Loss of data can have severe consequences for businesses. It erodes trust in the organization and is likely to result in financial losses due to legal action, fines for regulatory non-compliance and exposure of intellectual property. Data protection is the biggest challenge in any security strategy, and ultimately, almost all cybersecurity initiatives relate to it.
Today, the migration of data, business applications and users to the cloud, where they were previously on-premises and secure, has fundamentally changed the way data is created, stored and shared. This development has also had significant repercussions on the way they are secured.
According to a recent IDC study, spending on security solutions and software in 2023 is expected to amount to €206 billion, an increase of 12.1% compared to the previous year. Also, companies must adapt their practices and tools as their structure and processes evolve and, therefore, take into account certain key variables. Loss of data can have severe consequences for businesses.
It erodes trust in the organization and is likely to result in financial losses due to legal action, fines for regulatory non-compliance and exposure of intellectual property. Faced with these risks, data loss prevention (DLP) has evolved and become an essential characteristic in the definition of a cybersecurity strategy, which must, however, follow critical steps in order to guarantee a good return on investment and an experienced user.
Traditional Approach Vs. Modern Approach
Traditional security tools focus on web, email and endpoints, which provide acceptable coverage when the majority of applications, data and users are within a defined perimeter. But in the cloud-first world, most of the data resides in SaaS applications as well as in the public cloud and is exchanged via messaging or collaboration tools on the internet, and therefore, passes from one cloud to another. Additionally, a significant portion of traffic comes from unmanaged devices.
Any DLP transformation must, therefore, take each of these scenarios into account.
The traditional DLP approach involves classifying documents manually or using a tool, then using regular expressions (regex), dictionaries, fingerprints, exact data matches or optical character recognition (OCR) to search for specific data and block it at endpoints.
At the same time, modern DLP is based on context analysis and takes into account variables such as devices, the nature of applications, the nature of the application instance and its risk profile, without forgetting the actual activity of the user. A DLP solution must be context-aware enough to know whether traffic is coming from a work or personal device since the applicable policy and action may vary.
Also Read: Static And Dynamic Data: What Are The Differences?
Approved Applications, Audits And Control Systems
Most companies have a list of approved applications for different categories, such as email, storage, collaboration, customer relationship management (CRM) or even HR management. These approved applications are subject to the required audits and controls. The DLP tool must be able to recognize when an application is approved, as specific data and transfers may be allowed for such applications and blocked for others.
Additionally, an approved application may have professional instances and personal instances to which the DLP must apply separate criteria. The policy in effect for a OneDrive account or a professional Gmail, for example, will typically be very different from that of personal instances.
In the untrusted applications category, the DLP solution must know the risk profile of each application.
The policy and actions for a well-known application, even an untrusted one, will be different from those for an application with known compliance or security issues. Additionally, most cloud application transactions have activity types that go beyond traditional uploading and downloading. These activities need to be supported by granular policies that do not impact user productivity.
The Critical Steps Of A DLP Strategy
To reduce their attack surface, businesses should think about evolving DLP in different phases. The first step consists of obtaining visibility on all SaaS, IaaS and web uses at the initiative of users and IT teams. Secondly, they can analyze the risk profile of these cloud services. Indeed, most CASB (Cloud Access Security Broker) or SSE (Secure Service Edge) solutions can provide granular visibility of high- or medium-risk users and applications.
It is also essential at this stage to identify approved applications for critical categories and define an acceptable use policy for these applications. IT teams then have every interest in applying an immediate blockage of high-risk cloud services and encouraging users to opt for approved services corresponding to their needs, in terms of storage and collaboration, for example. They can also enforce policies for corporate instances of trusted apps, allowing read-only access or blocking access to personal instances of a trusted app like OneDrive.
These measures are essential to prevent personal instances of approved applications from being exploited to steal data easily. Finally, IT teams can restrict specific access based on users or groups, as well as locations and devices. Once all of these steps have been completed, companies can move on to the second phase of their strategy, which involves identifying sensitive data levels by integrating data classification.
Then, they can target specific data, such as particular databases or IP addresses, using exact match or fingerprinting techniques. Protecting against data loss is a long-term effort. It is, therefore, essential to estimate from the outset the resources and time that will be required for such a program to reach the level needed in order to benefit from a significant reduction in risk without disrupting the user experience. A well-conducted DLP can be the decisive asset enabling a business to exploit the potential of the cloud with minimal risk fully.
Also Read: The Best Cloud Apps For Android: All Smartphone Data Safe
 has evolved and become an essential characteristic in the definition of a cybersecurity strategy){kind=link}