The modern data loss prevention difference: Why organisations need to focus on people, not just data
By Rob Bolton, Senior Director, Insider Threat Management, EMEA at Proofpoint
Unlike legacy data loss prevention (DLP) tools, a modern approach focuses on people -- not just data. It’s an adaptive approach that changes based on whether the risks and threats come from negligent, compromised or malicious insiders.
It offers a consolidated, easy-to-manage solution that works across all the tools people use — email, the cloud, endpoints, the web and file shares. It uses a cloud-based architecture that is easy to deploy, offers privacy and security by design, easily scales up and integrates with a broader security ecosystem.
Modern DLP is more effective and requires less administrative overhead than traditional DLP. It also enables faster investigations, response and remediation, which makes severe data breaches less likely. And it makes security teams more efficient and productive.
Modern DLP is people-centric
A modern DLP solution connects malicious, compromised and negligent users to any data movement or risky behaviour across files, applications and endpoints. It shows the sequence of events so that cyber security, IT, human resources and legal teams can quickly and easily understand the context.
This means anyone, not just the IT team, knows the “who, what, where and when” round security alerts and incidents — and just as important, what the user intended.
The main building blocks of people-centricity include awareness to identify sensitive or regulated data across multiple digital channels, user behaviour awareness to recognise user activity and determine intent across digital channels, access activity, file sources and destinations, drives, networks, roles, watch lists and more.
It also includes external threat awareness coupled with threat intelligence to pinpoint compromised accounts and users who were victims of phishing campaigns across the cloud and email.
So how can a modern DLP solution identify the different types of insider threat?
- Negligent users may make an honest mistake or try to take a shortcut to do their job. Beyond blocking risky activity, modern DLP provides coaching to help them understand and change their behaviour while keeping them productive.
- Compromised users may have their accounts taken over and misused by an outside cyber attacker. Modern DLP uses risk-aware controls to look for signs of compromise and apply additional security controls and block risky activity where needed.
- Malicious users can intentionally exfiltrate data for personal gain. Based on risk factors such as resignations or unusual activity around sensitive files, modern DLP can monitor some users more closely, apply stronger access controls and proactively block malicious actions.
With people-centric DLP, security teams can differentiate between a malicious, compromised or negligent user based on context. This insight enables teams to optimise and automate their security approaches more effectively.
Modern DLP is consolidated and unified
Switching context and screens in any technology role is challenging and inefficient. Studies show that frequent task switching (also known as multitasking) can be stressful and distracting. And it can reduce productivity.
Modern DLP solutions offer a better experience for security and IT teams. Beyond the productivity benefits of a single console, a modern approach gives IT and security experts a more complete picture of data loss.
It brings all three primary digital channels — endpoint, network and cloud — into a cohesive whole. All alerts are accessed in one console so that technical teams have the complete picture right in front of them. They can follow along as a user moves data between channels. And they can prevent exfiltration even when the data originates in one channel and leaves in another.
Modern DLP is cloud-native and scalable
A modern DLP solution is a cloud-based one - because it has to be.
Most organisations have embraced cloud-based IT. But traditional DLP tools are architected to be on-premises. That means they don’t scale. They don’t offer the security modern organisations need. They’re hard to manage and aren’t extensible, so they can’t evolve to keep up as your infrastructure and needs change.
A modern cloud-based architecture is the only way to scale up the scope of your DLP solution without a major performance hit — and sizable financial outlay. It’s also the only way to get visibility into all of the digital channels that matter.
In short, you get powerful, app-agnostic visibility into what the user does in email, cloud and endpoint without hindering their work. A cloud-based approach also offers security controls that prevent users and compromised user accounts from accidentally or maliciously sharing data.
A people-centric DLP solution
Organisations are embracing the cloud, a work-from-anywhere culture and innovation as a core value. It’s time that your DLP solution did, too.
Built on a cloud-based architecture, modern DLP helps reduce data loss from insider risks and external threats, streamline your team’s workflow and speed up incident detection and response.
As you embark on your own modern DLP journey, look for a solution that takes a holistic approach to data loss.
Protect all data types and protects email and cloud apps that adapts to the people misusing information, whether they are negligent, malicious or compromised.
Ensure the right people — and only the right people — have access to the right data at the right time with well-defined data exclusion policies and strong access controls.