While data loss protection is critical to Zero Trust (ZT), fewer than one in five organizations report their data loss prevention solutions provide transformational benefits and more than 80 percent say they need a better way to secure data without slowing down innovation, according to Code42.
ZT architectures are based on the principle of “trust no one, verify everything,” abolishing the idea of a trusted network within a data security perimeter and requiring companies to create microperimeters of control around sensitive data.
A key benefit of the ZT model is that it mitigates the growing insider threat of employees quitting and taking sensitive data with them.
“Zero Trust does away with the ridiculous notion that data loss prevention is effective in an increasingly mobile and cloud world. It’s impossible for companies to rely solely on prevention when they need employees to be more productive and collaborative,” says Joe Payne, Code42 president and CEO.
“Further, ZT disproves that looking to employees to classify all data as part of a data loss prevention strategy works – it never has.”
Forrester Consulting adds, “If you don’t have a tool or technology that enables protection from data loss, how will your business survive? Data is digital currency; it is imperative to protect it. Everything else in security is tangential to this critical point.”
The study results, based on a survey of more than 200 IT security decision-makers in the U.S., show that companies are using traditional data loss prevention for their ZT strategies, but those legacy DLP solutions simply aren’t enough:
- 87 percent of companies in the survey are investing in or have invested in data loss prevention as part of their ZT strategies.
- 66 percent of survey respondents say their data loss prevention solutions frequently block employees from accessing data even if they are within policy.
- 73 percent report that employees complain of lost productivity and collaboration.
- 81 percent feel they need a better way to protect sensitive data without slowing down innovation.
“Any organization that is truly engaged in security, and especially in ZT, must move beyond the old and outdated data loss prevention tools that have proven so inefficient and restrictive,” Forrester Consulting reports.
“Doing anything else is a continued practice in failure and will slow the business and increase the likelihood of a security failure as employees work to maneuver around those legacy data loss prevention tools.”
The survey finds that companies need a next-generation of data loss protection solutions that protect sensitive data without slowing down the pace of innovation. In the next 12 months, organizations are prioritizing as critical the following information/IT security goals and initiatives to the following extent:
- 52 percent: improve threat detection capabilities.
- 48 percent: better protect sensitive company and customer data.
Payne concluded, “ZT affirms that all data – sales strategies, marketing campaigns, product prototypes – is important. Organizations need to track its every move because like employees, data never stays in one place.”