Next up for DLP: The cloud?

Network World - Traditionally there have been two ways to host a data loss prevention security service: An on-premise application managed by the customer, or an on-premise application managed by the DLP supplier. BEW Global, a managed security service provider, has a third way: Through the cloud.

DLP services work basically by identifying information that needs to be protected, indexing it and securing it. The DLP system can prevent, for example, sensitive data, such as customer credit card information, from being downloaded onto an employee's USB drive.

BEW's cloud-based offering, which it announced at the recent RSA conference and the company claims is the first of its kind, uses a hybrid cloud approach. It combines an on-premise hardware application that identifies sensitive data, then pumps the flagged information up into the cloud to be analyzed by BEW security workers. This hybrid model allows users to benefit from the advantages the cloud provides of less on-site hardware, while still having a comprehensive DLP system. But, is the cloud right for DLP? Not all security experts are buying in.

READ: Security managers split on BYOD, skeptical of Android devices

READ: 5 signs that you've lost control over your cloud apps

"A completely cloud-based DLP offering just wouldn't fly for most enterprises," says Sean Steele, senior director of security services for infoLock Technologies, another security consultancy and provider. "It wouldn't even get off the runway." It's just simply not efficient to copy all of the data into the cloud for analysis, he says.

But BEW Global President Robert Eggebrecht stresses that his company's offering still has an on-premise component, which it calls a consolidated appliance. It consists of Dell hardware running Windows or Linux-based virtual machines and sits at the edge of the network, where it scans for sensitive data. BEW works with individual customers to determine what traffic flows up into the cloud to be analyzed by the security workers.

Eggebrecht says undoubtedly some customers may have questions about BEW workers analyzing sensitive information. But, he says the 15 analysts that currently pore over 40 client accounts are trained security experts who often go through the end user's own security training process.

Having security experts analyze the information is better than the alternative, Eggebrecht says, which is to have the DLP system monitored by an enterprise's in-house IT staff, who may not be trained in data security.

"If you manage it yourself and you don't have the expertise around security services, then you're not getting the most out of the system," he says. The human component of the system, Eggebrecht says, is the differentiating factor between BEW and other managed security service providers, such as Cybertrust (now owned by Verizon), Dell SecureWorks and IBM ISS.