DLP systems typically require on-premises systems that monitor data use within a network and flag suspicious activity. With Verdasys' new cloud-based offering, the analysis of data flow is done off-site, without any sensitive information ever leaving the customer's site.
Verdasys is hoping the traditional advantages of cloud computing -- removing the need to buy hardware and off-loading the management of the system -- could make it an attractive option for midsize organizations looking to implement a DLP program. DLP has been somewhat slow to take off overall.
[ BACKGROUND: Next up for DLP: The cloud?
PROTECT YOURSELF: How to spot a social media scam ]
DLP systems are meant to ensure that sensitive information -- which is defined by the customer -- does not leave a company's network. If an employee attempts to download the company's IP and trade secrets on to a personal USB drive, a DLP system should be able to catch that and prevent the transfer.
Usually this has required an on-site footprint, including monitoring software, a centralized system for collecting the data traffic information and an on-site representative to analyze it. By using the cloud, Verdasys brings almost all those functions off-site, into its private cloud.
But Verdasys does not actually send any of the data it is analyzing up into its private cloud -- which is hosted by Rackspace's managed services division. Instead, Verdasys sensors that are positioned throughout the customer's network send encrypted, hashed metadata about the data traffic for analysis. This is a key, Verdasys officials say, for allowing the system to be able to monitor sensitive data without it having to leave the customer's network. "Metadata is descriptive language that defines the data, but does not contain it," says Bill Munroe, VP of marketing.
The company's Digital Guardian software, which powers the DLP system, analyzes the traffic flow and creates alerts for any suspicious activity. The system allows customers to see which employees have moved which files where, as well as provide encryption and hashing services to protect the data.