For the past couple of months, the news has been teeming with reports about high-profile data breaches. More than half a billion lost records later, too many of the world’s well-recognized brands are dealing with the aftermath of these disturbing events.
Irrespective of the intent behind a breach, lost data is lost data. And it will cost you in one way or another. (Check out our recent blog about the black market’s new “hot data.”)
The million-dollar question is this: How can you prevent data exfiltration in the first place and avoid being featured on the front page in 2019?
While the data loss prevention (DLP) market has matured, offering solutions with intricate features, the adoption rate of those solutions has not matched the escalating rate of data breaches. This disparity can be attributed to two main factors.
First and foremost, while traditional enterprise DLP solutions offer protection across all possible channels, data can leave your network. Furthermore, a broad deployment is extremely complex and tied to a substantial investment that makes it unattractive for many organizations looking for basic use cases such as protecting information on its customers, patients, or employees.
In addition, while cloud and mobility are more than prepared to rock 2019, traditional, network-attached DLP technologies are late to the party. This shortfall in innovation has caused a major blind spot for DLP solutions and the organizations that use them because they’re unable to inspect all the traffic being generated by all the users.
Think of data like it’s a teenager. If you are not watching, it can sneak out the window at night. The difference is that your kid might sneak back into the house before you notice, but your data? It’s gone. And you’ll be headed for the walk of shame for your oversight.
Fortunately, you can prevent such loss by implementing a DLP solution that got the memo early enough to adjust to the cloud-enabled world. If you are evaluating a solution with the goal of protecting all the data that is flowing across your network, be sure that it fulfills the following three requirements:
1. Inspection of encrypted traffic
You can't protect what you can't see and most DLP systems can't inspect encrypted traffic. With encrypted protocols now making up the vast majority of internet-bound traffic according to Google, that means you are missing a whole lot of potential windows for data to sneak out of. Adversaries are well aware of the free range they have when hiding data behind encryption. Even if your users accidentally leak data, with the prevalence of sites and services using encrypted protocols, the chances are high that the incident will go undetected. Performing inspection of SSL/TLS traffic is complex, to say the least, when attempted with traditional DLP solutions, and it is far more compute-intensive than a lot of hardware can handle.
To ensure that you have visibility into all your data leaving the network and to maintain compliance, confirm that your preferred DLP solution is able to inspect encrypted traffic in real time at scale without requiring additional SSL appliances.
2. Network-independent policy enforcement
It’s great if you are inspecting outbound traffic with advanced inspection techniques when your users are in your office. But what happens if they work from home, use guest Wi-Fi in a coffee shop or at the airport, or work in a branch where you can't afford the fancy DLP appliance? It is of utmost importance that your DLP policies are enforced independently of network connection and across all your users. The key is to provide identical protection for everyone, including roaming users and road warriors.
3. Unlimited inline inspection capacity
Traditional DLP solutions are appliance based, bringing with them the inherent capacity constraints that you find when using hardware. Hence, inspecting traffic inline is often not an option. But remediation of a data loss incident after the data has been exposed is not the answer. The goal should be to prevent data from leaving the network in the first place. Because as we know, data doesn’t come back into the house after it sneaks out.
Ensure that your DLP solution of choice offers inline inspection with consistent performance that scales with your demand.
If you would like to learn more about how to close the gaps in your data protection strategy, read this eBook.
Selina Koenig is a Product Marketing Manager at Zscaler