Gartner Confirms DLP Not Enough

New DLP Market Guide is clear – you need Insider Risk Management

The threat from insiders to your most valuable data continues to dominate the news and no doubt many of you are thinking about how you might address this growing problem. Well, this week, Gartner weighed in with its latest market guide on Data Loss Prevention (DLP) and they make clear that new, more effective solutions are required for most organizations – specifically highlighting Insider Risk Management as an area of interest.  

Data loss from insiders is not a new problem, but it has become increasingly urgent and complex due to drivers like digital transformation, hybrid-remote work and the Great Reshuffle – not to mention a noticeable uptick in the use of contractors and recent layoffs. With a recession and frozen budgets looming it’s a more critical time than ever to evaluate the how of solving the Insider Risk problem.   

Here’s the summary: Insider Risk Management addresses the problems you may be trying to solve today with four separate technologies: Data Loss Prevention (DLP), User and Entity Behavior Analytics (UEBA), Cloud Access Security Brokers (CASB) and Security Education and Awareness (SEA). Net/net: it’s time to make a move to a solution that consolidates the problems you’re solving while accelerating legitimate collaboration and innovation.

Moving on from DLP

Gartner is careful not to outright say that you should kick your DLP products to the curb and instead focuses on what you should look for from your DLP solution. We’re here for it. In fact, we agree (enthusiastically) that your data loss protection solution should do a lot more than create a swiss-cheese like wall between your employees and the rest of the world a la DLP products. 

Sometimes, the term ‘mature’ can be considered flattering – but when it’s used to describe your security technology, we all know the underlying meaning: antiquated. Not innovative. Rather, static. And thus, it’s time the vast majority of us who are embracing cloud services to finally bid farewell to traditional DLP products. Please take your massive expenses, super-complex implementation and never-ending list of exceptions with you.

Of course, there are other fatal flaws when it comes to DLP products. For starters, classification is foundational to its success. Perhaps DLP works to classify some structured data, but what about source code, customer lists, product roadmaps and engineering plans? In addition, the in-line blocking approach doesn’t really work either –  it blocks the free flow of files and productivity, but when it misses something, it misses it completely, resulting in even more risk for organizations.

So, where are we headed?

After outlining the many shortcomings and challenges of ineffective traditional DLP products, Gartner’s report hints at the convergence of DLP with IRM solutions, which also raises questions about the standalone impact of UEBA.

It’s worth noting that the convergence trend started to emerge in January 2020 when Gartner released its first Market Guide for Insider Risk Management Solutions and discussed UEBA converging with SIEM. We also noted the absence of traditional DLP players in that report. Concurrently, a study with Forrester revealed that DLP and CASB are simply not meeting modern data security needs.

And earlier this year, in March 2022, Gartner released its second Market Guide for Insider Risk Management Solutions – pushing the scope of Insider Risk Management solutions further. Context and automation have become key pillars of IRM as a separation path begins to emerge with data security solutions – plus the utility of user-created rules and workflows has been called into question. Security education and awareness (SEA) get some much-needed attention as part of the IRM model. 

With Code42’s end-to-end Insider Risk Management solution – rooted in effective data protection for distributed and highly collaborative workforces – security teams are able to consolidate solving four critical problems.

So yes, we’re thinking differently about how to protect data and our approach is a progressive shift, but we’ve been doing IRM successfully for several years. Just ask Okta, Snowflake or CrowdStrike how they’re protecting data in their organization without slowing down their teams.