Resolving the Data Protection Challenge Across Cloud and Remote Devices

Written by David Richardson, Vice President of Product, Lookout.

As IT operations migrated to the cloud, it became easier to support remote and hybrid workers. The problem is that it has also complicated the infrastructure IT and security teams are tasked to protect.

Organizations far and wide have expanded their use of cloud and SaaS apps, especially over the last couple of years, to empower their users to stay productive and collaborate from anywhere. Many, though, have struggled to ensure their security strategies keep pace in this mode of operation, where users, endpoints, apps, and data now largely reside outside of the traditional enterprise perimeter.

This isn’t just a hunch. According to a report by the Enterprise Strategy Group (ESG), 59% of professionals say cybersecurity has increased in difficulty over the preceding two years. Furthermore, 33% of employees are now using unmanaged devices to access corporate resources and another third is composed of non-employees, including contractors, consultants, partners, and vendors.

The security landscape is completely unrecognizable compared to just a few years ago. One of the emerging frameworks looking to combat this complexity is Security Service Edge, or SSE.

The idea of SSE is to converge various security capabilities that used to be delivered by standalone products into a single solution, ensuring that you can provide secure access to SaaS apps, private apps, and internet access. In other words, you take your traditional perimeter and you move it to the cloud and around all of your data. As users access data across these different environments, your security capabilities follow.

But, as the ESG report points out, not all SSE solutions are created equal. At the end of the day, organizations need to protect their data. And if you look at the various offerings in the market, many are cobbled together via acquisition, which means they aren’t integrated very well. What’s also missing a lot of times is an additional layer of capabilities that focuses on protecting data.

For most organizations today, data resides across a multitude of apps and is likely being accessed by many unmanaged devices from outside networks. That requires modern, cloud-based protection that integrates endpoint and advanced user security with a modern Data Loss Prevention (DLP) solution that incorporates Enterprise Digital Rights Management (EDRM) and embodies the concept of zero trust. Digital Rights Management coupled with DLP rules integrated into a modern, cloud-delivered security stack allow you to fully protect your data across all the various places it lives, whether it be on-premise, in the cloud or even on local hard drives of end-user’s devices. By integrating these solutions into an SSE solution, you can write policies once for all your data protection needs and enforce them everywhere.

An example of a policy that can be accomplished with this new modern approach is to prevent credit card numbers or national identifiers, such as Social Security Numbers, from being able to be downloaded to any device. Using an SSE solution with integrated DLP and EDRM, you can write this policy once and enforce it across email, your video conferencing solution, your communication suite, your file sharing applications and your internally developed tools all at once. Furthermore, the policy will apply equally to all your devices, whether it be a fully-managed laptop or a BYOD phone or tablet.

SSE solutions that integrate DLP, in conjunction with secure access solutions like cloud access security broker (CASB), zero trust network access (ZTNA), secure web gateway (SWG), firewall as a service (FWaaS) and endpoint security, ensures that employees anywhere can access the data they need while providing the security teams with centralized control and monitoring capabilities.

An integrated SSE solution should reduce infrastructure complexity and improve the user experience by consolidating multiple, disparate security capabilities into a single-vendor, cloud-centric converged capability. More importantly, organizations need to be sure a proposed solution has robust and agile data protection capabilities that doesn’t negatively impact the user experience.

About the Author

As Vice President of Product Management at Lookout, David Richardson is responsible for developing and delivering cutting edge AI-based security solutions to protect enterprises from cyber threats. David took this expanded role after 11 years of service to Lookout in a variety of roles throughout engineering, product management and product strategy; most recently leading all product lines. David has been hacking on mobile devices since the early days of Palm and Windows Mobile. He is a frequent speaker at security conferences discussing new threat vectors he has discovered to attack Android and iOS devices. David has over 50 patents issued, most pertaining to finding novel ways to secure mobile devices. In his free time, David is an avid karaoke singer and board game enthusiast.