Data loss prevention (DLP) is the practice of protecting a company’s data against loss, theft or misuse, regardless of where it is located and whether it’s at rest, in use or in motion.
Today, companies collect and process massive amounts of information, ranging from confidential business and customer data to sensitive intellectual property to everyday data. They’re also storing their data in more places than ever – data centers, public and private clouds, software-as-a-service (SaaS) applications, mobile devices and so on. As a result, many organizations no longer know where all their data is or which applications their employees use, nor do they have any visibility into how or from which devices their data is being accessed, used, transferred or shared. Organizations also struggle with the configurations of tools they use to distinguish sensitive data from normal, shareable data. As an example, while Social Security numbers are nine digits, invoice numbers could also fit that description. For reasons like this, it can be cumbersome – and generally require manual effort – to create generic descriptive policies to try to define and protect sensitive data.
This makes it difficult for organizations to secure their crown jewels. In addition, limited coverage of data channels, such as partial visibility into network traffic or SaaS usage, can result in “shadow IT” (systems or software used for business purposes without the organization’s approval) being overlooked. This is critical since Gartner predicts that, by 2020, one-third of successful attacks on enterprises will be on shadow IT resources.
Current Solutions Are Not Ideal
To address a variety of high-priority problems around their sensitive data, Organizations need a data protection solution that can:
Legacy enterprise DLP solutions don’t fit the needs of modern organizations transforming their networks and adopting the cloud. These solutions are costly, require a massive amount of customization, are siloed and don’t extend well into the cloud. Embedded DLP solutions from cloud providers only protect one channel or repository at a time, requiring their customers to invest in multiple products to protect every data channel and egress point. Organizations need a simplified yet comprehensive data protection solution.
Cloud DLP with a Side of SASE
Cloud DLP allows consistent discovery, monitoring, governance and security of an organization’s sensitive data regardless of its location, everywhere it resides and moves, both on-premises and in the cloud. By utilizing the cloud, a next-generation DLP solution provides simplified implementation, unified data policies and quick remediation actions.
Secure access service edge (SASE; pronounced “sassy”) is a newer cybersecurity model proposed by Gartner that combines networking solutions like SD-WAN with security services, such as cloud DLP, cloud access security brokers (CASB), next-generation firewalls and others, to deliver comprehensive security in a cloud environment.
Through a SASE approach, DLP becomes a cloud-delivered solution centered around the data itself. As an embedded solution within the organization’s existing control points, cloud DLP eliminates the need to deploy and maintain multiple tools. A SASE solution automates the process of:
Benefits of SASE
With SASE, organizations can use DLP to identify sensitive data and implement security policies in order to control unauthorized data access and unsafe movement across the organization. SASE provides many benefits, including:
Learn more about SASE in our 10 Tenets of an Effective SASE Solution e-book.
Resources: