Your Data Is Everywhere: Here Are The Critical Capabilities Of A Modern Data Loss Prevention (DLP)
This blog was originally published by Lookout here.
Written by Sundaram Lakshmanan, CTO of SASE Products, Lookout.
In some ways, IT teams had a great life in the early 2000s. Data was stored inside data centers and accessed through known ingress and egress points like a castle with a limited number of gates. As a result, organizations had control over exactly whom and what devices could access company data.
This is no longer the case. With users accessing cloud applications with whatever networks and devices are at their disposal, those defense mechanisms have become inadequate. To ensure their sensitive data is secure, organizations have to rethink their security model — including the way Data Loss Prevention (DLP) technology is implemented.
While DLP has been around for decades, it has reinvented itself in this remote-first environment. In this blog, I will discuss how modern DLP solutions, integrated into a cloud-delivered platform, can help organizations prevent data breaches, comply with regulations, while providing secure access to remote workers.
Why do I need a modern DLP solution?
Back when network architecture was centered around data centers, monitoring technologies like DLP existed on the edges of corporate perimeters or at the data exchange points. This worked because there were only a small number of apps and resources and organizations used relatively homogenous endpoints that were corporate-owned or managed.
About a decade ago, that castle-and-moat cybersecurity model started to break down. IT had to start accounting for other endpoints that didn’t use Windows such as MacOS, iOS and Android devices. It got even more complicated when corporate data migrated from corporate perimeters to private clouds and software-as-a-service (SaaS) apps, where each of them had their own unique configurations and security measures.
Now that security requirements have turned inside out, with users, apps and data residing mostly outside data centers, DLP has to expand beyond the perimeter’s edge. And with data moving so quickly, simple user errors or misconfiguration that were once harmless can now cause serious harm to an organization.
Content and context awareness DLP enables smart Zero Trust access
One of the most important differences between a modern DLP solution and its traditional counterpart is its ability to understand both the content and the context of a data exchange, which enables an organization to make smart access decisions that safeguards data without hindering productivity.
Know the risk levels of endpoints and users
With users and data no longer residing inside perimeters, the context by which data is accessed — such as who is accessing the data, their behavioral patterns and what risks are on the device they’re using — has become critical. In the spirit of Zero Trust, organizations shouldn’t provide any entity access until its risk level has been verified. But to do so efficiently, security teams must write policies that take into account the sensitive nature of the data as well as the risk level of the user and data.
A modern DLP has the insight to understand whether an account is compromised or an insider threat based on a user’s behavior, or the presence of risk apps on an endpoint. With those telemetry, it would be able to, for example, disable downloading privileges depending on whether the endpoint is managed or not or shut down access altogether if the user or endpoint is deemed high risk.
Identify, classify and encrypt data on the fly
In addition to context awareness, modern DLP solutions also have more advanced capabilities to identify and secure sensitive data. For example, an advanced DLP would have optical character recognition (OCR) and exact data match (EDM) to precisely identify data across any document type including image files, which is where data such as passport or credit card information is commonly found.
To ensure your data doesn’t fall into the wrong hands, organizations also need integrated encryption capabilities to take automated actions. With integrated enterprise digital rights management (E-DRM) as part of a modern DLP, you can encrypt data when it moves outside your sphere of influence, so that only authorized users have access.
DLP is the key to data protection, compliance and productivity
Modern DLP enables organizations to set up countless remediation policies based on the merit of the context being accessed and the context by which the exchange occurs. This means DLP is critical both to the productivity of your remote workers as well as data protection and staying compliant to regulations.
Protect data and remain compliant
Whether it’s sensitive intellectual property or data protected by regulatory requirements, organizations need to ensure that data is accessible but secure.
A modern, cloud-delivered DLP has the capabilities to efficiently identify the types of data you own across your entire organization — in data centers, on private clouds or in SaaS apps. It can also enforce policies with varying degrees of granularity by using E-DRM and technologies such as Cloud Access Security Broker (CASB) or Zero Trust Network Access (ZTNA) to block intentional and unintentional insider threats and compromised accounts from leaking or stealing your data.
In theory, your data would be secure if you lock everything down — but that would be detrimental to productivity. To tap into the full potential of cloud apps and mobile devices, you need to be able to make smart Zero Trust decisions.
By using DLP in conjunction with secure access solutions like CASB, ZTNA and endpoint security, you can give employees access to the data they need without introducing unnecessary risks to your organization.
Modern Data Protection Requires an Integrated Approach
In today’s complex hybrid environment, data goes wherever it's needed. This means organizations need the visibility and control they once had inside their perimeters.
A modern DLP that is delivered from the cloud is central to this. But it also needs to be integrated into a larger platform that can provide telemetry data about your users and endpoints and have the ability to enforce granular and consistent policies.
To safeguard your data in a remote-first world, security solutions can no longer be deployed in isolation.
Check out this Strengthening Cloud Security With SASE whitepaper to understand why organizations can build a holistic cloud security strategy.
Sign up to receive CSA's latest blogs
This list receives 1-2 emails a month.