DLP systems typically require on-premises systems that monitor data use within a network and flag suspicious activity. With Verdasys' new cloud-based offering, the analysis of data flow is done off-site, without any sensitive information ever leaving the customer's site.
Verdasys is hoping the traditional advantages of cloud computing -- removing the need to buy hardware and off-loading the management of the system -- could make it an attractive option for midsize organizations looking to implement a DLP program. DLP has been somewhat slow to take off overall.
[ BACKGROUND: Next up for DLP: The cloud?
PROTECT YOURSELF: How to spot a social media scam ]
DLP systems are meant to ensure that sensitive information -- which is defined by the customer -- does not leave a company's network. If an employee attempts to download the company's IP and trade secrets on to a personal USB drive, a DLP system should be able to catch that and prevent the transfer.
Usually this has required an on-site footprint, including monitoring software, a centralized system for collecting the data traffic information and an on-site representative to analyze it. By using the cloud, Verdasys brings almost all those functions off-site, into its private cloud.
But Verdasys does not actually send any of the data it is analyzing up into its private cloud -- which is hosted by Rackspace's managed services division. Instead, Verdasys sensors that are positioned throughout the customer's network send encrypted, hashed metadata about the data traffic for analysis. This is a key, Verdasys officials say, for allowing the system to be able to monitor sensitive data without it having to leave the customer's network. "Metadata is descriptive language that defines the data, but does not contain it," says Bill Munroe, VP of marketing.
The company's Digital Guardian software, which powers the DLP system, analyzes the traffic flow and creates alerts for any suspicious activity. The system allows customers to see which employees have moved which files where, as well as provide encryption and hashing services to protect the data.
Verdasys' offering is the latest in what Forrester analyst Ed Ferrara says is a move by security vendors to push services to the cloud. "There's a huge amount of pressure on security organizations to look at the cloud seriously," he says.
DLP in the cloud can come with its concerns, though. Chief among them is the amount of information that must be sent to analyze. Even if only cached metadata is being sent to the cloud for analysis, that can still add up to be a lot of traffic for midsize to large organizations.
A variety of other security vendors -- including Trend Micro, McAfee, RSA, Symantec and CA -- are looking into cloud-based offerings, but Verdasys and BEW Global appear to be furthest along in their offerings, which are already on the market. Verdasys' system is priced between $6 and $14 per user per month, depending on the level of service.