Comprehensive Software Reviews to make better IT decisions
Cloud Is Cool, but DLP Is a Sticky Wicket
Using the cloud has become second nature for today’s organizations, and in most cases, cloud enthusiasts report an overall security improvement. However, data loss prevention (DLP) remains an issue. The issue is that while cloud providers have bolstered security in recent years (which helped lead to widespread adoption of cloud technology), they have very little power to govern what end users actually use the cloud for, like sharing sensitive information.
In reality, only 30% of cloud-using organizations have DLP policies that extend “across employee devices, the corporate network, and the cloud.” Meaning that in 70% of cases, organizations have little to no oversight of end-user cloud usage. Ironically, this lack of oversight is largely due to the improvements made to cloud security (by the providers), as it has created a tendency for customers to think that cloud security is not their concern. What we are now learning is that the cost of this security smugness is lost data.
Most of the time DLP issues are actually data classification issues, and when they’re not, they’re usually privacy-related issues. The good news is that both can be solved with a simple prioritization exercise: get a group together to brainstorm which data repositories hold the most sensitive information and then proceed to evaluate just how sensitive that data is and what kind of protections it needs. For example, if sensitive data is stored on a cloud-based file sharing platform, make sure to configure that platform to prevent unauthorized sharing or downloads.
Want to Know More?
Creating an effective data loss prevention (DLP) program is a difficult task because of the myriad ways data can leave an organization. Tools help, but often not as much as we’d like. Enter McAfee Unified Cloud Edge.
Digital Guardian has been a data loss prevention (DLP) leader for some time, so we’d all do well to listen when it says the future of DLP will focus on data, user behavior, and conditions of use.
Symantec recently announced new features for its Integrated Cyber Defense Platform aimed at boosting DLP strategies in the cloud via zero trust technologies from Luminate, which was acquired by Symantec back in February.
GTB Technologies was recently crowned the winner of Acquisition International’s cyber security award in the DLP category for its anti-malware and insider threat capabilities.
Fake apps that look real have been on the rise lately as a means of stealing sensitive data. However, Symantec has sought to defend against this technique with its Threat Aware Data Protection DLP product.
On March 6, 2019 Virtru, a data loss prevention (DLP) vendor specializing in encryption, was awarded Federal Risk and Authorization Management (FedRAMP) approval – the barrier to entry for use by governmental organizations.
According to a recent survey by data backup and management company Commvault, IT departments are not ready to lead digital transformation. I think a major impediment is in how IT departments, especially infrastructure managers, view data.