The architecture of DLP, as I said as well, can be focused on data streams and data anywhere in our systems. So, network-based, storage-based, client-based, we can interdict and manage and look at traffic on the network, across our network as it moves back and forth on a client in storage. Anywhere data is, we can examine, we can look at, we can manage using DLP technology. When we think about applying DLP to the cloud, we have to think about the fact that data in the cloud tends to move and replicate very quickly. It's over here in this data center, but remember, we're stipulating, it's got to be available, highly available. So it's probably going to move and replicate to another data center somewhere and be available in multiple locations due to dispersion. And so, as a result of that, DLP may become a little bit more complicated because now we have to make sure we're analyzing the data, and we're analyzing and not just where it is but in all the places that it is, because first, it starts out over here. But now, it's dispersed into five or six different locations. Now we got to analyze it everywhere it is. It's just a broader, more encompassing approach around DLP because the DLP has to now scale the way the cloud scales. And storage has to scale the way cloud scales. So, in other words, everything has to be as scalable as the cloud architecture itself in order for us to do this. So we do want to be aware of that. The downside here potentially is to point out at the bottom of the slide is that DLP technology can adversely impact performance. We're not saying it's going to make things really slow, make things really hard to do, but like anything else, when we're looking at everything, examining it, kind of looking at what it is before we let it go on and do something or be used and consume somewhere else, there's going to be a small penalty or small delay in time and performance while we're doing that. The more volumes of data we have to go through, the higher the usage in the system, the more complex the data is. If the data encrypted, do we have to decrypt it to look at it, re-encrypt it and then send it on its way? These are things that will slow down and ultimately impact performance, and DLP will have to help us to figure those things out. We have solutions to help with that. We can offload the DLP engines into dedicated hardware acceleration. So we can effect. We use dedicated resources to be able to do that quicker and with the proper architecture, the proper thought process, and ultimately, the proper understanding of how to build the systems. So they are secure, but also focused on trying to optimize performance. And setting the right expectations along the way, we can balance that. But it's like anything else. It's not going to be perfect, but it can always be better. And so, we have to have the right approach and right understanding of that as we think about that. So, best practices around DLP in the cloud, things to consider, things to think about. We asked a series of questions here because these are the way that we can approach, coming up with what the best practices should be. What kind of data is going to be permitted to be stored in the cloud? We answer that question. We begin to be able to fine-tune and hone in on what DLP can really do for us. If we're going to store proprietary intellectual property, we're going to have a need for DLP to be focused in that area. If we're going to store customer centric data that we have to manage because of regulatory compliance, we now have to extend the reach of DLP, change and modify, and groom the focus of it to address those concerns. If we're going to store data that really doesn't have a lot of exposure, regulatory or compliance issues, doesn't have customer data, doesn't expose proprietary or personally identifiable information, then DLP will probably look very different. So we have to think about the kind of data to better understand the kind of system. In other words, where can the data be stored? What are the jurisdiction or jurisdictions that the data is available to be used? In other words, it's okay to put it over here in this country, but in this country over here, may have an issue because they have a law, or they have an approach, or they have a thought process about how they manage their data and what their expectations are going to be. That may be different than ours. We may not feel comfortable putting our data there in other words, and we have to know that. We have to stipulate that, and the cloud provider has to be told that, so the data doesn't go there when it's not supposed to be there. We don't want it exposed. How should it be stored? What kind of encryption are we going to use? Is the encryption strong enough? Will the retention period be long enough? These are again, things we would want to consider. What kind of data access is permitted? What devices can we use? What platforms? What capabilities? Which applications? What tunnel? How are we getting there? The architecture and the nuts and bolts, the underlying physicality of how we're going to set the system up becomes a focal point. And under what conditions is data allowed to leave the cloud? How do we pull data out of the cloud? And what are we able to do with it, when we do? If we can figure out how to answer and manage through these questions, come up with legitimate answers for them, and agree with the business stakeholders that these are the things that make sense, we can then use DLP and shape policy to then drive implementation that will allow us to be able to build and scale and create a very robust, very secure, very focused on business return and business value DLP solution. That's if we simply just say to our customers "Oh yeah, we're providing protection, could use this cool new technology called DLP. It's great. You're going to love it." And we don't really think about what that means. We just turn it on, and we filter everything. Well, customers are not going to love that because customers are going to see a degradation of performance. They're going to see the data randomly and sporadically is or is not available based on how they send the data, what they choose to use, what kind of data is there, and that they may or may not be able to do the things they want to do, not only consistently, but that they may or may not be able to do them at all. And this is going to prove to be a challenge for us because it's going to impact our ability to provide the resources and to meet the business requirements that we've been told are important for us to be able to do. So we really have to think about technology we choose. When we think about defense in depth, and we've talked a lot about the idea behind overlapping mutual layers of control that reinforce one another, so we create a mesh or a web. And by doing that, we're then able to absorb and hopefully defend and deflect against any attacks that come in because an attack may breach one or more layers of our defense perimeter. But if we have enough layers, enough concentric rings, it's not going to get all the way through. Obviously, this is going to be a good thing and an important thing. So, when we think about that, if we don't choose wisely, if we don't make good choices, then the defense in depth concept while still valuable is weakened, and it's not as valuable as it could be, it's not as strong as it should be, and it doesn't provide the amount of protection that it needs to in order to be maximally effective and ultimately maximally impactful because the problem becomes when we have a weak design or weak implementation decisions somewhere in one of our layers. That layer becomes compromised and really doesn't offer protection. It collapses, and it collapses in on the other layers. And then, as a result, it may prove to be the weak link that we often talk about. And remember, our defense is only as strong as our weakest element. If our weakest element is a lack of understanding of how to develop and fine-tune a DLP strategy, then that element may actually lead to our undoing because if we can't filter the data stream and data that is suppose to be compromised or rather that is supposed to be protected and stored becomes compromised, we haven't done our job. And we haven't done our job because it's something that we should have known we need to do. In other words, it was just really not only ignorance, but probably just bad planning and bad decision making on our part. And so, this is something we have to think about and be aware of.
