Protecting Data That Egresses From Cloud Services & SaaS Applications
December 29, 2020
For a true Zero-Trust environment, it isn’t enough to think about data in cloud services and SaaS applications. We also must protect, control and audit data that egresses from these services onto endpoints. SecureCircle is Zero Trust security for data. SecureCircle enables having full control over data including authenticated users, networks, devices, and applications that have access to secured data. At one point in time, the cloud was sort of the bad guy, and we would want to find all the data that was leaving the premise going into the cloud. However, overnight a transition between the cloud being the bad guy and the good guy took place. Since the cloud is now the good guy, we are trying to protect the data leaving the cloud while using zero trust models.
When you think about how data Data Processing Agreements (DPA) are all written with your SaaS providers, they control and secure the data that is in the SaaS service. For instance, for Salesforce & Workday, they'll control and secure the data when it's inside their SaaS application but where your responsibility comes into play is once you open that front door. The front door is open once the user and devices are authenticated, and the network is secure. With the front door open, the data is unleashed, leaving you exposed to either unwanted users accessing the SaaS environment or users egressing data from the SaaS application to their local device. With data constantly egressing from the cloud, data must be secure at all times.
A new approach to protect data is required for organizations to control their data and map to modern compliance requirements. At SecureCircle, we tie into that Zero Trust model and protect the data again because we don’t have to scan for PII. Since SecureCircle is working at a scale without limitations, when the data inevitably leaves the service, you have control over the data that is on the endpoint. SecureCircle has bridged the shared security model between the SaaS provider and your local devices. Everything that is coming out of a Saas service is now protected because SecureCircle is part of the device’s compliance posture.
With SecureCircle, all of the services are protected and most importantly, so is your data. For instance, when downloading data from a SaaS application such as Salesforce and trying to copy it onto a USB drive to take home, SecureCircle identifies binary similarities.
SecureCircle is able to determine if the downloaded data is similar to previous secured data. If so the data is automatically secured with the same access permissions as the original data. With SecureCircle, security decisions are automated and newly downloaded data can be differentiated between similar to secured data or not. This prevents securing non-confidential data.
If the data is similar and is secured, transferring the data to a USB will only transfer the secured (encrypted) data. If the USB is plugged into a device that is not authenticated, it will receive a bunch of encrypted bytes. Without access to rights or decryption keys to read the data, it will be protected no matter where it is. SecureCircle’s DASB is the only solution that will empower you to enable secure access without giving up control of your data with no impact on applications, workflows, or end-user experience.
Prevent Data Breaches
Let’s discuss your unique cybersecurity challenges and needs.
If you want to notified when we post the newest content about mitigating insider threats, data breaches, protecting source code, and DASB, please subscribe to our SecureCircle newsletter.