According to TATA Tele Business Services' blog in 2023, ". . .data loss prevention (DLP) has seen remarkable growth over the years and shows no signs of slowing down. . .and will continue to adapt and stay relevant." When we talk about data loss prevention, there are two major categories that DLP covers:
-
DLP to stop sensitive data from being inadvertently accessed when an individual is authorized to send this to a trusted third-party, normally achieved through the use of ‘crypto’ tools, such as encryption, tokenization and/or data masking. And ‘crypto’ tools can be provided via DLP, Firewall, security gateway, UTM solutions, etc. The driver for this is knowing what data is eligible for these tools, so they can be applied automatically.
-
DLP to stop unauthorized/malicious/mistaken collaboration of sensitive data leaving or entering an organization:
a. This is where the majority of conversation happens for DLP and is the cause of financial, reputational, and business headaches.
b. You do not use the above tools for this category of DLP. Why would you encrypt an unauthorized collaboration of sensitive data? It’s not authorized and you cannot say “well, it’s encrypted.” If encryption was that safe, vendors wouldn’t have to keep enhancing it to stop the hackers from breaking the algorithms.
Based on the second category of DLP products that secure unauthorized, malicious, or mistaken collaboration of sensitive data, many of our clients and prospects would say they do and they don’t. Because a standalone DLP product is only ‘standalone’ when it comes out of the box. Once it is deployed, it has to be ‘integrated’ into the organization's data flows, whether that be at the network, endpoint, or storage locations.
Things Are Changing
As the article suggested, there have been myriad changes to DLP technology. This has led companies to revisit it as a strategic layer within their information security plans. The imperative is becoming greater. The nature of the threat is changing, or at least awareness of the real threat is growing. While hackers and malevolent outsiders still account for a large number of data breaches, insider threats are consistently recognized as a major concern; because though they are often not malicious; many are simple mistakes by humans.
For example, an email from Finance to the wrong person could reveal employees' salaries and cause internal rifts within the company. In fact, inadvertent data loss is responsible for 75 percent or more of all data breaches. This will only be exacerbated by the increasing business need for collaboration and the ever-growing number of social tools and multiple tech stacks to achieve it. And though the technology itself has evolved dramatically, many new technologies can remove only the critical information which breaks policy from email and web traffic or documents – while leaving the remaining authorized content to continue unhindered.
Advances in Deep Content Inspection (the brains behind DLP’s judgment) mean that embedded malware and active content, visible data, and metadata can all be correctly identified and removed from outgoing and incoming documents, without the risk that a firewall or sandbox may misinterpret the active content as harmless. All of this is done intelligently, looking at both context and content – who is sharing it with whom, how are they sharing it, what the information is, and how sensitive it is – in a direction-agnostic manner (internally and externally) to make decisions about whether the data collaboration should be permitted, pre-authorized, quarantined, encrypted, or redacted.
So, whether the product comes pre-loaded within a gateway, UTM, or firewall or as an add-on security layer to your existing infrastructure, it needs to meet your needs, have all the advanced functionality, minimize policy management and resources and, finally, embrace and not inhibit your business operations. So the question we should always be asking is: "Does the DLP product have the capability to meet current business and regulatory requirements, but more essentially, is it able to mitigate future data breach scenarios that hackers and cybercriminals may deploy?”