Data loss prevention (DLP) has been around for well over 15 years. It’s by far the most effective tool for protecting data assets, scanning, and blocking users from sending critical files or sensitive information, such as credit card or customer details. In fact, an Allied Market Research report predicted that cloud DLP will grow from $2.4 billion in 202 to $27.5 billion by 2023 – a growth rate of 28%.
Information is critical to any organisation. Known as a company’s “intangible assets” or its intellectual property, it accounts for 90% of a modern business’s value compared to just 10% of “tangible” or physical assets (according to research from Ocean Tomo1). However, many organisations still do not have the necessary means to effectively protect their data. So how does a company choose the right DLP solution for their organisation?
Simplicity: The key to finding the right DLP solution in the modern world
Adoption rates of DLP solutions have been limited in the past. This is due to the complexity, cost and skills required to easily integrate and manage DLP solutions. These barriers have made DLP tools beyond the reach of most organisations, but with the growing adoption of cloud computing and the continued rise in cybercrime, organisations are quickly realising the need to protect their data better is more crucial than ever.
With barriers to adoption so high, how can organisations overcome the challenges and securely protect their data assets? To start we should look at the types of DLP solutions available and the benefits to organisations.
Gartner recognises three types of DLP solutions, Enterprise DLP (EDLP), Integral DLP (IDLP) and Cloud Service Provider Native DLP (CSP-Native DLP). Each type of DLP solution has its individual pros and cons which security teams need to consider, but they also need to assess what benefits are more important to the company’s use case and which can be compromised.
EDLP is implemented as a stand-alone solution that covers all relevant traffic flows. It adds yet another vendor solution to the organisation’s security defences. To achieve a pain-free integration, there has to be a painstaking project plan in place and additional skilled personnel brought in, all increasing the complexity and cost of taking on DLP. Although the benefits of EDLP are creating a single console and policy management interface for the organisation’s entire network, it will usually be a separate console from the other network security tools (FW, IPS, AM, SWG, etc.). This inevitably creates another layer in the organisation’s security posture, creating latency and hindering performance.
IDLP is a DLP function added to an existing security product. It makes the deployment process easier and is seen as a quick and more cost-effective way of adopting a DLP solution. However, IDLP’s performance is restricted by the base product it has been added to. For example, if added to a Secure Web Gateway (SWG), the IDLP will only give visibility to Internet-bound traffic and not inspect IaaS traffic. To overcome this will require adding DLP solutions to more existing security tools that will further fragment consoles and policy management.
A cloud-based DLP, or CSP-Native DLP if delivered via a cloud service provider (CSP) makes it easy to adopt through Software as a Service (SaaS) and doesn’t require on-site integration. CSP-Native DLP only monitors the traffic sent to or from the specific CSP proving it. With modern organisations using more multi-cloud platforms, they will also need to acquire DLP tools from multiple CSPs. It also restricts use to applications only, plus it will not cover all SaaS applications the organisation uses.
DLP can also be easily delivered through Secure Access Service Edge (SASE), or its Secure Service Edge (SSE) subset. Both offer the best of all worlds, creating SASE DLP to cover all edges including users, applications and services giving complete coverage of all traffic and all use cases.
It enables single-pass processing to enhance overall protection and minimises latency. Being fully delivered from the cloud, SASE DLP offers all the benefits of a cloud-native solution, including unlimited scalability and inherent high availability. A good SASE DLP solution will enable security teams to have complete visibility of a network from a single-pane-of-glass management console.
Inaccuracies in legacy DLP rules often disrupt business operations. SASE DLP offers proactive identification of inaccurate DLP rules. It can identify when DLP rules exceed predefined baselines by using anomaly detection algorithms and notify s security team of the unusual activity.
SASE enables organisations to adopt a DLP solution that reduces complexity and lowers costs, the main barriers to adoption. Organisations of all sizes with teams of varying skill levels can also better protect sensitive data against unintentional loss or a data breach. Ultimately, SASE DLP allows enterprises to protect their sensitive data against unintentional loss or a data breach.
All the above DLP solution types come with very different benefits and problems. What security teams truly want is a DLP solution that can be easily and quickly deployed with minimal management and the need for intricate planning. Once deployed, they want a solution that has complete coverage and optimal protection that does not impact performance and covers unsanctioned applications.
Legacy DLP solutions tend to be fraught with limitations. Often causing inaccurate DLP rules blocking legitimate activities or allowing illegitimate ones. A focus on public cloud applications has left sensitive data in proprietary or unsanctioned applications unprotected by DLP. The investment in traditional DLP does nothing to protect the enterprise from other threat vectors. As technology evolves, so should DLP practices.
Director of Technology Evangelism at Cato Networks
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.