How does DLP work?
Many organizations have DLP solutions in place; however, multiple data breaches happen each day. An understanding of how traditional DLP works and its limitations explains why 69% of organizations breached by insider threats had a DLP solution in place.
Legacy data loss prevention techniques
Traditional DLP systems are policy-driven. By defining exactly what is considered legitimate use of data and what is not, an organization should theoretically be able to prevent any data misuse and potential data breaches.
However this approach to data loss prevention is more difficult than it seems. With legacy data loss prevention tools, an organization needs to:
- Classify all its data: Organizations have multiple different types of sensitive data, including customer data, intellectual property, and more. Traditional DLP systems require all data to be properly labeled for security policies to be effective.
- Define policies for data access and use: Policy-driven DLP solutions need clear definitions of acceptable and unacceptable data usage. These should be based on regulatory requirements, corporate policy, and other data protection standards.
- Set up permissions for all users: Different users require different levels of permissions to sensitive data. User accounts should be defined based on least privilege to block unauthorized access to data.
Properly configuring a policy-driven DLP solution is complicated. Organizations’ rapidly expanding caches of data make manual data labeling an unscalable solution. Additionally, defining, reviewing, and updating DLP policies is an unending job.
In the end, two-thirds of companies say that DLP solutions block legitimate use of data, even if they are within policy.
Where traditional DLP falls short
The policy-based approach to data protection used by traditional DLP solutions has a number of weak points, including:
- Label Complexity: A DLP system may have automatic labeling and built-in policies for certain types of data protected by regulations, such as payment card data or personally identifiable information (PII). However, this accounts for a fraction of the sensitive data in a company’s possession, forcing it to label and create policies for intellectual property and other sensitive data manually.
- Data Mislabeling: Traditional DLP relies on data labeling by the same employees that it is trying to protect against. Employees may intentionally mislabel data to make it easier to do their jobs or to enable them to take data with them to their next position.
- Exfiltration Vector Coverage: Digital transformation means that the number of methods by which data can be shared and exfiltrated are constantly growing. As a result, it is difficult or impossible to keep up with the need to define policies to address new potential use cases.
These limitations make legacy DLP solutions ineffective at protecting against attempted data exfiltration. Limiting an organization’s cybersecurity risk requires a different approach to data security.