The heading itself is appealing enough, for most of us to immediately agree and even guess what I am about to write next. The cloud brokers, CASB and changing demographics overall are going to make things really interesting in the next 5 years I’m sure. The promise that ‘absolutely nothing?’ is going to be hosted locally now, yet letting the data/business owners completely control the egress through the CASB or other mechanism is quite a fascinating reality we’re able to live today.
Completely in the dark at the moment (excuse my limited exposure if more information is already out) iall one could do now is speculate that both LinkedIn and MS Office Clouds continue to stay into separate homes. Separate enough for a DLP Sensor to be able to analyze MS Office content before it reaches a LinkedIn contact. The ability statement is a single line I wrote here, but we all know the array of distinct possibilities it calls for, when designing an Architecture. Not just that, but when Companies welcome LinkedIn as a productivity tool, there arises a need to even white-list Business Critical contacts where office document sharing needs to be allowed. At that time, I’m sure we either need to (a) think bigger than live LDAP lookups, custom lookups via pearl and CSV lookups or (b) the 'great' Active Directory be smart enough to recognize the LinkedIn profile in the form of attributes which then DLP utilizes to such an extent that an actual free flowing workflow based automated exceptions are possible. Some special scenarios like contractor and vendors requiring access (not part of the domain/directory as a whole) also sounds challenging & interesting both, to me.
On the other hand, if Office and LinkedIn agree to 'move-in' together in the same cloud, would that not mean that we either depend on the access mechanism code and wait till ‘an open ready-to-use plug’ is provided to security vendors. If not then would the entire onus fall upon the local host based DLP agents who are reliable only to an extent?
Somewhere does 'all of this' not suggests, that its almost close to mandatory to move into a cloud based proxy so that, all egress irrespective of any factors is scoped. Well I know most people would argue about ways we could route all traffic back from the Microsoft-Linkedin cloud and pass it through your local proxy infrastructure but imagine the challenges in implementation right from hardware, software, man-power and contractual loops.
Look forward to your comments – like always all types of comments are welcome here - incl. corrective, deterative & complementary :-). Cheers!!!