The present invention relates generally to the field of data security, and more particularly to cloud based data leakage protection.
Current, data leakage protection (DLP) solutions are very course grained and specific to a particular issue. Additionally, DLP solutions protect data from threats such as eavesdropping, ‘man in the middle attack’, and unauthorized access by privileged users within cloud providers. Such solutions aim to also insulate the data owner from deficiencies of ‘the cloud’ by applying security controls agnostic to the public domain data that is being transported within ‘the cloud.’ However, these solutions are very targeted and very specific to use. A more recent solution to DLP are cloud access security brokers (CASBs) solutions, which propose ways to provide protection of data for specific cloud software as a service (SaaS) providers. The aforementioned cloud security solutions, take advantage of a ‘man the middle’ capability to cater for course grained data protection use cases. For example, if an end user wants to share data with a SaaS provider, a proxy understands the message format, performs encryption on data elements before sending the desired shared data to the SaaS service, and the reverse occurs when the data is being accessed. However, there are deficiencies to these aforementioned security methods. These security methods aim to provide data protection generally via encryption, which can be very expensive. These approaches also require users to access data through known proxy solutions so encryption and un-encryption processes can be completed before a user can store and/or read the data, which is not always possible