Assessing Good Data Loss Prevention with SSE
In this blog
Good data loss prevention with SSE
In today's world of evolving cyber threats and data breaches, organizations need data loss prevention (DLP) to ensure compliance with data protection regulations, safeguard intellectual property, and mitigate the risks associated with both external threats and insider misuse of data. Many secure service edge (SSE) solutions are providing DLP capabilities, allowing organizations to leverage these toolsets at scale with the added benefit of consolidating point products in the space. In the rapidly evolving landscape of SSE and Data Protection, it's important to understand what is considered "good" DLP as not all solutions provide all capabilities.
A primer on Data loss prevention (DLP)
Data loss prevention (DLP) is a cybersecurity strategy and technology designed to prevent sensitive or confidential information from being leaked, shared or accessed by unauthorized individuals. DLP solutions employ a range of techniques to monitor, identify and control the flow of sensitive data across networks, devices and endpoints. These techniques include:
Content inspection: Inspecting files such as Word documents, PDFs, images and more for Personally Identifiable Information (PII) or other DLP criteria. This functionality, alongside Contextual Analysis, feeds Policy Enforcement.
Contextual analysis: Analyzing content to determine if factors such as the proximity of DLP criteria, frequency of criteria or combinations of criteria indicate a violation.
Policy enforcement: By combining Content Inspection and Contextual Analysis configurations, a policy can be built that is relevant to the personas of the organization. For example, a third-party contractor persona would most likely have DLP policy enforcement enabled to prevent potential exfiltration of data.
User activity monitoring: DLP should provide capabilities to monitor events and user activity. This can range from simple alerts to administrators to more detailed forensic capabilities with workflow structures for assignment, status tracking and detailed event data.
How does SSE approach data protection and DLP?
SSE DLP use cases primarily apply to the control aspects of Data Protection today. These include:
Network DLP: Monitors data in motion across a company's network to prevent unauthorized transmission of sensitive information.
Endpoint DLP: Secures data at user devices by controlling access and actions such as copying, printing, or movement to external storage.
Storage DLP: Protects data at rest within databases, file servers, or cloud storage environments.
Cloud DLP: Secures data within cloud services, ensuring compliance with regulations.
Integrated DLP solutions: Combine network, endpoint, cloud DLP, and other Data Protection capabilities into one unified platform for centralized management.
If we look at the SSE market and consider the top three vendors in the space: Netskope, Palo Alto Networks, and Zscaler. They all provide Network DLP inherent to their SSE solution. Additionally, Netskope and Zscaler provide functionality for Endpoint DLP and Cloud DLP inherent to their SSE solution while Palo Alto Networks provides these DLP capabilities outside of their inherent SSE solution (Prisma Access) with their Cortex and Prisma Cloud offerings. The important takeaway here is that there are considerations to which solution provides the capabilities your organization needs not only in the functional areas of: Network, Endpoint, Storage and Cloud but also in the DLP techniques of said area such as: Content Inspection, Contextual Analysis, Policy Enforcement, and User Activity Monitoring. Understanding your organizational requirements is key to evaluating which DLP capabilities and techniques to pursue.
The SSE landscape is rapidly evolving in the context of Data Protection. For example, some SSE vendors are developing or acquiring Data Security Posture Management (DSPM) capabilities to enrich the Discover functionality of Data Protection [1] [2] [3]. All though the above capabilities of SSE vendors reside primarily in the separate standalone functional areas of DLP (Network, Endpoint, Storage, Cloud) a number of vendors understand the need to integrate these solutions and incorporate capabilities relevant to a wider Data Protection strategy to provide deeper visibility and understanding of data discovery, control, and recovery to practitioners. This is where Integrated DLP solutions will provide the most value and benefit to organizations looking to enhance their organization's Data Protection.
What is "good" DLP?
"Good" DLP involves visibility and understanding of data and how organizations use different DLP capabilities to ensure confidentiality, integrity and availability to conform with organizational policies and best practices. Data Protection is a constantly evolving process of maturation. As the availability and prevalence of data continue to grow rapidly, so must the security controls and strategies for managing that data. Below we provide examples of how to delineate between "bad," "good," and "great" examples of DLP within an organization and how Data Protection practitioners mature over time from being unaware of "bad" DLP to having a complete understanding and visibility with "great" DLP.
Bad (unaware to negligent):
- No idea what controls are in place.
- No direct chain of command when dealing with data security.
- No policies supporting data classification and usage.
Good (fragmented visibility):
- Fragmented visibility into where data lives or how it traverses the environment.
- Policies around data usage but without the ability to gauge their effectiveness.
- Disjointed controls around data movement.
Great (complete understanding & classification):
- Strong policies tailored to the environment around data usage, movement and destruction.
- Integrated controls around data discovery and movement.
- Full visibility around internal data usage and sharing outside the organization.
Applying or acquiring SSE DLP capabilities alone will not ensure an organization's data protection requirements. Organizations must evolve over time with their needs and focus on all three primary aspects of Data Protection: Discover, Control and Recover to ensure that they have great DLP.
Contact WWT today to help you assess your data protection requirements and determine where SSE DLP capabilities can be beneficial.
1. Netskope's acquisition of Dasera strengthens our DSPM capabilities, ensuring advanced data protection for your clients.