Do not fill in this field

Enter no text in this field

Get Instant Access
to This Blueprint

Business Email

Full Name

Company

Phone

Job Title

Organizations are often beholden to compliance obligations that require protection of sensitive data.
All stages of the data lifecycle exist in the cloud and all stages provide opportunity for data loss.
Organizations must find ways to mitigate insider threats without impacting legitimate business access.

Our Advice

Critical Insight

Data loss prevention is the outcome of a well-designed strategy that incorporates multiple, sometimes disparate, tools within your existing security program.
The journey to data loss prevention is complex and should be taken in small and manageable steps.

Impact and Result

Organizations will achieve data comprehension.
Organizations will align DLP with their current security program and architecture.
A DLP strategy will be implemented with a distinct goal in mind.

Prevent Data Loss Across Cloud and Hybrid Environments Research & Tools

1. Prevent Data Loss Across Cloud and Hybrid Environments Storyboard – A guide to handling data loss prevention in cloud services.

This research describes an approach to strategize and implement DLP solutions for cloud services.

2. Data Loss Prevention Strategy Planner – A workbook designed to guide you through identifying and prioritizing your data and planning what DLP actions should be applied to protect that data.

Use this tool to identify and prioritize your data, then use that information to make decisions on DLP strategies based on classification and data environment.

Prevent Data Loss Across Cloud and Hybrid Environments

Leverage existing tools and focus on the data that matters most to your organization.

Analyst Perspective

Data loss prevention is an additional layer of protection

Driven by reduced operational costs and improved agility, the migration to cloud services continues to grow at a steady rate. A recent report by Palo Alto Networks indicates workload in the cloud increased by 13% last year, and companies are expecting to move an additional 11% of their workload to the cloud in the next 24 months1.

However, moving to the cloud poses unique challenges for cyber security practitioners. Cloud services do not offer the same level of management and control over resources as traditional IT approaches. The result can be reduced visibility of data in cloud services and reduced ability to apply controls to that data, particularly data loss prevention (DLP) controls.

It’s not unusual for organizations to approach DLP as a point solution. Many DLP solutions are marketed as such. The truth is, DLP is a complex program that uses many different parts of an organization’s security program and architecture. To successfully implement DLP for data in the cloud, an organization should leverage existing security controls and integrate DLP tools, whether newly acquired or available in cloud services, with its existing security program.

Photo of Bob Wilson
Bob Wilson
CISSP
Research Director, Security and Privacy
Info-Tech Research Group

Executive Summary

Your Challenge

Organizations must prevent the misuse and leakage of data, especially sensitive data, regardless of where it’s stored.

Organizations often have compliance obligations requiring protection of sensitive data.

All stages of the data lifecycle exist in the cloud and all stages provide opportunity for data loss.

Organizations must find ways to mitigate insider threats without impacting legitimate business access.

Common Obstacles

Many organizations must handle a plethora of data in multiple varied environments.

Organizations don’t know enough about the data they use or where it is located.

Different systems offer differing visibility.

Necessary privileges and access can be abused.

Info-Tech’s Approach

The path to data loss prevention is complex and should be taken in small and manageable steps.

First, organizations must achieve data comprehension.

Organizations must align DLP with their current security program and architecture.

Organizations need to implement DLP with a distinct goal in mind.

Once the components are in place it’s important to measure and improve.

Info-Tech Insight

Data loss prevention is the outcome of a well-designed strategy that incorporates multiple, sometimes disparate, tools within your existing security program.

Your challenge

Protecting data is a critical responsibility for organizations, no matter where it is located.

45% of breaches occurred in the cloud (“Cost of a Data Breach 2022,” IBM Security, 2022).

A diagram that shows the mean time to detect and contain.

It can take upwards of 12 weeks to identify and contain a breach (“Cost of a Data Breach 2022,” IBM Security, 2022).

Compliance obligations will require organizations to protect certain data.
All data states can exist in the cloud, and each state provides a unique opportunity for data loss.
Insider threats, whether intentional or not, are especially challenging for organizations. It’s necessary to prevent illicit data use while still allowing work to happen.

Info-Tech Insight

Data loss prevention doesn’t depend on a single tool. Many of the leading cloud service providers offer DLP controls with their services and these controls should be considered.

Common obstacles

As organizations increasingly move data into the cloud, their environments become more complex and vulnerable to insider threats

It’s not uncommon for an organization not to know what data they use, where that data exists, or how they are supposed to protect it.
Cloud systems, especially software as a service (SaaS) applications, may not provide much visibility into how that data is stored or protected.
Insider threats are a primary concern, but employees must be able to access data to perform their duties. It isn’t always easy to strike a balance between adequate access and being too restrictive with controls.

Insider threats are a significant concern

53%

53% of a study’s respondents think it is more difficult to detect insider threats in the cloud.

Source: "2023 Insider Threat Report," Cybersecurity Insiders, 2023

45%

Only about 45% of organizations think native cloud app functionality is useful in detecting insider threats.

Source: "2023 Insider Threat Report," Cybersecurity Insiders, 2023

Info-Tech Insight

An insider threat management (ITM) program focuses on the user. DLP programs focus on the data.

Insight summary

DLP is not just a single tool. It’s an additional layer of security that depends on different components of your security program, and it requires time and effort to mature.

Organizations should leverage existing security architecture with the DLP controls available in the cloud services they use.

Data loss prevention is not a point solution

Data loss prevention is the outcome of a well-designed strategy that incorporates multiple, sometimes disparate tools within your existing security program.

Prioritize data

Start with the data that matters most to your organization.

Define an objective

Having a clearly defined objective will make implementing a DLP program much easier.

DLP is a layer

Data loss prevention is not foundational, and it depends on many other parts of a mature information security program.

The low hanging fruit is sweet

Start your DLP implementation with a quick win in mind and build on small successes.

DLP is a work multiplier

Your organization must be prepared to investigate alerts and respond to incidents.

Prevent data loss across cloud or hybrid environments

A diagram that shows preventing data loss across cloud or hybrid environments

Data loss prevention is not a point solution.
It’s the outcome of a well-designed strategy that incorporates multiple, sometimes disparate tools within your existing security program.

Info-Tech Insight

Leverage existing security tools where possible.

Data loss prevention (DLP) overview

DLP is an additional layer of security.

DLP is a set of technologies and processes that provides additional data protection by identifying, monitoring, and preventing data from being illicitly used or transmitted.

DLP depends on many components of a mature security program, including but not limited to:

Acceptable use policy
Data classification policy and data handling guidelines
Identity and access management

DLP is achieved through some or all of the following tactics:

Identify: Data is detected using policies, rules, and patterns.
Monitor: Data is flagged and data activity is logged.
Prevent: Action is taken on data once it has been detected.

Info-Tech Insight

DLP is not foundational. Your information security program needs to be moderately mature to support a DLP strategy.

DLP approaches and methods

DLP uses a handful of techniques to achieve its tactics:

Policy and access rights: Limits access to data based on user permissions or other contextual attributes.
Isolation or virtualization: Data is isolated in an environment with channels for data leakage made unavailable.
Cryptographic approach: Data is encrypted.
Quantifying and limiting: Use or transfer of data is restricted by quantity.
Social and behavioral analysis: The DLP system detects anomalous activity, such as users accessing data outside of business hours.
Pattern matching: Data content is analyzed for specific patterns.
Data mining and text clustering: Large sets are analyzed, typically with machine learning (ML), to identify patterns.
Data fingerprinting: Data files are matched against a pre-calculated hash or based on file contents.
Statistical Analysis: Data content is analyzed for sensitive data. Usually involves machine learning.

DLP has two primary approaches for applying techniques:

Content-based: Data is identified through inspecting its content. Fingerprinting and pattern matching are examples of content-based methods.
Context-based: Data is identified based on its situational or contextual attributes. Some factors that may be used are source, destination, and format.

Some DLP tools use both approaches.

Info-Tech Insight

Different DLP products will support different methods. It is important to keep these in mind when choosing a DLP solution.

About Info-Tech

Info-Tech Research Group is the world’s fastest-growing information technology research and advisory company, proudly serving over 30,000 IT professionals.

We produce unbiased and highly relevant research to help CIOs and IT leaders make strategic, timely, and well-informed decisions. We partner closely with IT teams to provide everything they need, from actionable tools to analyst guidance, ensuring they deliver measurable results for their organizations.

What Is a Blueprint?

A blueprint is designed to be a roadmap, containing a methodology and the tools and templates you need to solve your IT problems.

Each blueprint can be accompanied by a Guided Implementation that provides you access to our world-class analysts to help you get through the project.

Table of Contents

Talk to an Analyst

Our analyst calls are focused on helping our members use the research we produce, and our experts will guide you to successful project completion.

Book an Analyst Call on This Topic

You can start as early as tomorrow morning. Our analysts will explain the process during your first call.

Get Advice From a Subject Matter Expert

Each call will focus on explaining the material and helping you to plan your project, interpret and analyze the results of each project step, and set the direction for your next project step.