Exploring Critical Capabilities of a Modern Data Loss Prevention
Sundaram Lakshmanan, CTO and Head of Engineering, SASE Products at Lookout, explains the importance of having a modern DLP solution for digital organisations.
In some ways, IT teams had a great life in the early 2000s. Data was stored inside data centers and accessed through known ingress and egress points like a castle with a limited number of gates. As a result, organisations had control over exactly whom and what devices could access company data.
This is no longer the case. With users accessing cloud applications with whatever networks and devices are at their disposal, those defence mechanisms have become inadequate. To ensure their sensitive data is secure, organisations have to rethink their security model — including the way Data Loss Prevention (DLP) technology is implemented.
While DLP has been around for decades, it has reinvented itself in this remote-first environment which is why I think it is important to understand how modern DLP solutions, integrated into a cloud-delivered platform, can help organisations prevent data breaches, comply with regulations, while providing secure access to remote workers.
Why do organisations need a modern DLP solution?
Back when network architecture was centred around data centers, monitoring technologies like DLP existed on the edges of corporate perimeters or at the data exchange points. This worked because there were only a small number of apps and resources and organisations used relatively homogenous endpoints that were corporate-owned or managed.
About a decade ago, that castle-and-moat cybersecurity model started to break down. IT had to start accounting for other endpoints that didn’t use Windows such as MacOS, iOS and Android devices. It got even more complicated when corporate data migrated from corporate perimeters to private clouds and software-as-a-service (SaaS) apps, where each of them had their own unique configurations and security measures.
Now that security requirements have turned inside out, with users, apps and data residing mostly outside data centers, DLP has to expand beyond the perimeter’s edge. And with data moving so quickly, simple user errors or misconfiguration that were once harmless can now cause serious harm to an organisation.
Differentiating between modern and traditional DLP solutions
One of the most important differences between a modern DLP solution and its traditional counterpart is its ability to understand both the content and the context of a data exchange, which enables an organization to make smart access decisions that safeguards data without hindering productivity.
Know the risk levels of endpoints and users
With users and data no longer residing inside perimeters, the context by which data is accessed — such as who is accessing the data, their behavioural patterns and what risks are on the device they’re using — has become critical. In the spirit of Zero Trust, organisations shouldn’t provide any entity access until its risk level has been verified. But to do so efficiently, security teams must write policies that take into account the sensitive nature of the data as well as the risk level of the user and data.
A modern DLP has the insight to understand whether an account is compromised, or an insider threat based on a user’s behaviour, or the presence of risk apps on an endpoint. With those telemetry, it would be able to, for example, disable downloading privileges depending on whether the endpoint is managed or not or shut down access altogether if the user or endpoint is deemed high risk.
Identify, classify and encrypt data on the fly
In addition to context awareness, modern DLP solutions also have more advanced capabilities to identify and secure sensitive data. For example, an advanced DLP would have optical character recognition (OCR) and exact data match (EDM) to precisely identify data across any document type including image files, which is where data such as passport or credit card information is commonly found.
To ensure data doesn’t fall into the wrong hands, organizations also need integrated encryption capabilities to take automated actions. With integrated enterprise digital rights management (E-DRM) as part of a modern DLP, organisations can encrypt data when it moves outside sphere of influence, so that only authorized users have access.
Modern DLP is the key to data protection, compliance and productivity
Modern DLP enables organizations to set up countless remediation policies based on the merit of the context being accessed and the context by which the exchange occurs. This means DLP is critical both to the productivity of remote workers as well as data protection and staying compliant to regulations.
Protect data and remain compliant
Whether it’s sensitive intellectual property or data protected by regulatory requirements, organizations need to ensure that data is accessible but secure.
A modern, cloud-delivered DLP has the capabilities to efficiently identify the types of data you own across your entire organization — in data centers, on private clouds or in SaaS apps. It can also enforce policies with varying degrees of granularity by using E-DRM and technologies such as Cloud Access Security Broker (CASB) or Zero Trust Network Access (ZTNA) to block intentional and unintentional insider threats and compromised accounts from leaking or stealing your data.
In theory, an organizations’ data would be secure if everything was locked down — but that would be detrimental to productivity. To tap into the full potential of cloud apps and mobile devices, organizations need to be able to make smart Zero Trust decisions.
By using DLP in conjunction with secure access solutions like CASB, ZTNA and endpoint security, you can give employees access to the data they need without introducing unnecessary risks to your organization.
Modern Data Protection Requires an Integrated Approach
In today’s complex hybrid environment, data goes wherever it’s needed. This means organisations need the visibility and control they once had inside their perimeters. A modern DLP that is delivered from the cloud is central to this.
But one final thought — DLP shouldn’t be deployed in isolation. To truly secure data in a remote-first world, DLP needs to be integrated into a larger platform that can provide telemetry data about your users and endpoints and have the ability to enforce granular and consistent policies.