDM, IDM, and OCR, the integrated solution can find and secure any sensitive data in motion while reducing IT complexity and removing the need for DLP point products.
Data loss to unmanaged devices
From employee personal devices (BYOD) to the third-party endpoints of business partners, unmanaged devices are often used to access IT resources like SaaS apps. Once these devices download data, however, IT loses control. Unfortunately, choosing how to respond can be challenging. Blocking said devices disrupts enterprise operations, installing security software on them is rarely feasible, and agentless reverse proxies frequently break and hamper user productivity.
Agentless Cloud Browser Isolation (of which Zscaler is the pioneer and continued innovator) enables unmanaged device access to enhance productivity while preventing leakage and circumventing the use of agents and reverse proxies. Users’ app sessions are isolated within the Zero Trust Exchange (Zscaler’s security cloud) and only a stream of pixel-perfect images are sent to the endpoint. This ensures a native user experience while securing access to apps and preventing functions like download, copy, paste, and print—no data is able to be pulled down to the end user device.
Data loss via risky sharing within SaaS
SaaS applications are an incredible boon to enterprise productivity and are designed to facilitate collaboration and sharing. While this enhances organizational dynamism, it can also lead to unauthorized oversharing if the proper security measures are not put in place. Because of this, organizations must be sure that they can identify and respond to risky shares of sensitive data at rest in the cloud.
This is a common cloud access security broker (CASB) use case. Zscaler’s multi-mode CASB is complete with API integrations for scanning apps and their contents. This allows Zscaler to leverage its leading DLP to classify data at rest, and automatically revoke shares of sensitive information. This out-of-band functionality can also be used to find and remediate malware and ransomware at rest. With Zscaler, customers get CASB functionality as one part of a leading security service edge (SSE) platform that is complete with secure web gateway (SWG), zero trust network access (ZTNA), and more, alleviating the complexity and cost of point products.
Data loss via poor cloud resource security posture
Cloud resources like SaaS, IaaS, and PaaS instances need to be set up properly if they are to function correctly and securely. But these solutions’ deployments can be complex and are often performed by people who are not security experts, leading to poor security postures. Specifically, misconfigurations and excessive permissions can easily expose data. News headlines about public-facing S3 buckets leading to breaches are an all-too-common illustration.
A variety of technologies are needed to address these challenges—technologies which can be placed under the umbrella of posture management or larger DevSecOps approaches like CNAPP. With Zscaler, organizations receive market-leading SaaS security posture management (SSPM) for finding SaaS misconfigurations, cloud security posture management (CSPM) for finding IaaS and PaaS misconfigurations, and cloud infrastructure entitlement management (CIEM) for finding risky or excessive permissions. Together, these capabilities can protect public cloud data and workloads.
Where to go from here
The four key drivers of data loss shared above must be addressed if enterprises today are to remain secure. While it can feel overwhelming to tackle these challenges, Zscaler is a complete data protection platform that has made the endeavor simple and pain free for thousands of global organizations.
Take a look at SANS’ review of our data protection offering to see what we can do in more detail. It’s a thorough walkthrough of our solution, complete with screenshots of configurations in the user interface. There is also a corresponding webinar. Or, to see short video demos of features like those discussed above, click here.