Differences between SaaS DLP and legacy on-prem Data Loss Prevention solutions

It can be too complex and heavyweight for small and midsized companies handle legacy DLP solutions. But SMBs with limited IT capacities also face the same risks of internal data leakage, and the resulting incident impacts can be devastating. Luckily there’s an alternative – cloud-native SaaS DLP.

computer

If you run an SMB company or work for one, you usually have limited to no in-house hardware infrastructure, because there’s usually no reason to manage your own servers.

group

SMBs also have minimal IT capacities, and due to the broad scope of IT admin or manager responsibilities, there’s little room for increasing their security expertise.

verified_user

That’s why it can be almost impossible to implement a legacy DLP solution, even though it could help prevent sensitive or confidential data from leaking outside of the company.

Legacy DLP alternative: Next-gen SaaS DLP 

The cloud is the way to go when you don’t have or don’t want to have your own servers. With cloud/SaaS you can use the solution as a service, so you don’t need to worry about keeping it up and running. The vendor’s SLA ensures DLP availability.

The advantage of a cloud-native DLP solution is that it’s designed from scratch to run in the cloud efficiently and reliably. It’s also multi-tenant by design so that it can be provided and managed by MSPs (Managed Service Providers).

The “cloud-native” and “multi-tenant” architecture also means that it can be deployed in minutes. There’s no need to install servers, databases, or a management console. The only installation required is the remote deployment of “clients” to endpoint devices.

Ease of use comes with next-gen solutions

Whether a DLP solution is centrally managed by a MSP or by an IT manager in a SMB organization, it needs to be easy to use and as simple to manage as possible. In other words, it should be straightforward and semi-automated, with pre-configured settings and out-of-box templates.

We in Safetica think that next-gen DLP, which is primarily “risk-driven”, must employ smart analytics to evaluate both the risk of data operations and individual users. Because knowing your risk level can help you anticipate potential incidents that could be difficult to secure using only DLP policies.

Cloud-native but still endpoint DLP 

Some vendors provide “Cloud DLP” solutions that mainly protect data stored in the cloud or SaaS applications. You may have also heard about CASBs (usually agentless Cloud Access Security Brokers), which protect data from being transferred to and from the cloud. These solutions require an internet connection to protect data.

For Safetica, next-gen cloud or SaaS DLP is a solution managed from a cloud console (via a web browser) that provides data security and risk assessment directly on endpoint devices.

Safetica’s SaaS DLP is agent-based, meaning the client must be hosted on the computer that classifies the sensitive or confidential data, enforces the DLP policies, and collects data for risk evaluation.

One of the main advantages of an endpoint DLP is that it always works, even when the device is offline.

With endpoint DLP managed from the cloud, you can still prevent data from being uploaded to an unsecured cloud and classify (and protect) data downloaded from cloud services.

When combined with CASB, the endpoint DLP provides complete protection against data leakage.

SaaS – DLP as a Service 

When using DLP solution as a service you should have transparent and convenient subscription options – either monthly or annually.

The main benefit of a monthly subscription is that you can increase and decrease the number of protected users on a monthly basis.

Also, a monthly subscription may be more attractive in terms of cash-flow management. On the other hand, annual subscriptions are usually cheaper.

In Safetica we offer a pay-as-you-go model with a “per-user policy”. Customers pay based on the number of users they need to protect.

TCO of SaaS DLP vs. legacy on-prem DLP 

When considering which solution to choose it’s important to calculate the total cost of ownership. If you simply compare the license/subscription price per user, an SaaS can appear more costly.

However, with a legacy on-premise DLP solution, you need to consider the cost of buying, operating, and maintaining servers and databases (including possible hosting or datacenter costs). You usually also hold full responsibility for keeping the server with the management console available.

Administration of complex DLP solutions also require more experienced specialists with a significantly larger time capacity. In our experience, the difference could be 1+ man-day per week in the case of legacy on-prem DLP vs. a couple of hours per week with next-gen SaaS DLP.

And what do our customers think of the future of business? Vladimír Püschner, IT PMO & Innovation Director at Direct Parcel Distribution CZ considers SaaS and cloud applications as the way to go.