The highly publicized data breaches of recent years have focused greater attention on data loss protection and the ramifications of compromised networks. Our reader survey in October underscored the demand for data loss protection and the complexity of the vendor and tools landscape as mobile, cloud and the Internet of things take hold.
Out of 4,635 readers surveyed last fall, 25% told us they planned to invest in data loss prevention (DLP) products in the next 12 months. While there is greater deployment of encryption technologies (64%), among those surveyed, DLP products (41%) and database security tools (42%) were in a dead heat, followed by mobile and BYOD data protection (28%).
Gartner defines DLP products as a set of tools used to find, identify and classify data using content inspection and contextual analysis. Whether the data is at rest, in use or in motion, these tools enable organizations to apply one or more policies for regulatory compliance (PCI, HIPAA, PII, state or national law), endpoint protection on fixed and mobile devices, and intellectual property protection. Longstanding DLP products, from data discovery and classification to network and endpoint DLP, are becoming more robust as vendors attempt to keep ahead of fast-moving changes.
Our survey indicated as much: 70% of respondents said they are more likely to deploy DLP products if they are offered as a suite of interconnected tools, while 30% favored specific point systems such as an email DLP product. Endpoint monitoring and monitoring traffic on networks and a central console were the highest feature priorities among readers, followed by content discovery, email integration and policy-based management.
Symantec and McAfee (Intel Security Group), eeked out the top spot on readers' short lists -- no clear favorite emerged, as the top companies earned only 6% of the votes. They both offer network, storage and endpoint DLP. Microsoft, Varonis Systems, Websense and Trend Micro also got a nod from readers who plan to upgrade or roll out data loss protection.
According to Gartner, by 2017 every enterprise DLP provider will have developed at least one partnership with a cloud access security broker partner or acquire one.
Symantec is on trend. The malware company has extended its DLP to email and storage services. Cloud access security brokers such as Zscaler and Netskope have DLP capabilities (Symantec's former CEO, Enrique Salem, is a Netskope board member). Netskope is also looking at integration with data classification vendors such as Titus, and with on-premises DLP tools, such as those from Symantec, noted Deborah Kish, Gartner principal research analyst, during an October presentation on DLP trends.
Some people may not associate Microsoft with DLP, but the company is working to change that perception, with a flurry of activity in recent months. Microsoft is extending its DLP compliance and data protection capabilities -- currently found in messaging applications in Microsoft Exchange and Office 365 -- to OneDrive for Business, SharePoint Online and Office 16. In addition to content analysis and audit reporting across cloud environments, Microsoft is opening up its Office 365 Compliance Center and audit APIs to other ticketing systems, and actively seeking partnerships. Office 365 will also support DLP remediation options, encryption as an action and DLP policy tips natively all the way down to the client.
Other security technologies will continue to reshape the DLP product market, according to Johna Till Johnson, CEO of Nemertes Research. Johnson expects to see more integration between security information event management, DLP monitoring and user behavior analytics, tools that profile and track users rather than systems. The human factor and data security awareness remains a key challenge for security programs.
What types of data are organizations most concerned with protecting? Three-quarters (74%) of respondents said personally identifiable information, such as customer credit card numbers and healthcare information, was viewed as "particularly critical" data, alongside corporate financial data (62%) and intellectual property (58%). Less than a third (28%) of those surveyed said they needed to protect data that is stored in a public cloud.
As more companies move toward digital business models, having mechanisms in place for data discovery and data classification is important to lower risk, said Kish. Managed DLP (discovery and classification likely first) will become more widely available, as organizations seek to outsource data loss protection.
She may be right. One-third (34%) of the readers surveyed are currently evaluating cloud-based or managed security service providers for their DLP initiatives. Many businesses lack the skill sets and dedicated resources to effectively manage data privacy and risk, especially in complex mobile and cloud security environments.
In addition to cloud support, DLP products in the next five years are likely to offer software-defined networking and virtualization functions, DLP remediation during the DLP cycle and sandboxing for behavioral analysis, among other features.
As many companies are finding out, DLP in the cloud offers some challenges, however. "The bottom line is that regardless of whether or not your data is hosted by a third party, you're still responsible as an organization for that data," says Kish.
When it comes to data discovery and classification, security professionals need to find DLP tools that meet their use cases and then map the organization to a framework. According to the survey respondents, "meeting compliance and audit requirements" (69%) ranked highest on their lists, followed by "attempting to avoid future data breach" (53%) and "protection of intellectual property" (46%). (See Corporate Watchdog: Looking for Sensitive Information.)
"Many organizations buy DLP solutions because they have to or because they have regulatory compliance they need to adhere to," says Kish.
"A lot end up actually turning it off because it creates more headaches with audits and events that have security teams chasing their tails," she says. "Instead, treat it as a process, one that the entire leadership team works on during the entire life cycle of data." And stop throwing boxes at it.
Kathleen Richards is the features editor of Information Security magazine. Follow her on Twitter @RichardsKath.
What's the difference between data loss prevention and DLP-lite
Questions to ask enterprise DLP providers
More on the learning curve for DLP
Dig Deeper on Data Loss Prevention
Kathleen Richards asks:
Have you deployed some form of data loss protection? What tips would you share with others who are evaluating those technologies?
0 ResponsesJoin the Discussion