[BreachExchange] Debunking the common myths of Data Loss Prevention (DLP)

Audrey McNeil audrey at riskbasedsecurity.com
Thu Jul 28 18:46:14 EDT 2016


http://www.itproportal.com/2016/07/26/debunking-the-common-myths-of-data-loss-prevention-dlp/

Within the data security industry, Data Loss Prevention (DLP) has something
of a chequered history. When it first came to market in 2004, it arrived to
fanfare and great expectations, but as businesses struggled with the cost
and complexity of deploying first generation DLP software, demand quickly
waned. Fast forward ten years though, and the dramatic increase in big data
breaches, coupled with much more appealing offerings such as DLP as a
service, cloud functionality and advanced threat protection, means it is
now firmly back on the security agenda.

Today’s DLP is sophisticated, automated and affordable. Despite this, some
businesses are still wary of it. Why? This article will look at what DLP
is, how it can benefit businesses of all sizes, and importantly, dispel
some of the lingering myths about it DLP that are preventing some
businesses from truly embracing it.

What is DLP and why do businesses need it?

In short, DLP is a set of technology tools and processes that ensures
sensitive data is not lost or stolen from within a businesses network. It
does this by actively scanning data throughout the network, identifying
sensitive information that requires protection and taking the required
actions automatically. These could include alerting users to their actions,
displaying prompts and if necessary, blocking, quarantining, or encrypting
data before it can be removed.

Historically, DLP has been most heavily utilised in regulated industries
such as financial services and healthcare, where the penalties for data
loss is severe. However, with businesses in all sectors storing more and
more sensitive customer data on their systems, the need for DLP is now
greater than ever.

Debunking the myths

At present, around 50 per cent of all organisations have some form of DLP
in place, but Gartner expects this figure to rise to over 90 per cent by
2018, showing just how much importance will be placed on it in the next few
years. However, in order for this level of adoption to be reached, some of
the common myths surrounding DLP must be dispelled. Below are three such
myths and explanations designed to debunk them once and for all.

MYTH 1: DLP requires significant internal resources to manage and maintain

While this was true in the past, new DLP options require no dedicated
internal resources to manage and maintain. The introductions of automation
and managed security services have eased what was perceived as the ‘heavy
lift’ of DLP: hosting, setup, ongoing monitoring, tuning, and maintenance.
Today, expert help can always be on hand for organisations that require it.

MYTH 2: DLP requires at least 18 months to deliver value

DLP implementations are no longer a ‘big bang’ that take up to two years to
return measurable value. Organisations can see results in days vs months or
years. Today’s DLP solutions are modular and allow for iterative deployment
as part of a continuously evolving, ongoing data protection program.

MYTH 3: DLP requires policy creation first

Today’s DLP is not dependent on a policy driven approach to get started.
Context-aware DLP allows you to deploy, collect information on data usage
and movement, and then work with the business unit leader to define the
right policies.

The resurgence of DLP

What was once the reserve of the largest enterprises and most-data
dependent industries is now within reach of a much wider slice of the
business world. This is timely, because there are more adversaries out
there trying to steal data than ever before as well. From disgruntled
employees looking for monetary gain, to professional cybercriminals and
even state sponsored hackers trying to steal state secrets and disrupt
critical infrastructure, the need for more robust security has never been
higher. Couple this with an increasing amount of data moving online and
unfortunately it’s just a matter of time until many businesses without the
right defences in place experience a data breach.

While the growing number of malicious threats out there can’t be ignored
(more on this later), many data loss incidents can also be accidental. For
example, an employee may copy company documents onto a USB stick so they
can continue working on them at home, only to accidentally misplace it
somewhere en route. Without DLP in place this would represent a significant
threat to the security of that data. However, with DLP in place the
employee could either have been prevented from copying the data in the
first place, or if copying was permitted, it would have been encrypted as
part of the process to ensure its safety in the event of the USB stick
being lost.

Defence in depth

What DLP brings to many existing security systems is defence in depth.
Whilst a network approach would historically have been considered
sufficient, once an attacker is in, they have free reign over whatever is
inside the network walls. With DLP in place, even if the network perimeter
is breached, the additional layers of security can severely restrict what
the attacker is able to exfiltrate, if anything at all. Furthermore, by
combining network security and DLP with further security measures such as
advanced threat protection, businesses can make themselves extremely
unappealing to all but the most persistent of attackers. After all, the
past of least resistance is nearly always the preferred option for most
criminals.

In summary, DLP represents one of the strongest lines of defence available
for businesses looking to effectively protect themselves against the
growing number of accidental and malicious threats out there. However,
lingering myths and misinformation about aspects such as ROI, resourcing
and policy are holding it back unfairly. It’s time the IT industry
dispelled these myths once and for all, helping DLP to achieve it’s full
potential as a cornerstone of modern data security.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160728/4117c960/attachment.html>


More information about the BreachExchange mailing list