Shifting data security from ‘prevention’ to ‘protection’
March 13, 2019
Richard Agnew, VP, EMEA, Code42, explains why companies need to rethink their approach to data security and the concept of data loss prevention (DLP) and how to move from data prevention to protection.
For years, organisations have spent billions on defense-in-depth strategies to prevent data leaks, loss, misuse and theft. Despite these large investments, valuable data is leaving companies every day. The reality? Prevention-only strategies are no longer enough. A new approach to data security is needed.
Data loss prevention (DLP) technology is a key component of the information security stack at many organisations, enabling them to detect and prevent potential data breaches and data exfiltration incidents. The problem is DLP as we know it is in dire need of a reboot.
Most traditional DLP products involve lengthy deployments, lock down access to data, and block employee collaboration and productivity with restrictive policies that govern data use. These tools simply no longer meet the needs of the modern enterprise.
Organisations today are more agile and fluid than ever, with employees, endpoints and data scattered across servers, cloud services and geographies. Business users require the fastest possible access to applications and data, and the ability to easily collaborate with colleagues and customers. Legacy DLP was not designed for this kind of environment.
Older DLP systems, which monitor and block data in use, in motion, and at rest, including stopping users from moving data outside designated spaces and blocking unauthorised downloads, have a number of drawbacks.
One is that they are complex to deploy. Because they require policies, organisations have to deal with the complexities associated with managing and policing rules. Creating and implementing policies can take months or even years.
Oftentimes, organisations hire third parties to set up complex policy libraries, which can be a terribly costly endeavour. Legacy systems also have expensive and challenging hardware management issues, and complex and costly modular architectures.
Adding to these complexities, legacy DLP systems are difficult to manage. Because data usage patterns are dynamic, DLP policies must be adjusted on a regular basis, which can lead to lots of false positives. This only leads to further complication when the policies result in unwanted blocks on users and then exceptions need to be created.
Exceptions, like policies, need to be tuned and cleansed over time. Both tacks result in significant drains on IT and security resources.
Another shortcoming of legacy DLP is that these systems block employee productivity and can stifle collaboration. Even with efforts to refine DLP rules to fit unique users and specific business use cases, oversensitive policies inevitably misinterpret users’ actions or intent, and regularly hinder them from doing their work. Because of this, even the most responsible employees end up looking for workarounds or formal policy exceptions, which can further compromise security.
Legacy DLP also fails to protect sensitive data, something that can get organisations in trouble from a security as well as regulatory compliance standpoint. These products were mainly designed to recognise patterns found in structured, regulated data. But the vast majority of IP exists as unregulated data, and DLP policies often leave this less structured data exposed.
Finally, legacy DLP limits data visibility. Because these systems focus on restrictions and rules, companies deploying them can actually end up reducing visibility to important data. With a focus on known data risks and behaviours, they can create blind spots for unexpected activity.
Ultimately, organisations are looking for solutions and technologies that will help them answer fundamental questions about data: Where is my data? Who has access to my data? How can I monitor when and what data is leaving my organisation? Bottom line – how can I better protect my data?
Fortunately, there is a smarter approach to protecting data that avoids the shortfalls of traditional DLP. The latest generation of DLP technology focuses more on protection rather than prevention, enabling organisations to safeguard their data while not hindering performance, productivity and user experience.
These newer, cloud-based systems allow companies to protect high-value data and intellectual property (IP), regardless of whether it is regulated or unregulated information. They can quickly detect insider threats, help satisfy regulatory compliance requirements, and speed incident response without the need for lengthy deployments, complex policy and exception management, or negative impacts on user productivity.
Next-generation data loss protection solutions collect, monitor, and investigate data movement across an organisation, without requiring restrictive policies that block access to certain classifications of data. Removing the need for policies can save companies considerable time and resources. The products are designed to allow users to work without hindering their productivity and collaboration.
Several key capabilities set the latest data loss protection systems apart from earlier iterations of the technology. One is that they can automatically collect and store all versions of every file across all endpoints, and index all file activity across endpoints and cloud services.
Another is that they help identify file exfiltration, providing visibility into files that users are moving to external drives or shared via cloud services. Administrators are alerted when unusually large amounts of data are transferred to removable media or the cloud; and if files actually do leave the organisation, the data loss protection systems let security managers see exactly what was taken and restore the files.
Finally, they also help organisations quickly triage and prioritise data threats by searching file activity across every endpoint and cloud service within a matter of seconds.
Organisations have relied on traditional prevention-focused DLP products for a long time, but the time has come to deploy newer, more effective offerings. They need to rethink their approach to data security and the concept of DLP and move from data prevention to protection.
The stakes are high. As many as half of data loss incidents at today’s enterprises involve insiders according to McKinsey, and these incidents pose a critical threat because they often include valuable information, such as IP and sensitive customer data.
Organisations are under pressure to protect this data from loss, leak, misuse and theft. With next-generation data loss protection, they can achieve that without having to deal with complex management issues and poor performance, or having to compromise user experience and productivity.
As organisations look to advance their data security strategies, they will need solutions such as next-generation data loss protection to safeguard data without hindering processes.
Alphabet's proposed "smart" city development in Toronto is facing fresh questions over the project's data-gathering technology from a panel advising the Canadian government-mandated body in charge of getting it built. Alphabet …
Shareth Ben, Insider Threat SME at Securonix, discusses insider threats. He also provides recommendations on how organisations can implement insider threat programs, in order to help protect against the security …