Move Beyond DLP's Failures
January 25, 2021
Move Beyond DLP’s Failures
DLP (Data Loss Prevention) solutions haven’t stopped data breach growth. IBM reports the average total cost of a data breach reached $3.86 million USD in 2020. DLP solutions only block or encrypt data that tries to leave the endpoint. Hackers have used malware and ransomware like the Palmerworm to take advantage of the lack of security. Data security should focus on persistently securing data wherever it goes. Data should be secured regardless of location. Which means data must be secured by default.
Another large security gap for DLP is internal users will find ways to work around any security solution that impacts their ability to work effectively. Workarounds are possible because DLP requires an extensive library of rules and policies which need to be continuously updated. Security administrators play whack a mole with new applications, SaaS vendors, and more.
SecureCircle’s Data Access Security Broker (DASB) addresses DLP’s faults. Data is secured without impact to users and workflows while securing data by default.
SecureCircle is transparent to users and workflows. Users continue to use the same applications without any knowledge an additional security layer is active. There is no change in file names or extensions, and SecureCircle has no limit to file size. Because of the transparent nature of security, SecureCircle can secure all data by default.
SecureCircle corrects the failures of DLP
• DASB doesn’t require extra discovery or classification tools.
• Users are entirely unaware security is in place since there is no change to user workflow.
• DASB’s secure by default posture allows aminds to focus on exception policies only.
• SecureCircle’s security continues regardless of data location.
DLP Pain Points:
Discovery & Classification
• DLP requires additional tools, such as Discovery and Classification, to work. Relying on other products increases cost and complexity.
Operational success can be measured by the amount of friction introduced into the work environment on users and administrators.
• Because DLP is so complicated, companies often hire DLP deployment consultants to configure the DLP to work correctly. The Symantec DLP version 15.5 Administration Guide is 2560 pages.
• Companies never operationalize DLP within a company because DLP requires so much maintenance. Admins must continuously create and update new rules to cover policy changes, additional applications, additional cloud/SaaS applications, etc.
• Companies either continue paying their DLP consultant to maintain their solution, or the effectiveness of DLP begins to degrade.
Failed Architecture and Technology
• DLP doesn’t secure data on the endpoint. Instead, DLP tries to limit data egress from the endpoint. By doing this, users are blocked from everyday tasks such as copying data to the USB drive. For files and workflows that can’t be emailed due to size, portable drives and cloud storage may be the only option to transfer large files and data sets. DLP security coverage is limited to a small set of business applications and file formats.
• DLP requires users to be an active participant in the security process. Users do not have an interest in doing this. They will secure the least amount of data because it makes their work easier. Also, even diligent employees will make mistakes.
• DLP is based solely on regex pattern matching, which is very fragile. Creating lots of data escapes.
• Specific vendors such as Symantec have limited cross-platform support.
Security versus Friction
• High Friction: Admins need to create and maintain a massive list of DLP rules. Admins cannot keep up with changes in the network, endpoint applications, etc. so
over time, more and more holes are introduced. DLP asks users to be part of the classification process. Users are also limited to the applications and file types that can be used.
• Moderate Security: The fundamental security model is flawed since data is not secured by default. Security is only applied when data attempts to egress from the device. Ransomware and malware take advantage of this because once the malicious application is running on the device, the application can try many methods to get data off the device.
Data Access Security Broker
• No friction: DASB is completely transparent to users. Users continue with the same workflow as before. Admins integrate with existing authentication solutions and manage exception policies only. Exception policies do not change often.
• Complete Security: Data is secured by default, including at rest, in transit, and even in use. When secured data is transfered off the device, the data remains encrypted and only authorized users will be able to access the content. This allows for use of cloud storage and file sync and share to be used as secure transport methods.
Prevent Data Breaches
Let’s discuss your unique cybersecurity challenges and needs.
If you want to notified when we post the newest content about mitigating insider threats, data breaches, protecting source code, and DASB, please subscribe to our SecureCircle newsletter.