Evolution of Data Protection and Data Loss Prevention

Author of this article is Gilad David Maayan, a technology writer who has worked with over 150 technology companies including SAP, Imperva, Samsung NEXT, NetApp and Ixia, producing technical and thought content that elucidates technical solutions for developers and IT leadership. Today he heads Agile SEO Ltd.https://agileseo.co.il, marketing agency in the technology industry.

Data loss prevention (DLP) practices and technologies enable organizations to protect their data vs. loss, theft, or unauthorized modification. In the past, mere encryption or information rights management (IRM) were enough to constitute as a valid data prevention strategy. Today, however, encryption and IRM are not enough.

With the threat of regulatory non-compliance hanging over the majority of organizations, and a steep increase in data breaches and ransomware attacks, organizations are forced to continuously rethink their DLP strategies. This article examines DLP adoption factors, briefly reviews the evolution of data protection, and explores new use cases for DLP technology.

What Is DLP?
It is a set of strategies and technologies used to prevent the loss, theft, or illegitimate modification of data. It is used to protect the privacy and value of data as well as to meet compliance standards for data security.

DLP solutions are used to secure data across your systems, including on-premises, in the cloud, during transfer, and on mobile or portable media. Data loss prevention solutions are usually categorized according to two usage types-integrated and enterprise DLP.

Integrated DLP solutions are tools that are built into secure web gateways (SWGs), secure email gateways (SEGs), data discovery tools, content management platforms, email encryption tools, and cloud access security brokers (CASBs). Enterprise DLP solutions are stand alone tools that you can use to monitor network traffic, discover data, and apply security policies.

What Is Driving DLP Adoption?
As organizations gain more digital assets data protection becomes more important. This is particularly true as the accessibility to data increases. Increasing connectivity to cloud services can leave data exposed to cyber criminals. Additionally, data privacy laws are growing stricter, demanding higher security and greater awareness of data privacy.

DLP solutions can help organizations seeking to address these concerns. In particular, the adoption of DLP is driven by the following benefits:

• Regulatory compliance – solutions can help organizations meet, audit for, and prove compliance with data regulations. This is particularly valuable when you consider the significant fines and barriers to operation that can come with failing to meet compliance.
• IP and customer information – much of the data that organizations store is both internally and externally valuable. This includes IP, source code, customer data, and business intelligence. If this data is exposed or lost, organizations can suffer loss of competitive edge, revenue, and loss of customer trust. DLP solutions can help secure data and alert you to data abuse, helping you minimize loss and theft.
• Data visibility – DLP solutions are designed to provide visibility into your data. This includes helping you discover, classify, and monitor data. Data visibility is required for effective security. It can also help you use resources more efficiently by ensuring that you don’t retain more copies of data than are necessary.

Evolution of Data Protection
When organizations first started keeping digital data, concern for security was often minimal. Data was stored on-premises and generally had to be manually accessed. This meant that if criminals wanted to steal data, it was much more difficult than it is today. Because of this, pretty good privacy (PGP) strategies were used.

PGP
PGP strategies were limited to encrypting data. This prevented users without encryption keys from being able to use data even if they could access it. However, this limited protection made it impossible to share data securely. This is because once data and encryption keys were shared, organizations no longer had control over the shared data.

IRM
As organizations realized the risks associated with PGP methods, focus moved to information rights management (IRM). It is a strategy that is tied to a set of applications. It enables you to protect data in use and after access is shared. For example, enabling you to restrict copy or paste functions, printing, or saving copies.

IRM was implemented in many Microsoft products, including Office. The downside of IRM is that it is based on a limited set of applications. Any data that organizations need to protect outside of these IRM-enabled applications remain vulnerable.

DLP
Eventually, to accommodate a need for more universal and comprehensive protections, DLP strategies and solutions were developed. However, the DLP of the past is still lacking.

It relies heavily on your ability to accurately and reliably classify data, and apply appropriate policies to that data. This is fine when data is static but modern organizations often have highly dynamic assets. Data may be synced across multiple systems, collected in streams, or shared in real time.

As DLP continues to evolve, solutions must account for the massive amounts of data and the speed at which data changes. This means incorporating ML for dynamic discovery and classification and providing coverage for distributed systems.

New Use Cases for DLP Solutions
Modern DLP solutions go beyond policy-based security on endpoints alone and extend protections across your system. These solutions work to gather contextual information to enable intelligent security and can extend to more use cases that traditional solutions.

Insider Threat Management
Many data leaks and losses stem from careless or malicious users. Insider threats, including angry employees and attackers with compromised credentials, are more likely to go undetected and can cause serious harm. DLP solutions can help you mitigate these threats by restricting data access from the start.

Comprehensive DLP solutions enable you to restrict how data is accessed, used, shared, and stored. This means you can build in controls to prevent users from accidentally modifying data, sharing sensitive data through insecure channels, or saving data without proper protections. Additionally, solutions can help you identify risky users so you can train them with better security practices.

Visibility and Contextual Awareness
By aggregating information on data assets from across your systems, DLP solutions provide visibility that is difficult or impossible otherwise. Additionally, solutions use this centralized data to derive contextual information about data, enabling more accurate identification and classification.

These capabilities can reduce the amount of manual work that must be done to implement DLP. Visibility and context can also help you better monitor your data and investigate incidents that occur.

AI and UEBA Integration
Many DLP solutions include AI such as user and entity behavior analytics (UEBA). It enables to develop baselines of normal behavior which can then be used as a comparison to identify suspicious events. In DLP solutions, when data requests, access, or use does not match the expected behavior for that user, device, or service, you are alerted.

UEBA alerts can help you identify attacks or abuse of your data early on, hopefully minimizing damage. UEBA systems can also provide greater insight into how data is used legitimately. This insight can then be applied to optimizing storage or bandwidth, improving data distribution, or increasing productivity.

Conclusion
In today’s chaotic digital sphere, DLP is becoming a necessity, rather than an option. It enables organizations to secure a variety of data types and communication mediums. Today, many organizations use DLP to decure SWGs, SEGs, and CASBs. However, DLP tech can also be leveraged for AI-based insider threat management. The more visibility organizations can get, the better they can protect their data. To ensure data continually remains protected, DLP strategies should continually advance in a pace that, hopefully, outpaces threat actors.