Data is one of the most valuable currencies in existence today. Companies can thrive or die based on data, and attackers—from run-of-the-mill hackers, to cybercrime syndicates, to nation states—aggressively target data. It’s no wonder that an entire industry of tools and practices exists for the sole purpose of securing and protecting data. However, data loss and data breaches are still a constant concern.
Perhaps the model of data loss prevention—or DLP—itself is flawed? I recently had an opportunity to speak with Vijay Ramanathan, senior vice president of product management at Code42, about this issue and about the unique perspective Code42 has on solving the DLP problem.
“Fundamentally—at its core—even the notion of what DLP stands for is different for us,” opened Vijay. “You know DLP as ‘data loss prevention’. We approach it as ‘data loss protection’.”
That is clever and makes for good marketing but changing a word around is just semantics. I asked Vijay to explain what that means for customers, and why he—and Code42—believe that is a superior or more effective way to tackle this problem.
He explained, “We want to look at data and data loss more holistically rather than just putting prevention strategies in place.” He went on to compare the approach to the way we treat other things in life—like our homes. He pointed out that people have locks on doors to prevent unauthorized access, but that many also augment them with alarm systems, and surveillance cameras and home insurance to create a well-rounded home security strategy. Data security should be no different.
Traditional DLP is fundamentally flawed
Vijay described why the traditional approach to DLP is broken.
The standard model of DLP requires organizations to define which data is sensitive or confidential, and which data is trivial or meaningless. There has to be an initial effort to catalog and assign classifications to all existing data, and an ongoing process for users to assign classification tags to data as new data is created.
If you only have a few people, or a relatively small amount of data, this approach may be feasible. But, for most organizations, it is challenging—bordering on impossible—to effectively implement data labeling policies, or maintain accurate asset tagging at scale.
The second issue Vijay mentioned was that DLP often creates new issues. He told me that data classification and data handling policies are designed to prevent bad things from happening, but implementing additional policies is like protecting your home by building a taller fence. It only goes so far as a means of data protection, and it forces bad behavior by users. Employees who just want to get their jobs done will often subvert or circumvent the system, or intentionally mis-classify data to avoid draconian policies.
Protection rather than prevention
So, what does Code42 do differently, and how does that translate to better data security? I asked Vijay to explain how the Code42 approach of data loss protection addresses these issues.
“The whole approach of traditional DLP solutions seems highly problematic,” proclaimed Vijay. “Why don’t we just assume that all of the data is important? What’s important then is to make sure you understand what is happening with your data, so you can make reasonable, informed judgments about whether that access or activity makes sense or not.”
More locks and taller fences might work to some extent, but they will never be impervious. Rather than focusing all of the attention on prevention, it’s important to acknowledge that there’s a high probability that incidents will still occur, and have the tools in place to detect when that happens.
Vijay stressed the importance of response time—and how quickly an organization can know what is happening. “Time to awareness or time to response is the most critical issue in cybersecurity today. The lag time before a company discovers a data loss incident is crucial.”
He explained that Code42 adopted a next generation DLP philosophy with no policies and no blocking. Code42 assumes that all data is important and provides customers with the visibility to know who is accessing it and where it is going, and the ability to monitor and alert without preventing users from doing legitimate work or hindering productivity in any way.
With this philosophy in mind, the company recently introduced Code42 Incydr™, it’s data risk detection and response solution. It monitors and logs all activity. Within minutes of an event, Incydr can let you know that a file was edited or saved. Within 15 minutes, the file itself is captured and stored in the cloud. Customers can store every version of every file for as long as they choose to retain the data. Incydr also provides an industry-best search capability that allows all data from the previous 90 days to be quickly and easily searched at any time.
Vijay shared that he believes the Code42 Incydr approach to data security —is a better and more effective way to address this problem. Taking blocking and policies out of the equation makes it easier to administer and allows users to focus on being productive and efficient. The DVR-like ability to review activity from the past and establish focus on suspicious activity day-in-day-out provides customers with the peace of mind they need that their data is safe and sound.
Learn more about how to illuminate blind spots in your security stack in this webinar.