Data Loss Prevention (DLP) technology is meant to stop data loss by classifying and labeling the valuable business information, thereby preventing its transfer to inappropriate users. When using DLP, a rules engine applies the organization’s policies on handling sensitive data, while a system administrator monitors what data is shared among users, and how.
Why Does an Organization Need DLP?
On paper, DLP has three main benefits. Firstly, it is a mandate of several regulatory compliance organizations, including HIPAA for healthcare organizations, and PCI DSS for the payment card industry. Secondly, it is meant to illuminate the way that your organization classifies data and should uncover any issues that need education or action. Lastly, DLP was created to protect intellectual property or sensitive business information that you don’t want to fall into the wrong hands.
Sounds great, right? The only problem is – it doesn’t work. Secondly, often it can cause hardships during sound work processes.
When we look at some of the largest data breaches of the last few years, most of the companies in question had a DLP solution in place. Among the biggest breaches, some were a result of data exfiltration and, many of those were started or aided by internal players sending sensitive information out of the company. Yet, the DLP proved to be ineffective.
Could DLP Even Be Making Your Life Harder?
You might think that we’re being unfair. After all, surely DLP supports companies in monitoring their internal handling of data to some extent? And surely DLP mitigates mistakes in handling sensitive documents, whether it is accidental or intentional misuse. But actually no, and the problem gets worse.
Often DLP harms or slows down your organization’s business operations according to Malcolm Harkins, Chief Security and Trust Officer at Cymatic. “Let’s say you have a sensitive investor meeting, and your deck is classified as restricted. Suddenly, you realize that your laptop is having issues, and you want to move your deck to a USB so that you can borrow another laptop for the meeting. DLP would stop you … As a rules-based data control dependent on signatures, it drives the user around the control, and slows you down.”
Whether your DLP is host-based or network-based, it’s going to be bulky, heavy and signature-based, which means it becomes a user constraint from achieving business as usual.
Aligning your Security Tools to Business Outcomes
For CISOs, DLP is outdated, to say the least. When you think about phasing out end-of-life systems and legacy technology and adopting new and effective security models, CISOs must look to remove the human factor in many systems, and add automation that incorporates context when applying company policies on how to manage sensitive data.
Making it Happen with Smart Buying Decisions
This is why we’re so excited to announce the availability of the MinerEye DataTracker™ via the Azure Marketplace. Unlike DLP, DataTracker works in the background to align with your business processes and security policies, without ever slowing you down. Its automated virtual labeling capabilities analyze and resolve data protection and privacy policies, meeting compliance requirements even when they overlap across the same files and data.
Relying on DLP for protecting sensitive or mismanaged and ignored data is the equivalent of continually patching a legacy system to cope with the needs of today’s technological reality. Put our AI-based technology on the case and see what security and business outcomes you can guarantee in return.
Get in touch to schedule a call with one of our Data Protection experts.
previous post