Evaluating the Switch to a Cloud-Native DLP
Moving to the Cloud: The SASE Puzzle Part 5
What is DLP?
Gartner describes Data Loss Prevention (DLP) as “a set of technologies and inspection techniques used to classify information content contained within an object — such as a file, email, packet, application or data store — while at rest (in storage), in use (during an operation) or in transit (across a network).”
The DLP Market
The shift toward DLP systems has been significant in the past few years, and market revenue is expected to continue to grow significantly through 2023. In 2020, the market was valued at USD 1,204.8 million and is expected to grow at a CAGR rate of 23.47%, reaching a value of USD 4,297.7 million by 2026.
It is no secret that the surge in DLP escalated due to the increase in employees working from home, and its likely not stopping anytime soon. 20% of data breaches are caused by data workers, which only proves the importance of tightening all areas of your environment, no matter how near or far.
Network DLP – Monitors, detects, and potentially blocks sensitive data exfiltration while the data is in motion (DIM).
Why it’s Important – Network DLP prevents critical DLP sensitive information from being transferred outside the corporate network. It also enforces compliance requirements, dictating the ability to demonstrate care to advert loss of confidential information. This solution should consider traffic that traverses over a variety of channels, protocols, and non-standard ports, which could be egress points to leak sensitive information.
Endpoint DLP – Provides granular policy prevention to the operating system (OS) as the OS and installed applications access sensitive data. This could be data at rest (DAR) on the endpoint, data in use (DIU), or data in motion (DIM). The application is requesting to leverage that data to complete tasks, such as uploading a file, a screen-capture, or attaching a document to an email.
Why it’s Important- Endpoint DLP is an intimidating avenue for protection due to the requirements to enforce policy on all endpoints. This also means that patching and updates become a part of the status quo, just as ut would be for any installed endpoint agent that requires updates during a product lifetime. Despite this challenge, the level of protection that Endpoint DLP is without questions – it protects data on the go when a system is outside of organizational network protection tools, controls portable devices from becoming unapproved avenues for data transfer, and discovers sensitive data that resides on the user endpoint.
Cloud DLP – Cloud DLP is better summarized as a combination of DAR that exists in a variety of forms outside the traditional corporate environment, including cloud hosted, cloud based, public or private cloud storage, external repositories, and others.
Why it’s Important- Cloud DLP covers the growing leverage of cloud computing, both for the public and private cloud. Depending on the solution and its implementation capabilities, it provides a variety of DIM, DAR, or DIU policy enforcement points.
Email DLP – Email DLP implements your expected DLP policy within your email provider, email solution, or be a policy that is enforced via an Email Gateway or API Integrations.
Why it’s Important- Email DLP complements all other efforts put in place for DLP prevention by protecting a method of communication that plays a significant role in corporate communications. Email DLP includes an extra layer of protection with monitoring, detection, and flagging suspicions email activity to prevent exposing sensitive data over email. This avenue is also the most likely channel to expose critical information for the same reasons that email is also an avenue seeing increase in phishing, compromised accounts, and account infiltration.
The Movement Toward Cloud-Native DLP
Cloud-native platforms are built in the cloud, for the cloud. According to Gartner, as more organizations move their entire network to the cloud, 60% of companies will replace VPNs with Zero Trust Network Access (ZTNA) by 2023. Cloud DLP is no exception to this change.
So why the shift? For one, DLP technology has been available for more than a decade, but usually in an on-premises solution that costs millions of dollars to deploy and manage. Additionally, an on-premise DLP also means purchasing a license, which is another added expense.
With a cloud-native solution, smaller businesses have access to more with less. DLP previously only covered specific applications, but with cloud coverage, all points of control can be covered throughout the whole organization. There is less complexity, no hardware, and less manpower to manage.
Cloud collaboration platforms are being embraced at an increased pace, which means DLP tools are in some aspect playing “catch-up” to make sure that shared, critical files don’t fall into the wrong hands.
The Difference of Cloud-Native
Cloud-native is a version of cloud DLP, but cloud DLP is not equal to cloud-native. Many DLP solutions may include DLP offerings, while coverage of a DLP product extends into cloud solutions such as SaaS, IaaS, cloud storage, or home-grown applications hosted in the cloud. Cloud-native takes on the cloud first approach, offering a solution that protects a variety of cloud interests with DLP data that must be protected. With less focus on endpoint installed agents, cloud-native aims to provide agentless, API integrated, and automated processes that prioritizes accuracy, endpoint, or being network agnostic.
Cloud-native DLP can be defined as cloud first: built in and for the cloud before any other solution. If an organization does not have corporate-owned roaming endpoints and only allocates users to use VDI, DaaS, or VPD, then they may be able to facilitate a cloud first, cloud-native SaaS solutions that uses APIs to gather metadata feeding a multi-part Risk Evaluation Decision Engine.
With better coverage, cloud-native DLP provides more visibility that may not have been possible without an API or direct integration. Additionally, visibility is gained by the cloud first attitude for seamless integration for scanning, identification, and encryption of sensitive data before the data is shared in the cloud. The scanning continues for what is added or what is already present, which can be audited to strengthen the posture taken for the data that exists and make sure that all sensitive data has been appropriately protected.
Another benefit of cloud-native DLP is freeing up maintenance time, which means more time to ensure policies are running as expected. Downtime is more of a rarity than on-premise solutions since the providers design the product in such a way that it is easy to migrate a customer from one cloud connection to another.
Cloud storage companies have started to offer their own take on DLP coverage for their respective cloud storage, but not all vendors are allocating for a policy-sharing, vendor-neutral approach. For example, your Google Cloud DLP policies could be built in a completely unique way versus the way you build DLP in Microsoft O365, which you use for email. Since neither solution offers vendor-neutral integration, it introduces breakdowns in consistency between effective policy with the same result of protection.
When is Cloud-Native Right for you?
Before determining your cloud-native DLP solution, understand your DLP needs around the data you have. This will help determine a solution that meets your use cases.
❓ What type of sensitive data are you required to protect? (SSN, Credit Card Numbers, Intellectual Property, Trade secrets, Health Records, etc.)
❓ Is your data more cloud-based or located within your internal corporate network resources?
❓ Is the solution easy to deploy and manage?
❓ Can data be protected when the user is not connected to the corporate network?
❓ What type of communication channels can the product monitor for DLP?
Your Use Cases Could Be:
- Protect intellectual property from being exfiltrated from the corporate network.
- Support regulatory compliance efforts to detect and prevent compliance policy violations.
- Visibility of sensitive data and augment employee security awareness.
- Scan documents or images to prevent sensitive data exposure.
- Prevent from accidental sharing in corporate-owned SaaS applications.
- Alert on suspicious behavior with potential to block when actions match malicious indicators.
These are only a few questions that you should be considering when determining whether a cloud-native, cloud-connected, or hybrid solution is a better solution for your needs. If you’re look for more guidance, get in touch with us and we can help evaluate your environment.
Connecting DLP to SASE and Cloud-Based Security
Email, network, endpoint, and cloud are all impact points offering the opportunity to integrate with a new or existing deployment of SASE tools. Each area may have dependencies from a specific vendor that would already have required an integration with existing SASE solutions, but not all will require them. If an integration into existing SASE tools is a requirement for your organization, working with a partner like Braxton-Grant will complement your DLP goals and requirements with engineer teams ready to assist in those plans.
Our vendor partners have a plethora of DLP resources, and we help determine what is right for your organization and your process. Explore these links to learn more and contact us to get started:
Partner DLP Solutions