- Security TWENTY
- Women in Security
It’s the end of data loss prevention (DLP) as we know it—and security executives should be happy about this development, writes Richard Agnew, VP EMEA at the data loss prevention (DLP) software company Code42.
Over the years, the majority of traditional DLP tools have required time-consuming deployments, locked down access to data, and blocked employee collaboration and productivity with the use of restrictive policies that govern data use. It’s been well documented that companies are fed up with their DLP implementations, which in many cases leave security teams exasperated and bewildered.
These older tools no longer meet the needs of modern, progressive enterprises, many of which are implementing digital transformation strategies to become more innovative, accessible, and competitive. Organisations are striving to be more agile than ever, with employees, endpoints, and data scattered across servers, cloud services, and regions. Business users need the fastest possible access to data and applications, and they want to be able to easily collaborate with their colleagues. Legacy DLP isn’t suited for this kind of environment.
Older DLP platforms monitor and block data in use, in motion, and at rest. They prevent users from moving data outside designated spaces, and block unauthorised downloads. But these systems have a number of drawbacks. For one thing they’re difficult to deploy and often come with challenging hardware management issues. Furthermore, because they require policies, there are complexities associated with managing and policing rules. It can take companies months or even years to create and implement policies. To speed implementation, many companies hire expensive third parties to create their initial policy libraries. Smaller organisations that have valuable intellectual property (IP) to protect too often are priced out of DLP solutions when it comes to professional services engagements such as this.
Adding to these complexities, legacy DLP is difficult to manage. Because data usage patterns are dynamic, DLP policies need to be adjusted regularly. Failing to make the proper adjustments can lead to many false positives and result in a big drain on security resources.
Another shortcoming of legacy DLP systems is that they can hinder user productivity and collaboration. Despite efforts to refine DLP rules to fit unique users and use cases, oversensitive policies ultimately misinterpret users’ actions, and hinder them from completing work. Even the most responsible employees oftentimes end up looking for workarounds or requesting policy exceptions, both of which can leave data unnecessarily open to risk. This runs counter to why organisations implement DLP in the first place.
Traditional DLP also fails to protect sensitive data. These products were mainly designed to recognise patterns found in structured, regulated data. But the vast majority of intellectual property exists as unregulated data, and DLP policies often leave this less structured data exposed.
Finally, legacy DLP limits data visibility. Because they focus on restrictions and rules, these systems can actually end up reducing visibility to vital data. By focusing only on known data risks and behaviours, managers cannot detect unexpected activity.
A Smarter Approach
The good news is there’s a better approach to protecting data that overcomes the shortcomings of legacy DLP. The latest generation of DLP solutions focus more on protection rather than prevention. That allows organisations to safeguard data without affecting performance, productivity, and user experience.
These cloud-native platforms enable organisations to protect high-value data, regardless of whether the information is regulated or not. They can quickly detect insider threats, help satisfy regulatory compliance, and accelerate incident response without the need for complex policy and exception management challenges or negative effects on productivity.
Next-generation data loss protection solutions are capable of easily collecting, monitoring, and investigating data movement across an enterprise, without the need for excessive and restrictive policies that block access to certain types of data. By eliminating the need for policies, organisations can save a lot of time and money. Employees can work without hindering their productivity and ability to collaborate with colleagues.
The latest DLP solutions differ from older offerings in a number of key ways. For one thing, they can automatically collect and store all versions of every file across every endpoint, and index all file activity across endpoints and cloud services.
The benefit in the case of insider threats is that security teams can be alerted to abnormal patterns of data movement so they can take action even before the IP leaves the building. Or in the case of a ransomware attack, an organisation retains its data and can restore it. This provides important options other than paying a ransom.
Another benefit of the newer solutions is that they help identify file exfiltration, which provides visibility into files that users are moving to external drives or sharing through cloud services. Administrators are alerted when unusually large volumes of data are moved to removable media or to the cloud. If files actually do leave the organisation, the systems let managers see into the files so they can understand exactly what was taken and take action accordingly.
The solutions also help companies quickly triage and prioritise data threats by searching file activity across each endpoint and cloud service within seconds. Finally, the newer data loss protection solutions can be implemented within days rather than months, because there’s no need to create and refine legacy policies. Once they’re deployed, they are much easier to manage than legacy DLP.
For organisations looking to bolster security, it makes sense to deploy these newer, more effective tools and shift from data prevention to data protection. And enterprises looking to launch digital transformation efforts will need these next-generation solutions to protect data without hindering processes and productivity.