What is Data Loss Prevention?
May 29, 2020
Data Loss Prevention (DLP) is a broad topic. Many products claim they're DLP solutions, including DLP, Information Rights Management (IRM), and encryption. All focus on different aspects of security. The DLP goal is to prevent data breaches and protect data, including intellectual property and personal information in all forms, including Personally identifiable information (PII), credit card information known as Payment Card Industry (PCI), Protected Health Information (PHI), and much more. Regulations like General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) exist because data breaches made news headlines daily, and governments decided corporations need oversite.
DLP went mainstream in 2007 when Symantec bought Vontu. At the time, Vontu was the Gartner Magic Quadrant leader in Content Monitoring and Filtering and Data Loss Prevention. The core DLP feature was blocking sensitive data from being copied.
"The ultimate goal of data-loss prevention is to change employee behavior," director of product marketing at Vontu said in an interview regarding the release of Vontu DLP 8 in 2007.
Regardless of the features, data types, and brands involved in the DLP market, the idea employees need to change their behavior in the name of security has been present. Because altering employee behavior is so difficult, a workflow evolved within the DLP world: Discover, Classify, Protect. The result is to identify only the subset of data that is important and needs protection.
There are two main flaws with this approach. First, changing employee behavior is a herculean task. Second, this workflow relies on employees making data classification decisions. For DLP, IRM, and file encryption, users have to decide what is essential to protect. Users, however, aren't good at making these decisions. Most users will classify the data so that it is easy for them to do their work, such as sending reports externally to customers or partners. Even if employees are diligent in making decisions, data that is not important today may be sensitive tomorrow. Employees OPT-IN to security in the legacy DLP model, deciding what should be secured.
How does SecureCircle achieve data protection?
For SecureCircle, we take a fundamentally different approach to data protection than legacy DLP. We protect data by default. Employees must OPT-OUT of security in the SecureCircle model.
Unlike the goal of legacy solutions to change users' behavior, SecureCircle believes security should be transparent to users and business workflows. Authorized users work with protected data in the same method as before. Unauthorized users are the only users to see error messages when trying to access data without proper permission.
Legacy technologies focus on protecting the device or the file. Legacy DLP tries to prevent the file from leaving the device, blocking the ability to copy a file to a USB drive, blocking Save-As, or removing attachments from email.
SecureCircle protects data, not files or devices. A data-centric approach to data security focuses on the information that needs protection instead of the network, device, or application.
SecureCircle's data-centric protection allows files to move anywhere, including removable media and cloud storage. The data is persistently protected at rest, in transit, and in use. Unauthorized users can't access protected documents.
SecureCircle doesn't rely on fragile data classification. Instead, SecureCircle's MagicDerivative(TM) autonomously protects data based on content. MagicFolder(TM) and MagicProcess(TM) autonomously protect data based on context.
MagicDerivative autonomously monitors protected data and protects similar data with the same permissions as the initially protected content. If an authorized user accesses a protected spreadsheet and copies data from the spreadsheet to a new presentation file, the presentation is autonomously protected with the same permissions as the original spreadsheet since the data has moved to the presentation. Save-As automatically creates a protected file since the contents of the new file are similar to the contents of a protected file. Even when a user manually recreates the content of a document, the new document will be autonomously protected.
MagicFolder and MagicProcess automatically protect data based on context. Enterprise Resource Planning (ERP) finance reports generated and placed into the Finance folder on a file server are automatically protected. The Finance folder is a MagicFolder, and all files placed into that folder automatically are protected. The files and data remain protected when users download the files from the file server to their computer.
MagicProcess enables applications to protect all output autonomously and allows complete protection for finance, HR, design, CAD, media, source code, and any other application that creates data that should never leave an organization.
How does this benefit my organization?
SecureCircle's unique features and overall approach to data loss prevention allow organizations to protect data without impacting end-users or changing business workflow. Organizations can support a wide range of use cases such as accidental and malicious insiders, intellectual property and source code protection, lost or stolen devices, data visibility for regulated data, third party collaboration, and more.
SecureCircle is proactive data loss prevention, at scale, that is transparent, and data-centric.
Prevent Data Breaches
Let’s discuss your unique cybersecurity challenges and needs.