Lev Matveev, Founder of SearchInform, explains that modern DLP systems must shift from agent-based monitoring to direct service integration (APIs, ICAP) to secure data in cloud and remote environments. User-friendly tools and platform support are essential.
The main goal of a DLP (Data Loss Prevention) system is to prevent data leakage by monitoring the transmission of sensitive information both within and beyond the corporate security perimeter. Traditionally, DLP agents installed on employees’ computers handle this task effectively. However, business processes have evolved as platforms and services move to clouds and external environments. Employees now use personal devices—such as smartphones—to access corporate data anytime, anywhere. Consequently, traditional closed perimeters have all but disappeared, which poses new challenges for DLP.
Today, DLP systems must monitor elements of the IT infrastructure where an agent cannot be installed. This is why businesses need to adapt to the new realities. Let’s explore how organizations can tackle this challenge and what customers can require from vendors for more effective implementation and use of DLP systems.
Structure of Blurred Perimeters
With the rise of remote work, such tools as cloud storage, messaging apps, web editors, and other services with shared access have become an integral part of daily workflow. It is not just these tools that lie outside the network perimeter; corporate solutions themselves are also moving beyond traditional boundaries. For example, employees can use software like Jira on any device via a client or browser, even when not connected to the local network.
As a result, today data is processed and managed on third-party websites or external servers, instead of only on workstations. In addition, Linux-based systems—often without a graphical interface—are gaining popularity. So, developers of corporate software for Linux often provide web versions of their software, eliminating the need to install it locally and making it possible to transfer server components to the cloud. This trend toward anywhere-accessible services will only accelerate.
Let’s take six of the main data channels in corporate workflow:
- Messengers and video conferencing software
- Storage systems (network/cloud)
- Browsers
- Email services
- Removable devices (e.g., flash drives, external hard drives)
- Printing devices
Among these, only removable media and printers are physically linked to workstations. DLP agents can monitor these devices directly and detect violations. However, they account for no more than 30% of all corporate data transmission channels.
The other channels can be used by employees outside the perimeter and exploit the employees’ PCs only as entry points. Traditional DLP systems have no control over these channels, so new protection methods are required.
Control from the Other Side
As agent-based data monitoring becomes ineffective, DLP must receive information from the opposite side: from the web service or platform itself. By integrating directly with these third-party solutions, DLP can monitor data transfer outside the corporate perimeter. In today’s context, this is the only reliable approach to data protection.
For example, video conferencing platforms like Microsoft Teams and messengers like Line or Signal are popular among businesses. These tools are accessed both through corporate devices in the Local Area Network (LAN) and through personal devices. A typical risk scenario arises when sensitive data, legitimately shared among authorized users, remains stored in chat histories that can be accessed from any device outside the corporate network.
By integrating DLP directly with messengers, the system can block sensitive data in chats in a device-independent way. The same logic applies to cloud storage, where data is shared via links. A DLP system can check whether such links lead to confidential content and protect it against unauthorized access.
However, there is another challenge. The growing popularity of business software that can be accessed from anywhere makes it nearly impossible for DLP developers to support every platform out of the box.
Therefore, it is more practical for vendors to provide customers with built-in tools for independent integration.
What Customers Can Do
In order for different systems to integrate, they must “speak the same language.” In this context, that “language” consists of technologies—like network protocols and standards—that both sides support. Most modern services provide support for:
- REST API
- ICAP
- ODBC
- SYSLOG/CEF
Ideally, a DLP system should support all of them, giving the customer maximum flexibility to monitor different external systems or export incident data outside the DLP.
Ultimately, it is about convenience. It is good if integration does not require manually writing any scripts or code. The integration tools should be accessible directly through the interface, potentially as a standalone service. Even better if they can be activated by simply checking a box in the settings—where, for instance, you can specify the address of an external client for ICAP and configure basic parsing options.
A customer can request manuals and practical integration scenarios from the vendor if they are not included in the standard documentation. Well-prepared materials make it easy to adapt existing examples to specific needs. As a result, nearly any integration can be achieved smoothly and without additional cost in terms of effort, time, or budget.
What Vendors Need to Do
Yet, not all services that need to be controlled with DLP support versatile protocols and standards. This is typical for ecosystems that operate according to their own internal standards. And here the vendor’s assistance will be required.
For example, to integrate with Microsoft 365, a DLP solution must support the Graph API. This requires a full-scale work on creating new functionality, involving significant effort from developers, QA teams, and more. If a customer urgently needs support for a platform that the vendor has not yet implemented, they will simply have to wait. Meanwhile, the need for ecosystem control is growing. Due to that, companies have to seek out DLP solutions that already support the necessary platforms.
The good news is that there are not that many corporate ecosystems or widely used collaborative software solutions in business, which makes it feasible for DLP vendors to cover them. The leading DLP providers can often integrate with popular services out of the box or are actively enhancing their functionality.
Conclusion
In today’s environment, when cloud solutions and services are widespread, DLP customers need to look beyond traditional interception channels and focus on a system’s integration capabilities. It is important to compare available tools of integration, their implementation quality, and the number of supported protocols. Equally critical are the system’s out-of-the-box features: which services the vendor already supports, how actively they are expanding the list of monitored services, and whether those services are relevant to your needs.
To avoid confusion in standards and choose the most effective DLP solution for your requirements, consider the following steps:
- Make a list of corporate services and find DLP systems that support them out of the box.
- Compare data exchange technologies used by your corporate services and DLP. If there is no ready-made integration option, it might be achieved at the level of these underlying technologies. If a convenient interface is provided, you can integrate the DLP system yourself and get immediate results.
- Request custom development from the vendor, if necessary. It is beneficial for both parties: the vendor, who adds functionality the market demands, and the client, who gets exactly what they need.
Integration is the future of DLP. Only by integrating can companies reliably control an increasingly “blurred” perimeter, a challenge that continues to grow in importance. Leading DLP vendors recognize this and are actively expanding related capabilities. They offer out-of-the-box integrations, implement data exchange protocols and standards, and so on. These measures are especially important because they enable customers to quickly take control of the required services on their own. The key is that these features must be implemented in a user-friendly way.