Cyber Hygiene
Security Risks From Employees Working From Home
Audits Don't Solve Security Problems
Is 'Discover, Classify, Protect' Wrong In Cybersecurity Today?
Breadth Vs. Depth: Cybersecurity Industry Has Been Focusing On The Wrong Thing
Third Party Vendors
The Rise Of DASB, Sunset Your DLP
How to Prevent Source Code Modification & Leaks
End Source Code Theft
Why Isn't DLP Preventing Data Breaches and Data Leakage?
SecureCircle Data Access Security Broker (DASB) Selected By Quanta Storage To Eliminate Insider Threats
Organizations Should Bulk Up Cybersecurity In Case Of Iranian Cyber Attack
The Evolution of Data Protection
Ransomware stealing data before encrypting
Insider Threats Infographic
Who collected 4 billion records on 1.2 billion users?
Cisco Systems - Target of Malicious Insiders
New Yorks SHIELD Act
Insider Threat at Lion Air (Update)
How to Prevent the Lion Air Databreach
CIO IT Taiwan | SecureCircle 控管檔案讀取 權不怕合作生變造成洩密
How to Prevent the Mastercard Data Breach
Capital One Hacker Breached 30 Companies Through a Single Cloud Provider
Government Organizations Are Not Ready for Cyberattacks
How to Prevent the Boeing Data Leak
End Insider Threats Without Impacting Users Or Business Workflow
Singapore Overhauling Data Protection Practices
SecureCircle available on Taiwan Government CloudMarketplace
SecureCircle placed on UK Government Framework Catalogue
The New Federal Data Strategy
SecureCircle announces United Kingdom and EMEA Distributor, Care21
Quest Diagnostics and LabCorp in Trouble
Insider Threat in the Air Force
Disruptor Daily | What trends are shaping cybersecurity in 2019?
Disruptor Daily | What is the future of cybersecurity? Experts share their insights
How to Combat the Business Email Compromise Scam
How to Prevent Government Data Breaches
Availability Bias in Cybersecurity
How to Minimize Your Exposure to Employee Mistakes
A Look Inside Toyotas Second Data Breach
Four Keys to Data-Centric Data Protection
Asymmetric Information Causes Data Breaches
SecureCircle Introduces Send Secure for Agentless Protected Data Sharing
The Financial Consequences of a Data Breach
Insider Threats Can Happen to Anyone
Federal Data Privacy Laws Are Coming
Forget Collection 1: Here comes Collections 2-5
Forbes | 10 Industries On The Cusp Of Technological Disruption
Collection 1: Not a Big Deal?
It All Adds Up: Better Cybersecurity is a Necessity in 2019
Why New Year Resolutions Fail
9 Costly Security Mistakes
Security InfoWatch | The Last Mile Security at the Edge
2019 Security Predictions(Infographic)
Security Today | Rethinking Access Control
We love what we do - 2018 Review (Infographic)
Holiday Hacks Are Not Going Away
Solving Multi-Cloud Security
A better solution than web bugs for internal visibility
Why File Encryption is not enough - A Customer Conversation
Security, Visibility, and Control
SecureCircle Introduces Enhanced Cybersecurity Offering for Cloud-First Enterprises
Healthcare Needs a Change
What is old is new: Cold Boot Attacks
Inside Information - Data that should NEVER leave the organization
CTimes | SecureCircle and Netbridge Distribution Partnership (Chinese)
SecureCircle Announces Asia Pacific Distributor, NetBridge Technologies
Insider Threats
CSO | The hidden security problem we all need to know about
Opt-Out is more than blocking SPAM
What is Opt-Out Data Centric Protection? And why is it so important
Digital Hygiene in a GDPR World
Security Info Watch | Enterprises Beware: Cybersecurity Challenges in the Cloud
GDPR Readiness (Infographic)
The Lost Laptop
Strategic Finance | Security in a World of Zero Trust
Reading Between the Lines - The Real Impact of Insider Threat (Infographic)
Protecting Internal Data
Press & News Embargos
CSO | GDPR: Where are we now?
SecureCircle @ CIAB FEBRABAN, Sao Paulo Brazil - The Recap
California Consumer Privacy (The next generation of GDPR)
I am safe. My data is encrypted. Right?
University of Texas MD Anderson Cancer Center ordered to pay $4.3 million in HIPAA violations
Is my Air Gapped Computer Safe?
The Broken 80/20 Rule
SecureCircle and Fiandeira Tecnologia Showcase Unstructured Data Solution at CIAB FEBRABAN
SecureCircle will be exhibiting at CIAB Sao Paulo Brazil June 2018
Throw Tech Away - The Rise of a New Generation of Data Security
GDPR Compliance Tips: The Top Experts Speak
Are you ready for a password-less world?
CSO | The Impact of Human Behavior on Security
Account compromised? What about your file content?
Age old discussion: Convenience versus Security
SDxCentral | Four Security Myths You Need to Shake
Security Today | Digital Security in a Zero Trust World
MegaMinds AIthority Interview with Jeff Capone
2018 Govies Awards
Data Protection needs to be agnostic like Switzerland

Traditional Data Security Fails to Be Zero Trust

Written by 
September 21, 2020

Data security tools are not providing enough value for their customers.  The average total cost of a data breach in the United States is nearly $9million per the 2020 IBM Cost of Data Breach Report.  That is a five % increase from 2019.  31% of data breaches in North America can be attributed to internal actors.

Per the Verizon 2020 Data Breach Investigations Report, 76% of companies that experienced breaches said remote work would increase time to identify and thus continue to increase costs to organizations.

What is Zero Trust Data Security

  • Zero Trust data security is a practice of never trusting users with data.  For zero trust to be effective, data must be secured by default and not an exception.
  • Never trusts the user with the data or giving them control. Instead, allow users to work with the data as if they’re in control.

Data breaches and news headlines confirm Data Loss Prevention (DLP) solutions are broken.  Customers like DLP because it seems easy. Three well-known steps: discover, classify, and protect.  With DLP, chief information security officers (CISO) and other security teams feel like DLP casts a wide net.

Customers dislike DLP because it relies on users to be trusted, which creates security gaps that are hard to anticipate.  Maintaining DLP is impossible because the DLP model creates rules to block behavior, so IT and security teams are constantly chasing the next unknown.  Rule maintenance is a never-ending battle of finding new egress points in organizations.  Let’s review the three components of DLP.

Discover and identification of data that needs to be classified doesn’t work because legacy DLP solutions rely on fragile pattern matching like a regex expression.  Tiny changes to the pattern leave false positives and negatives that are not reliable.  

DLP regex discovery may work for phone numbers and very static formatted data, but there is no pattern to match to locate ‘top secret’ data.  ‘Top secret’ data could include intellectual property, internal finance and HR data, and more.  DLP relies on users to discover this type of data.

Classify and tag data with labels so the protection systems can take the proper action.  Tagging data in legacy DLP solutions only captures the data at the moment in time.  DLP tags do not automatically update when the data changes.  DLP requires tags to be added to file metadata.  But most file types don’t support the ability to add metadata to the file.  This creates a dependency that DLP requires to function properly.  It is the same reason these solutions can’t support any file type or any application.  So again, DLP relies on users to classify and tag data.

Protection of tagged data.  Assuming the discovery and classification steps were correctly executed, data is protected by creating rules to block activity and transfers. Information is not protected by default.  DLP depends on rules that either block (stopping the action or transfer), allow, or encrypt the data.  Rules have to be created for every workflow possibility.  When new applications are used, new rules must be created.  When new functionality is added to existing applications, new rules must be created.  DLP is an operational nightmare as security teams are in an endless battle to keep rules updated.  Users will find ways to egress data.  There are too many possibilities, and manual rule creation is error-prone at a minimum and deficient for most organizations.

Alternatives to DLP include Secure Access Service Edge (SASE).  SASE is a combination of Cloud Access Security Broker (CASB), Secure Web Gateway (SWG), DLP, and SD-WAN to isolate applications, segment networks, and authenticate based on user permissions, authentication, and verification before giving access to resources that include data.  Designed for a cloud world, SASE puts a perimeter around cloud services but still forces all data through one focal point, which has different performance, reliability, and security concerns.  Data protection for SASE still relies on traditional DLP for data protection.  Therefore, SASE has the same downfalls as traditional DLP.

Another security option for organizations looking for Zero Trust data protection is Virtual Desktop Infrastructure (VDI).  VDI was never designed as a security solution.  VDI provides all the benefits of SASE by putting the user in the data center.  The user is working with data but doesn’t have control over the data.  The data is always in the data center.  VDI was designed for the local area network (LAN) world like a doctor's office or call center.  

VDI is used by some organizations to protect the holy grail of data, which is source code.  Source code is exceptionally challenging to secure because appeasing developers and not impeding their productivity or changing their workflow is always a concern for organizations.  Developers are a tough audience to keep happy.

The downfalls of VDI is that the solution is costly, latent, decreases productivity, and user experience is not optimal. Still, it does check all the requirements for Zero Trust data protection.

SecureCircle is able to deliver a Zero Trust data protection solution that allows organizations to control data without impacting how the user needs to do their job.  Users aren’t affected by reduced productivity or a change in the workflow, so they won’t try to find ways to get around security because security is transparent.

We have highlighted source code as the holy grail of data because source code has been complicated to secure. Still, SecureCircle protects data in other use cases such as (1) protecting SaaS data as it leaves the cloud application and (2) user-created content such as media, design, and office data.

Why Do Customers Choose SecureCircle?

  • We remove users from a security process so you don’t have to rely on users doing the right thing.
  • Transparent and frictionless to applications and users
  • Reduce cost and complexity (one tool, protect by default persistently)
  • Rapid deployment 

SecureCircle persistently protects data by default.  Data is secured at rest, in transit, and in use.  Organizations grant workflows, applications, or users the ability to egress data from protection and create auditable events for compliance visibility.  SecureCircle focuses on protecting not just devices or data but also the process and workflow around data creation, storage, and use.

SecureCircle tracks protected data, and when protected data is moved to new or unprotected files, the new file is automatically protected with the same permissions as the original data.  Tracking data and not files allows SecureCircle to allow copy and paste and SaveAs functions while continuing to protect data as it moves.

User, device, application, and network permissions can be changed in real-time since organizations never lose control of data regardless of where data is created, stored, or transferred.

SecureCircle is the only Zero Trust data protection solution that can protect data, reduce management overhead and cost, and not impact user behavior or workflow.

Traditional Data Security Fails to Be Zero Trust

Download a PDF version of content

Prevent Data Breaches

Let’s discuss your unique cybersecurity challenges and needs.

Contact Us

If you want to notified when we post the newest content about mitigating insider threats, data breaches, protecting source code, and DASB, please subscribe to our SecureCircle newsletter.