Join Transform 2021 for the most important themes in enterprise AI & Data. Learn more.
Cloudflares new data loss prevention offering adds zero trust controls to an organizations data, regardless of where that information is stored.
Preventing data loss was hard enough when all of a companys data was only stored on the corporate network, protected by a firewall. The challenge is even greater when so much of the application now lives outside the corporate network whether that is in cloud infrastructure, software-as-a-service applications, or on devices used by employees working remotely. Defining rules for each application and configuring individual devices can be a time-consuming process thats prone to error. The new Cloudflare Data Loss Prevention (DLP) looks at all the traffic passing through the network and applies security controls to protect sensitive information.
Organizations are already using Cloudflares infrastructure and global network to accelerate user traffic to the internet, as well as to inspect traffic regardless of how it enters the network and filter out malicious activity. Cloudflare has been gradually taking over the corporate network: web traffic filtering with Cloudflare Gateway, zero trust access to cloud and local applications with Cloudflare Access, protection from distributed denial-of-service attacks with Magic Transit, and centralized controls over what is allowed in and out of the network with Magic Firewall. The new Magic WAN lets organizations connect branch offices, datacenters, virtual private clouds, and individual remote employees to Cloudflares network to create virtual networks.
Almost all of the traditional data loss prevention products on the market ultimately force traffic to go through a central location, which impacts network performance, according to Cloudflare cofounder and CEO Matthew Prince. Cloudflare DLP takes advantage of the fact that an organization is already using Cloudflares infrastructure and applies network-wide data security policies to ensure sensitive information does not leave the network.
[Everyone] knows they need a DLP solution, but the only options are expensive, hard to manage, and havent seen innovation in years, Prince said. Were doing something new by rethinking data loss prevention as an extension of our network, instead of adding yet another point solution for CISOs to manage.
Cloudflare DLP is part of Cloudflare One, the secure access secure edge (SASE) solution the company introduced last October. With Cloudflare One, enterprises can implement network security controls over the entire network instead of defining different sets of controls for traffic passing through the corporate firewall, cloud servers, software-as-a-service products, and remote employees connecting to corporate assets via virtual private networks. The growing popularity of SASE is a direct result of enterprises increasingly adopting cloud computing infrastructure and software-as-a-service applications, as well as the recent shift to a remote workforce.
DLP needs to do more than just look for specific types of data. While Cloudflare DLP does utilize prebuilt patterns to identify specific types of personally identifiable information (such as credit card numbers and Social Security numbers), the new tool also gives administrators visibility into how data moves through the network and the ability to apply granular controls to applications to restrict access.
The shift to remote work and software-as-a-service has meant administrators no longer have visibility into what kind of data they have and who is using it. This lack of visibility makes it difficult to put in the controls necessary to prevent a data breach. With all the traffic passing through Cloudflares network, every DNS query, request, and file uploads/downloads are now logged, giving administrators the ability to uncover potential breaches or data exposures.
When so much of an organizations data lives on infrastructure it doesnt control, such as SaaS applications, administrators are often restricted when it comes to controlling who can access the data or how it is used. In many cases, the default setting is that anyone on the team with access to the application has access to all the data stored in that application. Some applications allow administrators to define roles and role-based access controls (RBAC), but these are specific to the application. Configuring rules for every application can be tedious and doesnt address the fact that some applications dont allow any rules to be created.
Cloudflare now gives administrators the ability to build need-to-know rules for both internally managed applications and SaaS applications in a single place.
Cloudflare taking over the corporate network reflects the reality of the hybrid model, where applications can be inside or outside the corporate network and employees can be working in the office or remotely. Regardless of where the data resides, where the workers are, or who is hosting the application, enterprises need to reconsider how they manage and protect the network.
VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative technology and transact.
Our site delivers essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to become a member of our community, to access:
- up-to-date information on the subjects of interest to you
- our newsletters
- gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
- networking features, and more