blog DLP

Decoding DLP: Real-Time, Near-Time, and At-Rest

Slide 16 9 45

In today’s digital landscape, data has become one of the most valuable assets for organizations worldwide. With the proliferation of cyber threats and the increasing regulatory requirements for data protection, safeguarding sensitive information has never been more critical. This is where Data Loss Prevention (DLP) comes into play. DLP encompasses a set of tools, policies, and processes designed to prevent the unauthorized access, transfer, or exposure of sensitive data. 

There are three primary types of DLP solutions: Real-time DLP, Near-real time, and At-rest DLP. Each type serves a distinct purpose and plays a crucial role in ensuring comprehensive data protection across various environments. 

Distinguishing between real-time, near-time, and at-rest implementations is essential for devising effective security strategies. Each approach offers distinct advantages and addresses different stages of data processing and storage. Let’s delve into these differences and underscore the significance of real-time DLP, especially in the context of unified communication platforms like Teams and Webex. 

Real-Time, Near-Time, and At-Rest DLP: Explained 

Real-Time DLP:  

Real-time DLP operates instantaneously, analyzing data as it flows across networks or endpoints. This proactive approach enables immediate detection and prevention of unauthorized data transfers or leaks, mitigating potential security breaches in real-time. By continuously monitoring data in motion, real-time DLP provides swift responses to security incidents, bolstering the organization’s defence against evolving threats. 

Near-Time DLP:  

Near-time DLP, sometimes referred to as near real-time, involves the analysis of data with minimal delay after its creation or transmission. While not as immediate as real-time DLP, near-time DLP still offers timely detection and response capabilities, allowing organizations to identify and mitigate security risks shortly after they occur. Near-time DLP strikes a balance between real-time monitoring and processing efficiency, providing effective protection against data breaches without imposing significant overhead. 

At-Rest DLP:  

At-rest DLP focuses on safeguarding data that is stored or inactive. This approach involves scanning and securing data repositories, endpoints, and cloud storage to prevent unauthorized access or manipulation of sensitive information. At-rest DLP applies encryption, access controls, and data classification to ensure that stored data remains protected from external threats and insider risks. 

The Importance of Real-Time DLP 

Unified communication platforms like Microsoft Teams and Cisco Webex thrive on instant collaboration and information exchange. In such dynamic environments, real-time DLP emerges as a cornerstone of data security. Here’s why: 

Immediate Threat Mitigation:  

Real-time DLP enables organizations to swiftly detect and respond to security incidents as they unfold. By intercepting unauthorized data transfers or leaks in real time, organizations can prevent data breaches before they escalate, minimizing potential damages and mitigating risks to sensitive information. 

Continuous Monitoring:  

With real-time DLP, organizations benefit from continuous monitoring of data in motion across networks, endpoints, and cloud environments. This persistent surveillance ensures comprehensive coverage and visibility into data activities, allowing organizations to stay ahead of emerging threats and enforce data protection policies effectively. 

Enhanced Compliance:  

Real-time DLP helps organizations maintain compliance with regulatory requirements by enforcing data security policies in real time. By monitoring and controlling data flows, organizations can demonstrate adherence to data protection standards and mitigate the risk of compliance violations, protecting their reputation and avoiding costly penalties. 


In conclusion, Data Loss Prevention (DLP) plays a vital role in safeguarding sensitive data across network, endpoint, and cloud environments. By implementing comprehensive DLP solutions, organizations can protect their valuable assets, mitigate the risks of data breaches, and ensure compliance with regulatory requirements. In the context of unified communication platforms like Microsoft Teams and Cisco Webex, DLP becomes even more critical, helping organizations maintain confidentiality, integrity, and availability of data in today’s interconnected and collaborative business landscape. 

Explore DLP Solutions


Block File Sharing: Prevent Information Leaks in Microsoft Teams

In this blog, we will answer questions on how it is possible to block file sharing in OneDrive and Sharepoint, the core  of the Office 365 cloud for companies

  1. Introduction: What are OneDrive and SharePoint? What are their differences?
  2. Compliance and security issues emerging from OneDrive and SharePoint usage
  3. The limitations in the existing solutions, Focus on Information Barriers
  4. How to block specific users and groups from file sharing in OneDrive and SharePoint

A small piece of advice: If you are just interested in blocking specific users and groups in MS OneDrive and SharePoint click here to skip the first part of the article.


Microsoft OneDrive and SharePoint are easily confused, while the 2 fulfill the same function of being the cloud storage offered by Microsoft, both have some differences and it’s worth noting them.

OneDrive tends to be used more for personal private documents SharePoint is a central location for managing files for a group of people that can happen within Teams, Yammer, and Outlook or directly in SharePoint as a file management system. SharePoint also can be used for designing sites with or without documents

OneDrive and Sharepoint in Teams

Inside the MS Teams environment, OneDrive and SharePoint play 2 different roles that can be noticed.

OneDrive handles files in personal and group chats or in the Files Tab while SharePoint handles files that are sent in channels, chats, or posted in their respective Files Tab

This difference although technical will play an important role when having to deal with file permissions on these platforms

Compliance and security issues emerging from OneDrive and SharePoint usage

Let’s take a look at some of the most common problems that emerge with OneDrive and SharePoint.

In a simple scenario, let’s suppose we are dealing with 2 teams at the company: HR and Finance

The HR department may be handling documents with sensitive information: Payroll, employees’ private information, medical records, and the like.

Companies are aware of the issues of not controlling Private Information (PI & PII) that can result in regulation breaches or major data leaks. This is why, for example, an organization would ideally like to prevent anyone other than  HR employees from accessing that information.

Another example may be the finance department not being able to share information with a specific team, like the stock research departments (see our article on Finra for more information on this kind of policy) or company policy that does not allow any finance document to be stored in the cloud.

Basically, any information that has to be controlled between a team or more, or any information that can’t leave a specific team represents a serious threat when using OneDrive and SharePoint

The limitations in the existing solutions, Focus on Information Barriers

Once I was told that the definition of a system is that, any good or even a great system can collapse. For example, a building has a specific number of elevators, but if everyone is in need at the same time, that system collapses.

The analogy can be applied to our case in Microsoft Teams, while there are some solutions such as Information Barriers that address blocking people and groups from communicating, it doesn’t completely prevent them from possible threats and risks..

It is important to note, it only takes a matter of seconds for an employee to share OneDrive and SharePoint files externally without the organization being aware 

How to block specific users and groups from file sharing in OneDrive and SharePoint

Companies that are interested in controlling file sharing and access in OneDrive and SharePoint can check at SphereShield for OneDrive SharePoint.

SphereShield works in real-time, meaning it will not allow, for even a second for the shared file to be seen or noted. What is more, its granularity allows for unlimited policies to be set with different employees or groups.

AGAT’s compliance product addresses problems like

-Preventing specific groups (like finance) from uploading files to SharePoint or OneDrive (and MS Teams through SphereShield Ethical Wall for MS Teams).

-Limiting a specific group from sharing with any other group or any specific group.

-Blocking 2 teams from sharing files with each other.

SphereShield for OD & SP contains a governance feature that allows assigning policies to any SharePoint site inside the company. These policies are designed to determine which groups are allowed to be members of which sites.

Eg. prevent the finance group from accessing the SharePoint site of the HR group.

If you would like to learn more about SphereShield contact us today to see a live demo from one of our experts.

User case of blocking groups while still allowing them to meet together.

Exceptions of specific sites allow people to communicate.


Microsoft TeamsL: DLP Limitations

If you’re looking for additional software protection, this video blog is a great resource.

Microsoft Data Loss Prevention is feature-rich and widely used. We’re not talking about Microsoft’s Data Loss Prevention add-on for Microsoft Teams for the first time. When your business users are guests in another company tenancy, their data is not reviewed. As a visitor, an employee from business A interacts with an employee from company B.

While a visitor at business B, an employee from company A will be able to transmit messages or files that violate the company’s DLP without any restrictions. When your company’s users meet with other firms anonymously, MS DLP does not check the data. This implies that if a user attends an external meeting, the native Microsoft Data Loss Prevention will not be able to manage it. Although DLP infractions inside the organization are already significant, breaches to other companies will be far more damaging.

Please contact AGAT Software for more information
Write us an email at:
And don’t  hesitate to contact us !