For the remote worker, a DLP platform can, for example, monitor network activity, printer use or data transfer via email. “It enables you to watch those devices and see the data that’s getting put to them, and then apply policy to that based off of what the data is and how it’s being sent out,” Dias says.
Suppose a professor needs to send sensitive data via email. A platform approach can ensure that data is encrypted and that it is available only to authorized people. “If I’m sending it to somebody in the same department as me, for example, it can be decrypted. Otherwise it can’t be read by anybody else’s machine,” Dias says.
The platform can help automate this policy enforcement function, reducing the manual time and effort needed to ensure continuous data protection. “I can’t send it to my Gmail because that’s not an allowed domain,” Dias says. “But I can send it to somebody within the university’s domain, which means it’s staying within their environment.”
Strengthening Your Data Loss Protection Strategy
To pursue effective data loss protection, colleges and universities first need to understand the functional nuances around the data they are protecting. It’s normal, for example, to see someone in the accounting department or the school of financing accessing detailed financial documents. Those same documents on a history department computer should raise a red flag.
During this era of remote work, schools need to establish clear data use policies. A data loss protection platform can help enforce those policies across the disparate devices and varied network connections that make up the remote work ecosystem.
A professor or administrator may be sending information to a personal email account from a work computer. He or she may also be accessing university data via cloud applications. The school may have students’ personal identifiers embedded in Office 365 or Salesforce. In this highly fragmented remote work environment, Forcepoint’s suite of products helps universities manage data loss and data protection across multiple channels.
Effective Ways to Deploy CASB
Remote work means enabling users to log in to any device anywhere. But there’s a potential downside: Suppose a personal computer gets lost or stolen. With data loss protection deployed across the network, the likely absence of protections on that personal machine won’t matter. Data will still be safeguarded by the cloud access security broker, or CASB.
“This allows us to apply different policies whether on a personal computer or a work computer,” Dias says. “You can lock it down, even down to the data level, what type of data they can interact with. It gives you that fine-grain level of control.”
The platform can also deploy protections at the behavioral level. Maybe it’s acceptable to send personal information on a single individual, but if the system detects a user doing that 10 times in a row or 50 times in a day, it can track and remediate those actions.
Data loss protection also considers the forms of data. Take, for example, a PDF containing sensitive information, or a screenshot of a confidential personal profile. The platform’s optical character recognition (OCR) functionality can catch these too.
Given the sensitivity around the free movement of information in the university environment, Forcepoint gives IT leaders more options for deploying powerful security tools. Some may choose to have the platform lock down data automatically, enforcing policy with minimal IT intervention. For those who are not ready to go that far, Forcepoint can be deployed to monitor and notify, leaving it to IT to take action as needed.
Moving forward, universities looking to leverage DLP in support of their remote workforces can start by putting strong policies in place.
“You need to understand who is using the information, what information they’re sending and where they are sending it,” Dias says. “If you can build policy around those key questions, DLP can then help support that across your remote workforce.”