Challenges with today's endpoint DLP
Endpoint DLP is an interesting technology. It has some important use cases and has been around for quite some time, but has gotten a bad reputation: either it’s a nightmare to deploy and operationalize, or its inconsistent alerting contributes to complex incident management. Either way, organizations love to hate it. Fortunately, the times are changing thanks to security service edge (SSE).
When it comes to endpoint DLP, organizations find it solves some important challenges. For one, it enables in-depth visibility over endpoint data and its movement. While a lot of sensitive data is moving to the cloud, the endpoint is still a treasure trove as the origin point of so much data. Data protection teams hate gaps in their visibility, and the endpoint is a much-needed data point. Tracking it is key to maintaining compliance as well as ensuring data stays secure when employees turn in their two weeks’ notice (which happens A LOT).
Endpoint DLP gets a bad wrap—so let’s understand what’s driving all the negativity.
First off, as mentioned before, it can lead to inconsistent alerting. Why? The problem comes when you have multiple DLP technologies across the organization. In addition to endpoint, CASB comes with a DLP, and network can too. If you have multiple policy engines, you don’t have a single source of truth when an alert triggers as a piece of data moves from device to network to cloud app. This slows down incident management and reduces productivity.
Secondly, the dreaded endpoint agent becomes an issue. With a point product approach, multiple agents find their way onto the device, which no one likes. This impacts the user experience and adds strain on IT teams as they manage multiple agents across potentially thousands of devices—not to mention the deployment complexity that comes with an extensive agent footprint.
But again: the times are changing! There's an endpoint revolution afoot, and it means you can confidently add endpoint DLP back into your protection strategy.
A better approach to endpoint DLP
To deliver better endpoint DLP, start with Gartner’s security service edge (SSE). Delivered from a high-performance cloud platform, SSE enables policies and controls to be unified in a central location. When cloud-centralized, your single DLP policy can be sent to various places to help enforce controls. With proxy SSL inspection, inline inspection becomes a snap. Leveraging APIs, that same DLP policy can look into data at rest in your cloud apps and identify risky data shares (e.g., outside the org, open internet links). Most importantly, that policy can be pushed down to the endpoint, so data movement can be controlled on the device.
One of the top use cases for endpoint DLP is preventing sensitive data from heading to USB drives, printers, or network shares. This helps control dangerous things users may do with sensitive data. You can also control risky personal storage syncing (e.g., Box, Dropbox), which often happens when users install cloud sync apps onto their devices.
The unified agent is another win for SSE and endpoint DLP. Since SSE is delivered from a unified agent, you’re able to bring all protection under that one agent—and retire other agents required for legacy endpoint DLP approaches.
How Zscaler differentiates with endpoint DLP
When you’re ready to embrace endpoint DLP from a security service edge, a few things can really help make your day.
First off, if you’re already a Zscaler customer, you’re made in the shade. Because you’re inline and you have Zscaler Client Connector, pushing DLP policy down to the endpoint becomes ridiculously easy. Remember: you only need to create policy once, and you’re set.
Even before that, Zscaler Endpoint DLP delivers automatic data discovery without you even having to configure policy. Once pushed down to the agent, all data movement is instantly tracked, even without a policy configured. This is called “Data Activities.” This dashboard gives Data Protection programs valuable information, right out of the gate, on the risks being seen on devices.
The next advantage of Zscaler Endpoint DLP is the architecture of inspection. Zscaler’s carefully designed approach enables complete control over data movement on the device, even without internet connectivity, helping ensure no gaps in control over the devices. With inspection remaining on the endpoint, latency is quick and user impact is minimal. It’s a tremendous advantage as you start to scale across thousands of devices.
Lastly, Zscaler forensics and dashboards help supercharge investigations, so you can quickly identify and address data loss incidents.
Additionally, Zscaler workflow automation helps take your data protection program to the next level, so you can assign incidents to users for justification. This allows a level of user coaching, where users learn what they did right (or wrong) with a piece of sensitive data, helping everyone move in the same direction around your data protection program.
Ready to learn more?
As you can see, when it’s delivered from a unified SSE platform, endpoint DLP can be a game-changer. If you’re ready to protect your device data and secure some of the dangerous activities your users may be engaging in around your sensitive data, we’d love to tell you more.