Modern DLP – Why Traditional Approaches Won’t Solve Your Insider Threat Problem | Part 2

With a staggering amount of sensitive data being created every day, it’s no wonder traditional enterprise Data Loss Prevention solutions struggle to manage. Many enterprise DLP implementations fail because they are too hard to setup, too hard to manage, too disruptive to the end users and get too little support from the business leaders. Walking the line between effective modern DLP implementation and usability is the challenge facing businesses today.

We invited a group of CISOs, senior IT managers, and technical directors to discuss their organisation’s DLP maturity and more about:

  • Data health and governance as the cornerstone for DLP
  • Balancing usability with DLP controls
  • Working with the business leads and users to foster understanding and support for DLP

Rela8 Group’s Technology Leaders Club roundtables are held under the Chatham House Rule. Names, organisations and some anecdotes have been withheld to protect privacy.

About Digital Guardian

Digital Guardian is no-compromise data protection. The company’s cloud-delivered data protection platform is purpose-built to stop data loss by both insiders and outsiders. The Digital Guardian Data Protection Platform performs across the corporate network, traditional endpoints, and cloud applications.

For more than 15 years, Digital Guardian have enabled data-rich organisations to protect their most valuable assets with a choice of SaaS or fully managed deployment. Digital Guardian’s unique policy-less data visibility and flexible controls enable organisations to protect data without slowing the pace of their business.

Evolving challenges

Protecting your data from insider threats, both accidental and malicious, has never been easy. Now with the proliferation of both the volume and complexity of data, as well as businesses expanding onto unintegrated SaaS platforms, it has become harder than ever for businesses to stay on top of. Immature DLP undermines business credibility and reputation. As such, understanding how the DLP processes change as businesses develop is essential. Start by focusing on the core of DLP, the data itself.

The D in DLP

When implementing DLP solutions, organisations should be building their services with data at the heart. You can’t protect what you’re not aware of, so promoting data health and governance within the business is critical to DLP success. By reinforcing this with training and processes to emphasise the importance of document classification and labelling, you can reduce false positives and ensure that sensitive documents are tracked and protected wherever they go within your organisation.

When deciding what protections to implement, there is a clear hierarchy to data protection requirements. Start by tackling the regulatory data requirements and other sensitive data types that must be strictly tracked and controlled. For these non-optional data requirements, iron-clad data classification, rules, and identification are essential. Once the high-risk data is locked down, then businesses can look at fine-tuning their DLP for other data. Avoid enforcing blanket protections for all documents that are likely to cause no small amount of friction and user pushback. Instead take a risk and sensitivity-based approach.

To efficiently fine-tune their DLP response, businesses can leverage AI monitoring and behaviour analytics to identify to get visibility on risks and vulnerabilities. By more clearly understanding what is happening, IT teams are better equipped to change policies, procedures, and workflows to ensure these loopholes are closed. These more modern DLP approaches are rapidly becoming essential as businesses and data continue to develop, but what is clear is that businesses need to get their data in order to best utilise them.

Expanding to SaaS

Even the best laid DLP strategy goes out the window once a new SaaS application is introduced. All the DLP implementation in the world comes to very little when it comes time to integrate with a SaaS platform. Translating DLP to SaaS environments is complicated and businesses are forced to adopt multiple solutions, in turn making every more complex and harder to manage. It is vital that when organisations are planning a move to a SaaS platform that DLP integrations are a necessity. IT and security teams need to communicate the risks clearly with the business leaders at the inception of any plans to move onto SaaS platforms.

DLP vs. usability

DLP initiatives fail when stakeholders and users are majorly disrupted. Striking the balance between secure and user friendly is a question of risk appetite. Business culture plays a big part in this decision. A financial services company is far more likely to impose very strict controls across the board, even if 98% of security alerts are false positives. This presents significant friction for the user, but as a result of the industry and business culture, it is more readily accepted without pushback.

It is important that security teams work with their user base to understand what can and can’t be done for the business to continue running smoothly while remaining secure. Without engaging with users, there is a risk of security being seen as the enemy, and people will work to circumvent your systems. The goal is to provide users with the easiest way to do something securely so that they don’t try and go outside your perimeter.

Ultimately, businesses need to decide how they are going to allow their users to operate, whether that means leveraging tools and vendors, siloing workloads in secure sandboxes, or even simply adding pop-up messages at the endpoints to remind users of DLP responsibilities.

Modern DLP

The data landscape is changing and keeping up with classification and labelling is soon going to become impossible for many organisations. Now businesses are spending more time monitoring activity to understand how everything is working internally. By taking this more Data Detection and Response approach, businesses can use the data and intel to build use cases and conduct testing exercises.

This new approach to DLP also changes the way organisations interact with their false positives. Instead of identifying a false positive, noting it and moving on, now organisations are investing in understanding each false positive and actively working to prevent similar errors from cropping up. The investment required for this more manual approach, however, is not suitable for all organisations.

Closing the net

At the end of the day, securing data is easy. You simply have to prevent anybody doing anything. This of course stops business, so it is all about how tightly you close the net dependent on risk appetite, budget, and user friction.

Prevention of insider threats, be they malicious or accidental, is about having the awareness of what’s happening in the organisation. For many, moving towards machine learning and behavioural analytics to point towards data deviations will become essential. That said, getting the data in order before these tools is essential, otherwise it will be rubbish in and rubbish out.

If you want to get in touch then give us a shout