Data Security Requires DLP Platform Convergence

Organizations have traditionally used a castle-and-ditch cybersecurity model to protect sensitive data. Users can only access applications and data from inside the castle, with the protection perimeter defined by the moat.

The cloud breaks this pattern. It becomes difficult to extend the traditional IT perimeter to include cloud applications and services, as well as data stored outside of on-premises corporate IT infrastructure.

Cloud adoption is ubiquitous and many organizations have adopted a cloud-first deployment policy. However, organizations continue to use on-premises infrastructure. So the new normal IT infrastructure is hybrid multi-cloud. In such an environment, the perimeter becomes amorphous and dynamic, changing rapidly as organizations release new applications.

The scope becomes even more nebulous as organizations allow third parties to access data, applications and infrastructure to accelerate business and improve operational efficiency.

The shift to remote work induced by the COVID-19 pandemic is also here to stay, with the majority of organizations adopting a hybrid workforce model, supporting both in-office and remote knowledge workers. The always-on, always-on workforce needs access to data from anywhere, anytime using any network and any device. With organizations embracing BYOD, more and more employees and contractors are using their own laptops, tablets, and cell phones to conduct business.

All of these factors combined make data security a difficult task to tackle.

Data loss prevention to the rescue?

Organizations need visibility into access to sensitive data that accounts for expanding data silos, locations and access devices, exfiltration points, and use cases that arise from modern cloud-based IT architecture and hybrid workforce.

A third of respondents to “The state of data privacy and complianceA survey by Enterprise Strategy Group (ESG), a division of TechTarget, said they had lost data resident in the cloud. More concerning is that an additional 28% of organizations suspect they have lost data resident in the cloud. cloud, but are not sure because they lack data observability.

Of those who lost data resident in the cloud, remote users were the most common culprit. Other causes of data loss included personal and mobile devices, misconfigured and unauthorized cloud services, malicious insiders, and sharing of sensitive data – both corporate data exposure and third-party sensitive data and competitors uploaded to the organization’s cloud services.

Organizations can observe, detect, and prevent the use, misuse, and exfiltration of data using the following data loss prevention (DLP) features:

  1. Data at rest. Detect and prevent unauthorized access or encrypt data and render it unusable for extortion by hostage takers.
  2. Data in motion. Detect and prevent network data exfiltration or detect ransomware encryption in the backup stream.
  3. Data in use. Detect and prevent misuse of data – for example, copying sensitive data to an untrusted location – or tokenizing sensitive data, such as social security numbers or credit card numbers, to increase privacy.

Vendors bundle these DLP features into different product types. Traditionally, dedicated DLP tools combine all three features into a single tool that can also include data access governance, data activity monitoring, or data risk analysis. However, many of these dedicated tools predate the cloud era and lack visibility into cloud storage and cloud applications. They may also lack advanced AI and machine learning automation, classification and protection capabilities.

Organizations need converged DLP to protect data-at-rest, data-in-motion, and data-in-use for the hybrid multi-cloud environment and anywhere, anytime, anywhere workforce. any device.

As a result, many organizations have deployed DLP tools for on-premises, cloud, or endpoint deployments. These tools combine DLP capabilities as a feature of a suite of tools focused on a broader use case. For example, many vendors are adding DLP functionality to email, network, and cloud security tools, which already have visibility into data in motion. Some email security tools have been extended to detect and prevent sharing of sensitive files or automatically hide social security numbers and other personal information.

DLP capabilities are also often included in the protection product portfolios of Secure Access Service Edge (SASE) and cloud-native application platforms, detecting sensitive information moving across the network. SASE products can inspect content at the secure edge without redirecting traffic to a centralized data center for inspection, allowing organizations to detect movement of sensitive data and enforce data protection policies closer to the data they access, thereby reducing latency.

Endpoint security tools have also been enhanced to detect and prevent misuse of data in use, such as disabling the ability to print or copy sensitive files to USB drives.

Data protection and backup tools occupy a unique position in the IT infrastructure with visibility into the organization’s most sensitive data, allowing organizations to uncover suspicious behavior anywhere in the data history , so they can investigate and contain potential attacks. The DLP features of these products include identifying abnormal behavior and using metadata to determine if files have been added or removed, permissions have been tampered with, or other suspicious actions have taken place. Since these backup tools have visibility into historical data, they can identify and recover the last known good copy of data, thereby mitigating the effects of ransomware or inadvertent or malicious data destruction.

Significant investments in protecting data at rest have also been made. In addition to encrypting data to prevent misuse during exfiltration, new products are designed to protect the privacy of personal information, especially for big data analytics, where organizations need encryption and security. a tokenization that can operate at high speed and scale.

However, putting all these tools together created a major problem for security teams.

It’s time to consolidate DLP platforms

The resulting proliferation of DLP tools has led many organizations to deploy multiple DLP tools, both as part of a defense-in-depth strategy and to ensure comprehensive security coverage and control of all data. sensitive dispersed in the organization. However, to provide effective security, these tools must cooperate and work in harmony.

An excessive number of redundant DLP tools can lead to the following consequences:

  • multiple owners of DLP capabilities;
  • unnecessary or overlapping policies;
  • holes in data visibility and coverage; and
  • decreased operational efficiency and safety.

It’s no surprise, then, that 48% of ESG survey respondents said consolidating DLP tools was a top priority, and an additional 36% said consolidation was important.

Forty-three percent of organizations said they expect improved visibility into data movement through DLP platform convergence, and 39% said they expect improvements in automation and protection without human supervision. These enhancements can help organizations standardize risk scores across multiple data silos and tools.

Organizations are also looking for consistent policy definition, management, and enforcement across the entire IT environment. With consistency will come the ability to consolidate DLP responsibility into one team.

Organizations need converged DLP to protect data-at-rest, data-in-motion, and data-in-use for the hybrid multi-cloud environment and anywhere, anytime, anywhere workforce. any device. Vendors that provide a converged DLP platform with complete data visibility, consistent policies, and operational efficiencies will enable organizations to reduce risk, save money, and most importantly, gain confidence in the security of their data. .

Source link