(Updated on 10/19/2020)
What is Data Loss Prevention (DLP) and Why Should You Care?
Data loss prevention (DLP) is a tool that ensures sensitive or critical data is not leaked outside the organization, either accidentally or maliciously. DLP software classifies and tracks data to prevent it from leaving the network via unauthorized channels. These solutions detect leakage and exfiltration by monitoring sensitive data while it’s in use, in motion and at rest.
Now more than ever, organizations across industries need a tool that effectively prevents data leakage and detects incidents quickly so as to minimize data loss (and the costs associated with it.) According to a recent study, the average cost of an insider threat incident is nearly $9 million (on average for one company, over the course of a 12-month period) and this cost climbs the longer it takes to resolve the incident.
Let’s take a closer look at DLP benefits and limitations of traditional solutions, as well as best practices to reduce data loss at your organization using a more comprehensive insider threat management solution:
Key DLP Benefits and Solutions
Data loss prevention is a billion-dollar industry, primarily due to the growing risk of data loss at the hand of company insiders. The core benefits of DLP solutions are:
- To Adhere to Regulatory Compliance
- To Monitor Sensitive Data Movement
- To Prevent Critical Files from Leaving via Specific Egress Points
Traditional DLP software keeps a close eye on sensitive data with a complex classification system, comprised of individualized policies and tags that are assigned to each file. Typically, these solutions constantly scan for the movement of tagged files and ultimately prevent them from being accessed by unauthorized users or leaving the network.
The problem is: DLP solutions only monitor files, but data doesn’t exfiltrate itself. Organizations need to start monitoring and focusing on user activity to effectively prevent data loss.
Common Limitations of Traditional DLP Solutions
DLP solutions aren’t new – they’ve been on the market since the early 2000s—yet in many cases, are proven ineffective at preventing and detecting data loss at the hands of insiders. There are many reasons for this, but most notably, traditional DLP solutions are heavy on the endpoint, are hard to deploy, and are difficult to maintain, due to the time-consuming classification process.
Other challenges that reduce the effectiveness of these solutions include:
- The Growth of Unstructured & Semi-Structured Data:
DLPs have a hard time keeping up with the creation and modification of critical data. For this reason, data owners and DLP tech administrators have to be in constant communication. If there is ever a disconnect between these two parties, it would leave a critical piece of data untagged and therefore unmonitored. Many users also find workarounds for the barriers that tagging data and files put up, which is why a focus on user activity is paramount.
- Users Are Able to Bypass the DLP Solution:
As mentioned above, even if users don’t have malicious intent, many are able to use simple DLP bypass methods to get around existing controls to make their life easier and increase productivity—even something as simple as uploading information to a personal cloud storage account to work from home. The problem is, a traditional DLP software isn’t able to prevent every outcome and action users might take, malicious or not, and does not give insight into employee or third-party contractor activity.
- The Need for Context During Security Incidents:
Investigating a security incident is overly complicated using a traditional DLP solution because it’s time-intensive and requires multiple tools. Since DLPs lack the context about users and incidents to resolve issues quickly, there may also be false positives that send security teams on a chase to figure out the cause of an incident.
- The Decentralization of IT:
DLP solutions find it increasingly difficult to track critical data when increasing numbers of employees access data via SaaS applications, share with external vendors, and use personal devices to access corporate systems. This is because DLP solutions rely on tags, policies, and rules to track where data is located.
Final Thoughts on DLPs
The modern workplace, with remote employees and the prevalence of shared cloud applications, necessitates a more comprehensive solution than a DLP to ensure data is secure. Stop data leakage in its tracks and diagnose the root of security incidents in minutes, not days, with constant monitoring of employees and authorized user behavior.
Learn more about Proofpoint Insider Threat Management and how it can be used to supplement your traditional DLP.
Subscribe to the Proofpoint Blog