Cloud Managed DLP Now Integrated Into CloudSOC

Protecting data is a key component of a SASE solution.  Customers are building cloud-based security controls around their systems, users and data.  Symantec, by Broadcom Software, is delighted to now provide the capability to manage cloud data loss channels from a cloud-hosted console.  This has been achieved by integrating Data Loss Prevention (DLP) management into the Symantec CloudSOC solution.

What is Cloud Managed DLP?

By enhancing the DLP management controls within Symantec CloudSOC (CASB), customers can manage all data loss policies and incidents relevant for the CASB data channel from a single console.  This means CloudSOC customers no longer need to use Symantec Enforce to protect data via this CASB solution.

An important use case is that when individuals access corporate information in cloud applications, the necessary DLP policies to scan content  in motion and at rest are applied, thereby protecting that information.  With these management controls now available in the CloudSOC console, the workflow and infrastructure requirements for data protection teams is greatly simplified.

Additionally, we have OCR in the cloud to complement our cloud detection service capabilities.  This service will allow customers to extract textual content from images and then apply their DLP policies to that content to ensure that images don’t contain sensitive content and if they do, then prevent the exfiltration of those images.

What about protecting non-CASB, hybrid and SASE data channels?

Our DLP capability (the management of DLP policies and incidents) is now embedded in our CASB.  We also retain the ability to support a hybrid environment. This is achieved from the on-premises Enforce console connecting to our cloud detection services which interface with network components like our Web Security Service, our Email Security Service and our CASB, as well as connecting to on-premise components to provide the data protection our customers need.

As mentioned there are many components that are being brought together for a SASE solution.  Those components each have their own console.  Many times each are managed by different teams.  The logs and events that are captured are held in the individual consoles and require aggregation and analysis. 

Why manage DLP in the Cloud?

Bringing these components together brings efficiency to our customers.  Bringing DLP to the cloud and embedding management of the policies and incidents in a common console now makes it easier to understand who is doing what with your sensitive information and implement tighter controls when and where needed.  This tighter integration of components also allows for better cross-team cooperation.

DLP solutions can be resource intensive requiring significant infrastructure and personnel to maintain that infrastructure just so the solution can do the inspection needed.  With a cloud native DLP capability:

• The solution is easier to deploy
• System upgrades are simpler as they require fewer resources
• New features and content are delivered to customers faster
• Total Cost of Ownership (TCO) is reduced

While SASE is a relatively new term (coined by Gartner in 2019), we expect organizations to be looking at SASE solutions and moving to them rapidly.  Symantec, by Broadcom Software, is committed to helping our customers address the challenges they face in an ever changing environment. 

Bringing our components together is part of that commitment and DLP is very much key to providing the security customers need.  We are excited about making this new capability available and our future plans to enhance the cloud management available to our customers.

If you want to find out more contact your Broadcom account manager or attend one of our regular User Groups.

Additional information related to this topic can be found here:

Key SASE Components

Symantec SASE Framework