“Do I need a network, cloud, or endpoint DLP solution?”
It’s a question we hear a lot.
The answer, of course, all comes down to what you’re trying to achieve. You might need one of those options, or you might need all three.
Because the vast majority of enterprise data now lives in the cloud, we don’t judge people for assuming that this is where their primary DLP strategy should be pointing.
But the reality is that cloud-to-cloud data exfiltration is rare. It’s actually at the endpoint where the really interesting stuff happens. In fact, there are numerous studies that suggest 70% of all data breach incidents occur via the endpoint*.
That’s because your data gets downloaded. It gets copied. It gets shared through email and Slack. It gets cut and pasted into a new spreadsheet. It gets printed, screenshotted, or moved to an external storage device. The list is endless.
And that’s the reality. Data is more portable than ever before, and collaboration apps have made it easy to share between teams, and even organizations, without a second thought.
Employees just want to get their work done
The majority of data loss incidents aren’t even nefarious in nature. Much of it is simply human error and your employees simply trying to get their work done as productively as possible.
Sharing data across a Slack channel, or copying it to removable media, might seem innocent enough to them, but it’s enough to put data beyond your control, and out of compliance.
What about malicious insiders?
While the majority of data loss incidents are the result of human error. No one should discount the damage that a malicious insider can do. Again, it’s typically at the endpoint where the more nefarious activity takes place.
It’s where bad actors try changing file extension names to hide exfiltration attempts before uploading to a personal cloud drive, or disabling their network connection while they try to copy a file to removable storage. It’s where they screenshot a spreadsheet thinking that if they save it as a .jpg, no one will notice.
The challenge has grown exponentially
Over the last few years, much of the discussion around cybersecurity and data protection has been consumed by SASE, and a focus on network and cloud-level access security. However, the last few years have also dramatically reshaped how security experts now think about the challenges. A new hybrid mode of working, accelerated by the pandemic, has emerged and left enterprises with a growing visibility gap between network/cloud security, and what’s happening at the endpoint.
It means IT teams are now tasked with adapting to a large-scale, hybrid workforce, further challenging their ability to secure and manage endpoints.
In particular:
- Endpoints
A growing number of endpoints accessing data. Each is different. Different users, different connectivity states, different OS versions, different builds, different installed apps, etc. - Employees
Employees are no longer confined to the always-on corporate network; choosing instead to access data from different locations, and network connection types. - Collaboration
The rise in collaboration apps has increased the movement of enterprise data between individuals, teams, and businesses.
This has created a growing attack surface for insider threats and increased the potential for accidental data loss and data compliance breaches. It has become impossible for siloed, legacy, and verticalized solutions to keep pace.
Left unchecked, the endpoint quickly becomes the weakest link in any data protection strategy, exposing the organization to operational disruption, financial loss, and reputational damage.
Do I need cloud, network, or endpoint DLP?
We’re not suggesting you don’t protect your cloud and network layers. Of course, you should. But based on current trends, and the newly emerging threats that our own customers tell us about, it’s important to consider augmenting any existing SASE or cloud/network level protections with a dedicated endpoint solution. Without this, the endpoint quickly becomes the weakest link in any data protection strategy, exposing your organization to operational disruption, financial loss, and reputational damage.
And because it’s on the endpoint, your data protection policies are resistant to connectivity drops, geographical restrictions, and latency issues.
So why would your DLP be anywhere else?
======================
*
https://www.verizon.com/business/resources/reports/dbir/2019/introduction/
https://www.ibm.com/topics/endpoint-security
Download our free ebook on
Data Loss Prevention Best Practices
Helping IT Managers, IT Administrators and data security staff understand the concept and purpose of DLP and how to easily implement it.