Data Loss Prevention (DLP) was a top-of-mind technology a decade ago and is still a prominent strategy today. After all, who wouldn’t want to prevent data from being siphoned out of the enterprise?
However, DLP as a category has been losing prestige, and can now be commonly found as part of a larger whole; well, part of three larger “wholes” in particular. Those are Data Risk Management (DRM), Secure Service Edge (SSE), and Data Detection and Response (DDR).
The Demise of DLP
DLP proper was a great solution for the start of the internet. It came at a time when companies were taking on more personal customer information than ever before, and cybercriminals saw an opportunity. Suddenly, data started to leak from the network and organizations needed a solution.
In comes Data Loss Prevention (as a standalone solution) and solves a few things right off the bat. It prevents sensitive or regulated data from leaving the network or database by unauthorized means (typically bad protocols like SMPT or HTTP). These parameters were easy to set and easy to achieve – there was no cloud complicating matters, nor a distributed workforce, nor countless IoT devices, bot-based traffic or SaaS-based malware. AI was still the impossible dream and networks still had some semblance of a perimeter. DLP was also used largely for compliance, as emerging regulations like SOX and HIPAA forced companies to take official account of their data at all times.
Once the cloud became ubiquitous and network traffic increased by a force of magnitude, environments became fragmented, complicated, and interconnected. DLP, as it was known, could no longer defend as it once had, and its best attempts resulted in enough false positives to render it annoying and disreputable. Gartner actually slated the category, dropping the Data Loss Prevention Magic Quadrant in 2018 for other, more far-reaching solutions that (they hinted) did the same thing.
While the case for new-and-improved DLP can still be made (especially in 2023), here are the three technologies that did a lot to absorb traditional DLP as we know it.
The Three Technologies that Took Its Place
1. Data Risk Management (DRM):
Referred to as information governance (IG) or data security governance (DSG), Data Risk Management is a strategic program that requires a comprehensive strategy on how to handle sensitive data assets across ever-expanding digital estates. It combines people, processes, and technologies, and DLP encompasses the latter two. However, DRM expands on traditional Data Loss Prevention techniques by adding in data classification and taking data protection beyond a category platform and into an overall approach which extends beyond network policies and takes in executive buy-in, training procedures, and technology alike.
2. Secure Service Edge (SSE):
Secure Service Edge provides secure access to private applications, the web, and cloud services. SSE addresses the issue of secure cloud scalability with a single-platform solution that combines elements of network and security architecture. Data Loss Prevention is a necessary feature of SSE, as its policies provide guidance around how to protect certain types of data, whether they be in motion, in storage, or currently in use. DLP features then infiltrate the SSE solution to limit the flow of sensitive data and provide real-time protections based on policies. The differentiating factor here is an extended capability (brought on by SSE) to operate in the cloud; a pivotal weak point of DLP in the past.
3. Data Detection and Response (DDR):
Data Detection and Response (DDR) came as a response to a few direct problems with traditional DLP. Those were:
- Blind to only “known” bad, and unable to spot emerging signature-less threats. Behavioral-driven detections are now necessary, and heuristics come into play.
- A pure-play DLP investment takes time, especially to create, fine-tune, and upkeep policies around data removal (especially in environments where there is no perimeter). That’s time that many early-maturity companies don’t have.
- The inability to adequately protect intellectual property. As new intellectual property is “dropped”, modified or moved, it is hard for DLP policies to keep up, or even track it beyond exfiltration. This is a significant blind spot.
- Traditional DLP solutions rely too much on analyzing content, and not enough on the necessary surrounding context. This produces too many false positives, making tools increasingly unreliable.
- The inability to keep up in the cloud or across fragmented and hybrid architectures.
Data Detection and Response remediated these issues by attaching data protections to the data itself, not to the places in which it was stored or the policies around which it could be moved. Known as data lineage, this covers the problem of securing intellectual property – no matter where it moves beyond the ‘perimeter’ of the network – and across any environment, including in the cloud.
DDR also clamps down on the issue of false positives. By automatically reporting on the movement of data, companies can have contextual visibility of their data and more easily differentiate between malicious intent and unintentional moves by insiders. Plus, DDR employs data sensitive policies, so mal intent is judged based on what was done with the data, not on the frequency of certain behaviors.
DDR’s data lineage feature also follows data After all, 95% fear inadequate detection and response in the cloud, so that confirms the direction DLP is heading in going forward.
Preventing Data Loss is Still as Important as Ever
As summed up in Cyber Security Review, “modern DLP solutions are moving toward data-centric approaches”. They encompass protection on the endpoint, contextual heuristics via machine learning, and the ability to perform just as well on a mobile device or in the cloud as they do on-premises.
Today, Data Loss Prevention is as important as ever, and the fact that several prominent technologies took up the flag is only evidence of that. As we grapple with data loss in the era of big data, bug supply chains, and even bigger cybersecurity talent gaps, the final frontier will be DLP that can not only prevent, but hunt down and defend data on its own. And, if we look at the autonomous capabilities of some of the solutions in review, it looks like that era has already started.