When we entered the Data Loss Prevention (DLP) market, all vendors were exploring the possibilities of an unknown territory. Most of them, including us, started with Device Control or USB security capabilities for organizations – to remotely control users’ access rights to USB devices, CDs, DVDs, HDDs, and other storage devices and to encrypt data on them. Slowly the market evolved to offer advanced content-aware DLP, either at network or endpoint level. Currently, the products’ offerings have aligned more or less, and what DLP means has been standardized to a certain level by analysts, industry experts, and security professionals.
Now, in 2017, we are introducing a new category to Data Loss Prevention and data scanning with sensitivity.io.
sensitivity.io is best characterized as a unique approach to DLP, offering SDKs and APIs that you can use to scan data in motion, data in use, in-app data, making DLP part of the apps, services, and programs that you build, use or sell. The product eliminates the traditional DLP products’ limitations, like false positives, lack of adaptability according to the organization’s environment, applications, infrastructure, business scope, lack of visibility into data at its origin, and others. But most importantly, sensitivity.io allows developers to integrate DLP and compliance functionalities at the source of data, where it is created, stored and processed and in any infrastructure, platform, software, application or service. Discovery of threats is done based on definitions of sensitive data available in the sensitivity.io Control Panel – file type, predefined content (Personally Identifiable Information, Credit Card Numbers, Social Security Numbers, etc.), keywords, and Regular Expressions.
sensitivity.io offers three solutions:
1. SDKs for in-app DLP
This is the most powerful solution in terms of what developers can accomplish with it. There is no boundary to what they can achieve.
Let’s consider an example: you are a software developer for a financial company building its own invoicing software. You developed a web-application where accounting is generating invoices, a desktop application and a mobile app for iOS and Android. This architecture covers all employees’ needs. Among your responsibilities in the development process is achieving regulatory compliance and data protection. To do that effectively, you need to know if and what threats exist at all levels of your invoicing software – the server, the desktop, and mobile apps. With our SDKs for in-app DLP, you have the option to bake in a scanning engine with compliance and predefined protection profiles in all your invoicing software components for a complete threats discovery. Subsequently, you can build on top of our SDK the remediation measures you want your software to take when it discovers relevant data security risks – to encrypt sensitive data, to delete it, to block its transfer, quarantine it, etc. All these can be customized according to what’s best for your company and the specifics of the software or app you’re developing, like the scenarios in which apps’ data is transmitted and to what destinations, how users are interacting with data, and many other factors.
2. SDKs for DLP Cloud Engine
The second option, which you can use together with the first one, or independently, gives you a straightforward method to detect confidential information within apps and services, by allowing scanning from our DLP Cloud Engine, with results being displayed in our Control Panel. All settings, definitions, protection profiles, etc. can be setup in the Control Panel and applications can be included in projects for better management. A project is a set of applications and services with certain protection profiles and common attributes, e.g. a project for cloud storage services to discover PCI-DSS information, a project for chat apps to detect Intellectual Property information, a project for invoicing software to detect financial records, etc.
For your convenience, we took care of all the setup, integration, and configuration on a local SDK and we provide you simple JSON Rest API calls for your data which can be in the format of strings, raw data or file uploads. You get SDKs, libraries, and code samples for all major platforms and programming languages. The best part is that data is automatically classified and analyzed, so your development efforts are reduced.
3. Remote Cloud Services Scanner
We thought of all possible use cases, so this third option is designed to optimize resource consumption, allowing you to include a scanning module in your cloud application by using our scanning infrastructure. You can trigger the remote scanner directly from your app to perform data inspection and retrieve results based on the settings you specified in your sensitivity.io account. You decide where results are displayed, in your app or in our Control Panel, where different analytics and alerts are available.
An alternative to the previously mentioned scenario is the use of the remote scanner with no additional changes in your application, just by making these two interact through our API. Let’s say you want to scan all data from your company Google Drive accounts to discover information security policy violations. You simply connect the sensitivity.io Remote Cloud Services Scanner to the Google Drive accounts and go to the sensitivity.io Control Panel where you initiate the inspection. You can then visualize threat elements in real time, see the returned results, set up alerts and make use of all the other features provided by the Control Panel.
Regardless of the solution that you choose, depending on what fits best with your organization’s needs, remember that it is only the beginning of a smart and complete data protection and compliance implementation. The beauty of sensitivity.io is the fact that it offers you a strong foundation with unmatched visibility upon which you can make solid decisions regarding cyber security.
If you have a specific scenario in mind and want to know if it’s possible with our SDKs and APIs, feel free to drop us an e-mail at team[at]sensitivity.io. We will be happy to offer additional information.