Silverlight

Introduced by Microsoft in 2007, Silverlight made it possible to dynamically load Extensible Markup Language (XML) content that can be manipulated through a Document Object Model (DOM) interface, a technique that is consistent with conventional Ajax techniques. Microsoft announced End of Life in 2015 and terminated support in October 2021 (https://en.wikipedia.org/wiki/Microsoft_Silverlight).

Microsoft encourages organisations to build Enterprise Applications utilising Silverlight
(https://learn.microsoft.com/en-us/archive/msdn-magazine/2009/january/silverlight-build-line-of-business-enterprise-apps-with-silverlight-part-1).

Application Frameworks have been built using Silverlight (https://diabsolut.com/why-clicksoftware-8-3-is-being-retired) and there will be instances where organisations still need to use legacy appplications that depend on Silverlight.

Using Cybersecurity controls to block access to online resources based upon Categorisation, Deny Lists, Firewall rules etc is not effective as Data Loss Prevention technologies.
For users who have the capability to use ActiveX technology, the use of this upload method demonstrates they can easily move sensitive/confidential data outside of organisations.

Supporting legacy technologies increases the scope by which data can be transferred out of organisations, and the associated likelihood of a Data Loss risk event occurring must be considered.
The impact of a Data Loss risk event will depend on the content and amount of information that has been uploaded via Silverlight.

Use DLP-TEST to assess: - 

- Coverage of DLP Technologies to detect data being uploaded via the Silverlight method.
- Capability of DLP Technologies to accurately detect sensitive/confidential data being uploaded via the Silverlight method.
- Ability of DLP technologies to ignore data being uploaded that is NOT sensitive or confidential.