Over the past decade, data loss prevention (DLP) has become a common term in enterprise security. Although the...
technology is not as commonly deployed as firewalls and malware protection, DLP has proven itself as a worthy security control in the fight against the threats we face.
One of the things that held DLP back in the past was its complexity of design, implementation and oversight -- and that was before mobile computing and cloud services. This lack of extensibility and insight into mobile and cloud computing continues to undermine DLP's effectiveness. Many IT and security professionals I've spoken with over the past few years have attempted to deploy DLP technology as part of their overall endpoint protection strategy, but found it too difficult to set up, that it created too many false positives or that it was just too expensive to license and install on all enterprise systems that needed its protection. DLP can provide some of the best bang for your security buck, but at what cost?
New approaches to DLP
One new approach to DLP technology focuses on the cloud. Vendors such as CipherCloud and Skyhigh Networks use DLP-type controls that are more transparent to the end user, have little to no footprint on the endpoints and gain more in-depth insight into user behavior by analyzing network streams and enforcing cloud application usage. There are also vendors such as Digital Guardian (formerly Verdasys) that offer cloud-based DLP deployments. In these configurations, the endpoints are still protected in the traditional sense but the data analysis is performed in the cloud to, presumably, free up local resources and offer more real-time threat intelligence.
Speaking of threat intelligence, I suspect we might see more and more integration of emerging threat intelligence feeds such as CyboX and OpenIOC, as well as Cisco's OpenSOC big data security analytics framework with DLP moving forward. I don't see how such intelligence would protect against the average insider poking around and doing bad things, but threat intelligence could provide insight into targeted advanced malware infections and related external attacks against sensitive data.
Newer approaches to endpoint DLP technologies from more traditional vendors such as Symantec and Zix Corporation offer enhancements to help find the data that matters regardless of where it's used, particularly on mobile devices. This approach provides more granular control to the actual data owners and can restrict mobile data usage in BYOD settings whereby the data never actually resides on the mobile device.
There are several additional vendors entering the DLP market by way of endpoint security, data in motion and data discovery such as GFI, WatchGuard and Identity Finder. Are these true DLP technologies? It depends on how you look at it. They certainly contribute to the endpoint DLP equation, however, depending on your specific needs, they may not offer everything you're looking for to prevent data loss.
Care and investment required
Research shows year after year that unstructured information and user misbehavior on network endpoints contributes to a significant portion of data breaches and intellectual property abuse. It's rare for me to come across a network environment that truly has unstructured information under control. This is a business challenge that I first wrote about in 2006, and it's gotten exponentially worse since then.
Combine this with the abundance of unsecured, yet highly sensitive, information with growing network complexity, lack of network visibility and the myriad of government and industry regulations being thrown at us, and it becomes clear that DLP technology is needed. DLP certainly can solve many enterprise security problems --but only if it's used properly.
Are the latest DLP technologies the answer to your sensitive data challenges? Maybe so -- if you address this ongoing security issue the right way. Likely not, if you're careless in your approach. For enterprises that choose to ignore the problem altogether, that's a whole different issue, one that merely implementing the latest and greatest DLP system cannot solve. Perhaps DLP needs a rebranding. After all, it started out as data "leakage" prevention. Perhaps the vendors will try to throw "cyber" into the mix and that will stir up some excitement.
Breaches both known and unknown will continue unless we decide to take the proper steps to secure our most precious information assets. DLP technology has evolved and will continue to do so. Its new capabilities now make it worth giving it a shot. Don't let pricing hold you back. A risk is a risk and if there's a business need, make the case for the money required and make it happen. It could be DLP technologies save you from the dreaded breach or at least helps minimize the impact when a breach does occur.
Find out about the effect of DLP and MFA on Office 2016 security
Learn how to utilize DLP technology effectively
Consider technologies that complement DLP products to boost security