Many used to consider data loss prevention (DLP) to be mainly about backup and disaster recovery (DR). But that was always a short-sighted view.
In recent time, the field has mushroomed to take in all aspects of data loss. It now includes potential data breaches, data exfiltration transmissions, and tools to prevent monitoring, detecting, and blocking of sensitive data while in use by endpoints, traveling over the network, or at rest in any kind of data storage.
Here are some of the top trends in DLP:
1. Death of Stand-alone DLP
DLP used to be a stand-alone tool when all of the data was resident within the boundaries of the data center. But with the adoption of SaaS applications and cloud services, the data is no longer centralized.
“As a result, customers will rearchitect their DLP to be implemented at the point of interaction,” said Anand Raghavan, co-founder and CPO of Armorblox.
“For example, customers are deploying how to use a cloud access security broker (CASB) to prevent data leaks on hosted applications, cloud security posture management (CSPM) tools for infrastructure in the cloud, and API-driven tools for office suites, like Microsoft Office 365.”
2. DLP is Not Just an Outbound Risk Anymore
Data loss has traditionally been looked at as an outbound risk to organizations. Not anymore.
Bad actors are getting sophisticated in executing attacks in multiple stages where the first inbound tactic could be doing reconnaissance on sensitive data.
For example, a socially engineered inbound email from a malicious agent asking to confirm if the recipient has the updated employee records can be followed up with a more targeted attack to extract and exfiltrate data.
“Going forward, companies need to look at data loss prevention as both an inbound and an outbound risk,” said Raghavan with Armorblox.
3. Remote Employees Increase Insider Threats
The abrupt shift to remote work brought on by the pandemic accelerated organizations’ adoption of cloud services across the world, as leaders rushed to meet the new demands of their distributed workforce.
As most home offices fall short of the security controls found on corporate networks, the work-from-anywhere (WFA) era has presented a myriad of new challenges for IT and security teams.
One of the biggest trends to emerge from this transition is a significant increase in the usage of communication software on a day-to-day basis. Unfortunately, this has also led to a spike in the usage of screen captures and video captures as a method for unauthorized disclosure.
In today’s digital and distributed world, almost every meeting is conducted using a video conference tool, where employees have quickly learned that leveraging screen/video capture is more efficient than writing notes, putting organizations at risk for unintentional data loss. The recent 2022 “Insider Risk Report” shows a 2x increase in employees regularly taking screenshots during Zoom and Microsoft Teams meetings. There have been a growing number of instances where video captures of sensitive meetings are leaked to the press or individuals.
On top of this, working from home has blurred the lines between corporate and personal device usage for employees. Throughout the pandemic, some noted as much as a 3x increase in the use of corporate assets for personal activities, such as shopping and social media.
“In today’s WFA environment, insider risks and insider threats have become more prevalent and dangerous than ever before, prompting many organizations to re-evaluate previous approaches to workforce security,” said Armaan Mahbod, director of security and business intelligence, counter-insider threat at DTEX.
“If transferring documents through communication tools, sharing screens, and more is becoming the new normal, there should be a consideration for utilizing and demanding further controls for the safety of the new digital workplace.”
4. The DLP Market is Ripe for Disruption
For a mature market, DLP is not keeping up with the natural evolution of how sensitive data and files are being accessed, manipulated, and shared.
Every flavor of an as-a-service offering has been increasingly adopted to enable businesses to become more agile. In the process, the IT estate has become more complex, and traditional DLP tools have ultimately become less effective.
One example is within SaaS applications. There’s a large amount of unstructured data — both binary and textual files — that can potentially contain sensitive data that should never enter the public domain. Traditional DLP is not dynamic enough to identify and enforce policy that prevents unstructured data leakage and exfiltration.
“Cloud-first organizations need to look to incorporate granular data access controls across complex environments, such as SaaS,” said Adam Gavish, co-founder and CEO at DoControl.
“All critical SaaS application data activity should be monitored, and secure workflows should be triggered automatically by events that present the risk of data loss.”
Gavish added that scanning for personally identifiable information (PII) in real-time and classifying the PII data and content types that are relevant to the business are both table stakes.
The risk of insider threats is very correlated to why DLP technology exists, so there’s a strong need to incorporate behavioral analytics. A combination of past end-user behavioral patterns and deterministic behaviors will prevent the risk of malicious insiders from exfiltrating sensitive company data.
Solutions that enable dynamic DLP for cloud applications is what the modern business demands, which breathes new life into a very much aging DLP market.
5. Data Needs Put to Work
For many years, data was the end result of processes and products in many organizations. As such, once it was gathered, the organization’s main goal was to secure it in the best way possible.
DLP solutions were built with the approach that organizations can easily predict all legitimate uses of data, and data should not be allowed to travel to any location that wasn’t approved in advance.
This is no longer true. Data can’t just be treated as the organization’s crown jewels. It fuels many business processes, such as product and marketing analytics or functionalities based on data science and machine learning.
This means that data must now be used by many different users and stored in a variety of cloud data storage technologies, making data protection a top concern for 40% of organizations. With this dramatic change in culture comes a new challenge for security practitioners — the most significant hurdle in their cloud efforts: training and educating staff on handling these new technologies, said Liat Hayun, co-founder and CEO of Eureka Security.
“What is needed today is an automated mechanism that allows businesses to scale and innovate, while reducing the risks associated with this modern use of data, without overwhelming security teams with the need for deep expertise and technological proficiency that are required for each new technology,” Hayun said.