Data is the most valuable asset belonging to an organization, and protecting that data can often feel like a never-ending uphill battle. While some companies rely on their intellectual property (IP) for a competitive advantage in the market, all companies retain personally identifiable information (PII) and financial information about their employees and customers. To combat those who attempt to steal that information and protect against data exfiltration, the IT security industry has come up with programs, processes, and tools to help mitigate the risks.
What is DLP?
Data loss prevention (DLP) is, first and foremost, a security process and strategy whereby an entity attempts to prevent unauthorized access, modification, and movement of data. When talking about DLP, it is most often referred to as the type of software product supporting the process. DLP is used for scanning, classifying, tagging, monitoring, detecting, and blocking the loss and exfiltration of sensitive and confidential data in accordance with policies.
PS: These tools are also called data loss protection or data protection (there are slight differences to these).
The terms data loss and data leak are often used interchangeably, however, there are differences. Whilst loss implies a loss of access to data, a data leak means you might still have access to the data, but a copy has leaked outside your organization.
Confidentiality, integrity, and availability of data–The CIA Triad (CertMike):
Confidentiality of data: Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information.
Integrity of data: Guarding against improper information modification or destruction, and includes ensuring information non-repudiation and authenticity.
Availability of data: Ensuring timely and reliable access to and use of information.
Data can easily be compromised in an organization, and most especially by those working for that organization. There are the more traditional exfiltration methods, such as USBs, but how does your organization protect against copy/pasting pure text from a PDF containing sensitive financial information into Dropbox, or emailing screenshots of patient journals or intellectual property? These actions can have serious financial and reputational consequences for your company, and should therefore be addressed sooner rather than later.
With data breaches on the rise, it is clear that the traditional rule-based DLP solutions are failing to do what they were designed to do – protect data.
Do you need a data protection solution?
Whether you have intellectual property to protect or not, all companies should have a data protection program in place. All organizations that have either employees or customers have, by nature, information to protect. The level of importance of the data under protection will determine the priority level of a data protection program.
Data breaches are on the rise worldwide
Reported data breaches have increased by 17% between 2018 to 2019, becoming both more frequent and larger (Fortune). The top 10 data breaches in 2020 according to Security Magazine were:
CAM4: 10.88 billion records
Advanced Info Service: 8.3 billion records
Keepnet Labs: 5 billion records
BlueKai Records: billions of records
Whisper: 900 million records
Sina Weibo: 538 million records
Estée Lauder: 440 million records
Broadvoice: 350 million records
Wattpad: 268 million records
Microsoft: 250 million records
Other names of companies who reported data breaches for 2020 include Facebook, Instagram, YouTube, and TikTok.
Data breaches are in many cases a result of unauthorized access to data (ICO), and other human-stemmed incidents such as sending an email to the wrong recipient, or failing to redact PII before sharing company docs externally. In fact, human-initiated incidents account for a whopping 72% of incidents reported to the ICO in Q2 2020.
DLP solutions have been around for decades, yet data breaches are still rising. This leads us to believe that we are in need of a new solution to an old problem.
An ever-changing compliance and regulatory landscape
The security standards, laws, regulations, and compliance requirements are continuously becoming more complex (and expensive). Organizations are required to adhere to General Data Protection Regulation (GDPR), Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry Data Security Standard (PCI DSS), California Consumer Privacy Act (CCPA), ISO 27001, NIST, and more depending on geography and industry.
It is one thing for an organization to keep on top of these regulations, it's another to make sure every employee also does so. For those employees who are not within IT, these requirements are rarely top-of-mind or even known. Giving these employees a way of learning and understanding regulations (even as they change) without slowing down work activities, helps a company to stay efficient and compliant.
Data breaches are getting more expensive; since GDPR’s inception, the EU has handed out fines worth $331 million. Approximately $192 million of those fines were given in 2020, showing a clear increase (ComputerWeekly). The largest data-breach related GDPR fines as of January 2021 include:
British Airways (£20 million, approx. $27.3 million) - for “failing to protect the personal and financial details of more than 400,000 of its customers.” (UK’s ICO)
Marriott International (£18.4 million, approx. $25.2 million) - for exposing personal data contained in approximately 339 million guest records, more specifically “failed to undertake sufficient due diligence when it bought Starwood and should also have done more to secure its systems.” (UK’s ICO)
Similarly for the US, the CCPA started pursuing fines beginning July 1st, 2020 (Infosecurity Magazine).
The costs of a breach extend beyond the dollar value of the data and fines/penalties. A data breach can impact an organization’s reputation for months or even years. Some companies never recover; 10% of small companies, those with up to 500 employees, went out of business after a data breach (SC Magazine).
Protecting the “crown jewels”: intellectual property
Putting compliance requirements aside, many organizations rely on their IP to keep a competitive advantage and stay in business. IP data is the “crown jewels” of the organization, so to speak, as it includes the most valuable assets of a company.
Intellectual property includes:
For publicly traded companies, their financial documents could be seen as very valuable to actors seeking to profit from potential insider information found within the documents. Information that might alter the perceived company value needs to be strictly monitored and released to the public within legal parameters (e.g. quarterly reports).
The rise of the hybrid-remote workforce
The work environment changed overnight for many businesses due to the pandemic. And research shows that 72% of employees either want to stay home full time or go back to the office part time (BBC). With the pandemic catapulting workplaces into being digital, the traditional security measures and the perimeter must change with it.
With traditional network- and perimeter-based security, organizations struggle to protect what matters most. Solutions must adapt to protect where the data resides–in cloud apps and endpoints (laptops).
The security talent shortage
According to a McKinsey study on post-COVID workplace changes, technology and automation talent is listed as one of the areas with the highest increase of hiring since the beginning of COVID-19:
Technology shouldn’t add work to existing employees' plates. Traditional DLP tools require many person-hours to install, set up, and configure. And require continuous updates of static policies to stay on top of data created. Consulting hours are often added to reduce time to value.
Newer DLP solutions ensure automated processes and tools that create synergies with your team; simple install, out-of-the-box capabilities, policies, and smart sensors, protect you from Day 1.
A sea of DLP vendors, tools, and software
The DLP market is mature, according to Gartner. However, the emergence of cloud applications and new human behaviors requires new solutions from the vendors.
Free guide: Things to consider when buying a DLP solution
Traditional vs. newer DLP solutions
Traditional, legacy DLP solutions scan, tag, classify, and label data at rest; a process that is overly complex, and costly. The high-performance impact on endpoint resources is also not effective, with some solutions getting in the way of employees’ productivity.
The traditional DLP solutions have a rule-based approach to data. When inspecting content, it either is or isn’t classified and labeled. If the data isn’t labeled you won’t have visibility into how it’s handled, which means the policy configuration is vital to its success.
Furthermore, the rule-based approach to data means a lack of machine learning and smart responses or remediation.
Many cyber security solutions today are disjointed:
New DLP solutions come with more functionality, automation (and machine learning!), policies, and smarter remediation out of the box–most of which with a lighter footprint.
Point (integrated) vs. Enterprise (broad) DLP solutions
Point DLP solutions protect specific use cases, e.g. only email. If your need is limited to a singular exfiltration vector, this type of solution might be the right for you. These solutions are often implemented in response to compliance requirements and provide only limited content inspection capabilities (Gartner).
Enterprise DLP solutions offer centralized management, DLP policies, reporting, and event workflow across the endpoint, discovery, email, network perimeter, and cloud. Therefore, they cover a range of exfiltration vectors in one solution–email, web browsers, external drives, copy/paste, Bluetooth, and more. The advanced content inspection assists with internal company policy, regulatory compliance, and IP, PII, and financial data protection.
Security awareness training vs. Incident-based training
The user training aspect is a dimension of risk reduction that most DLP products don’t address. However, companies invest heavily in security awareness training to educate employees on how to protect data and meet compliance requirements which do overlap with the goal of a DLP program.
Traditional methods of security awareness training include classroom training and online e-learning courses – typically completed in a single sitting when employees join the company with annual refresher courses using generic data for all company trainings.
By using incident-based training, companies can continuously train their employees in real time on the compliance requirements and company policies in question, which pertain to the company’s own data. Thereby ensuring that human behavior actually changes for the long-term.
Qush Reveal–Next-gen enterprise data protection
Reveal is a cloud-delivered enterprise data protection solution–giving you visibility across all users and endpoints.
Instead of only protecting classified and labeled data in a similar style as traditional DLP vendors, Reveal safeguards all data in motion, including data moving across email, web browsers, external drives, copy/paste, Bluetooth, and more. This means that all files are protected at the time of movement, regardless of labels, providing full visibility into your organization’s data.
Human-centric context for your data and file events
Reveal provides full user behavior context data and understanding to each individuals’ behavior. Traditional DLP solutions do not take the human element into account and tend to only have visibility into file movement, but only those files which are labeled, giving less context to the event occurring.
Adding behavioral insight to actions surrounding the data can help in understanding why something is happening, in order to act quickly as the incident is occuring.
Digging deeper for context around an event is available at your fingertips:
Due to the importance of the human-centric context for your data and file events, the need to protect the privacy of the individuals comes into play.
Reveal provides full anonymization and pseudonymization:
Reveal strikes the careful balance between hiding identifying information and allowing you to see key data to protect your organization. For example, Reveal does not remove all sensors and events. However, Reveal redacts or masks the personal data within them.
Unbiased investigations: Using artificial identifiers is a powerful way of hiding personal data, because it maintains referential integrity and means that the activity of a single user or device can be tracked and investigated, without knowing who they are or what device they are.
Regulatory compliance: GDPR states while maintaining information security is regarded as a legitimate interest, organizations are still obliged to apply technical and organizational measures to protect individual’s privacy and personal data.
All the Reveal features, such as policy reports, sensors, actions, cases and power searching are available, allowing full threat detection and mitigation without revealing personal data.
More on that here.
Reveal’s machine learning analyses data events to check whether it’s out of character, and blocks the data movement if needed. Leveraging behavioral learnings can also help create a more risk-adaptive approach for an organization, versus relying on static policy-driven methods alone.
Risk reduction through live user training
Security awareness training is a dimension of risk reduction that many DLP products don't have.
Reveal educates your employees in real-time with incident-based training. The training aligns employees with internal company policies and regulatory compliance, by blocking and notifying them of voluntary and involuntary data exposure or movement by enforcing policies and smart sensors. The instant feedback loop provides long-lasting, time-efficient, and affordable security awareness training to all employees in real-time.
Do people in your organization work from home? Reveal is simple to deploy and provides all capabilities–full visibility, user training, and data protection–regardless of location.
The technical aspects
The Reveal Agent is deployed to Windows, macOS, and Linux computers and servers, where it records granular user data from your employees and reports it back to the Reveal Infrastructure for security threat analysis.
The Agent collects and records data regardless of network connection and location, meaning you get full visibility of what your employees are doing whether they’re in the office, working remotely at home, or traveling.
Policies allow you to automate threat detection and response by defining rules for specific user activities and the actions that are taken if these rules are breached, even when the computer is offline. Reveal offers an extensive number of out-of-the-box and configurable policies that you can customize to align with your IT policies and security needs.
Reveal’s unique technology inspects content and data in movement, lowering the impact (CPU) on your employees computers. As a cloud-first solution, Reveal scales to your organization’s needs (including Fortune 100 companies).