How do I select a DLP solution for my business?

Data loss prevention (DLP) has become even more important in the last year. Since the pandemic has made companies shift to a remote workforce model, cybersecurity threats have become increasingly complex and data security even more fragile. Companies need to adapt their DLP strategies to the new normal and harden their defense.

To select a suitable DLP solution for your business, you need to think about a variety of factors. We’ve talked to several industry professionals to get their insight on the topic.

Tim Bandos, CISO and VP of Managed Security Services, Digital Guardian

Here are some best-practice tips to help you select the right DLP solution for your organization:

Identify your primary data protection objective. Are you trying to protect your intellectual property, gain more visibility into your data, or meet regulatory compliance? Answering this will help you determine which DLP architecture – endpoint, network, discovery, or cloud – is most appropriate to focus on first.

Establish your evaluation criteria. Here are 10 key questions you should ask when researching enterprise DLP vendors:

• What compliance regulations apply to your organization?
• How do you intend to perform data inspection and classification?
• Do deployment options include a cloud-delivered solution offering?
• Does the solution support Windows, Linux, and macOS with feature parity?
• Are you most concerned with protecting structured or unstructured data?
• Do you plan to see and enforce data movement based on policies, events, or users?
• What technologies do you wish to integrate with your DLP?
• How quickly do you need to be operational?
• What additional staffing will the solution require?
• Is it available as a managed service?

Know how the business runs. Enterprise DLP is not about deploying and maintaining tools. It is about knowing how your business runs, what data and apps are vital for it to add value to its customers, while fostering a strong risk management strategy to protect those digital assets.

Jason Clark, Chief Security & Strategy Officer, Netskope

When selecting a DLP solution for your business, it’s essential to consider the context of data in today’s environment. The problem enterprises are currently solving is how to keep data protected with the utmost rigor, but also allow it to flow effortlessly to where it can deliver the greatest benefits. We want to enable businesses like breaks on a car: we want to help them to go fast, safely.

Today, more than 50% of organizations’ data is in the cloud and the typical enterprise now deploys more than 2,400 cloud applications. In the cloud era, the traditional premise of DLP no longer applies. With more data being in cloud and mobile, data is no longer on an owned CPU. To protect all data regardless of location, we must evolve the way data protection is defined so that it’s cognizant of the way users currently work — meaning protecting a wider, more dynamic attack surface.

When selecting a solution, search for one that embraces the fact that the flexibility cloud infrastructure provides also allows for a better job of protecting data—if set up correctly. The new concept stemming from this evolution is what I describe as zero trust data protection, and it’s critical to achieving the Secure Access Service Edge (SASE) architecture every networking and security team is now discussing.

Anurag Kahol, CTO, Bitglass

The rapid shift in how work gets done that we have seen over the last year has created considerable opportunity for data leakage. More than ever before, data can be easily accessed, downloaded, and shared beyond an organization’s secure perimeter. Modern security teams need modern DLP capabilities to ensure their sensitive information stays safe wherever it goes. With the right DLP solution, enterprises can enable remote work and digital transformation without compromising data security or privacy.

Such a solution should come with predefined identifiers for sensitive and regulated data patterns (PHI, PII, PCI) as well as provide the ability for admins to create custom patterns. Additionally, they should offer a breadth of detection mechanisms, from advanced regex and exact data match to MIME types and file fingerprinting.

Critically, an adopted solution needs to prevent leakage consistently and comprehensively across the cloud, the web, and the network. In this way, admins can forgo the need to manage disjointed point products, which will save them time (and reduce costs for their employers). With such a solution deployed, organizations can benefit from automated remediation measures such as blocking uploads to the web, encrypting files on download from on-premises resources, and quarantining sensitive files at rest within the cloud.

Moinul Khan, VP Product Management, Zscaler

With the seismic shift in remote work, organizations find that DLP initiatives have become more critical than ever. When selecting a solution, some key aspects are often overlooked that can significantly impact your success.

Distributed data and policy: With cloud app adoption and mobility, chances are your data is everywhere. Focus on solutions that can easily span all your cloud data channels – Web, SaaS, IaaS, PaaS – with one single policy. The last thing you want is multiple DLP policies everywhere. Make your life simple and focus on a unified platform.

Scaling SSL inspection: If you can’t scale SSL inspection now and in the future, you’re in trouble. All data loss happens in SSL, so look for high-performance cloud solutions that can easily scale inspection without the dreaded hardware refresh.

Security at the edge: Your users will be connecting from everywhere, often over the internet. A fully distributed cloud platform with the best data center footprint will ensure performance is lightning fast and close to the user. Avoid approaches that backhaul inspection to centralized data centers.

Contextual DLP: Lastly, make sure your solution is context and content aware. Getting context will help you quickly answer the “who” and “what” to make better policy decisions. Best-in-class content inspection will quickly find all your sensitive data, wherever it may be hiding.

Isaac Madan, CEO, Nightfall AI

With the rise of cloud data and remote work, new DLP needs have emerged that are not met by legacy network and endpoint solutions. If your organization works in the cloud, you need a DLP approach that works in the cloud, too. Cloud DLP is a young solution category – here are some tips on what to look for.

Smart. The foundation of a great cloud DLP solution is its detection engine – look for machine learning-trained detectors to do the heavy lifting of identifying potentially sensitive data. Ideally, the vendor will advance and update the detection engine for you.

Panoramic. The right solution will detect a wide range of data types in different contexts and file formats, out of the box. Broad scope should also apply to app coverage – look for a solution that integrates with a variety of cloud apps with minimal effort, plus a developer-centric API platform to extend coverage to any data silo as needed.

Flexible and lightweight. You want to mitigate DLP risk, but without preventing people from doing their jobs. A cloud DLP solution should allow you to easily configure flexible DLP policies that meet your organization’s needs with little to no end-user impact.

And of course, the right vendor will be modern, agile, and excited to partner with you in pioneering the cloud DLP frontier.

Oleg Melnikov, CTO, Acronis

Be it a malicious act or accidental, data is leaking out of our organization faster than we know it. Security vendors are fast to offer DLP technology as a solution to the problem. But the path to solving this problem is not simple.

The first step is to understand that DLP is not a solution, but a process, and if not planned correctly it will be long and painful. Selecting the right solution relies on the ability of the organization to understand what digital assets it holds, where they are located, where and how they should be communicated, and what the importance of such assets is.

It is then imperative to validate the breadth of platform coverage offered by the technology, i.e. making sure the chosen technology can cover all client environments and technologies (endpoint Windows, Mac, and Linux computers, cloud vendors, on-premise servers, databases, mobile, etc.). The tool needs to work independent of where the user and the data is located, be it at the office or from home.

Another important element is the resources that are required for running the solution. For example, how many servers will be required to run the solution and how many experts will be required for the daily management of it.

Mahesh Rachakonda, VP, SASE Products, Lookout

Remote work is here to stay – as BYOD gains acceptance, employees want the flexibility to work wherever they’d like, and how they feel most comfortable.

There are a few steps we recommend you to follow to make sure your data is safe.

Understand the needs first:

• Types of sensitive data, life cycle and classification
• Processing systems (internal, cloud & third-party) and connectivity. Break down the usage by data in transit, in use and at rest
• Nature of endpoints (managed & unmanaged) and location of users
• Regulatory and compliance requirements

Evaluate vendors:

• Ensure you have best coverage for your needs – DLP used to be for the endpoint or network. Now, BYOD connecting directly to the cloud is the most popular and a high-risk use case, so ensure that the solution can cover for data uploaded, downloaded, and shared from the cloud. Cloud DLP may require API-based scanning capability too.
• Data can appear in many forms – structured, unstructured, images and email. Scan all formats.
• Content-aware and intent-based actions should be paired with scan intelligence. Removing public links while keeping the data undisturbed, for example.
• Reducing false positives is essential. The vendor should provide a flexible rules engine based on pattern, keyword, OCR and exact data match, in a layered and customizable framework.
• Operationalizing DLP security should not be a burden for your administrators. Reduce the total cost of maintenance and upkeep.

Eli Sutton, VP, Global Operations, Teramind

When choosing a DLP solution that is right for your business, a crucial focal point is mapping out all known and potential vulnerabilities unique to your business and industry. Be sure to focus on vulnerabilities from both direct (malicious) and indirect (human error) user actions. Based on that you can analyze and compare your needs versus what is offered.

Ideally, the potential solution should include content discovery, digital inspection techniques and contextual analysis to identify and categorize sensitive data and IP. From there the solution must have the ability to monitor user actions while validating them against DLP rules (customizable to your specific needs) and take appropriate action if and when a rule condition is triggered.

However, be mindful that some solutions, while they may have a strong security offering, could potentially only serve to hamper the users ability to perform company tasks by creating unnecessary hurdles. So a balanced, user friendly DLP solution in today’s world is an absolute must and a 15-30 day proof of concept will give you a strong idea on whether or not it is a good fit for your organization.

My final suggestion would be to choose a vendor that is constantly innovating and ahead of the curve. Otherwise you will find yourself running the above process on a yearly basis.

Tommy Todd, VP of Security, Code42

The biggest concern when it comes to identifying the most effective DLP solution is that traditional options only monitor files that violate policies, so there can be large blindspots when policies are written incorrectly or are not comprehensive enough. It also makes it difficult to protect trade secrets and other intellectual property since those files don’t contain the same content patterns as regulated data. As a result, it’s far too often that data exposure is only identified once it’s too late.

In addition to the detection issues related to traditional DLP, these solutions also miss the mark when protecting the modern workplace. Most DLP solutions monitor a very specific network perimeter and rely on blocking access to certain applications or activities. That’s an ineffective approach for today’s highly-distributed, multi-cloud world.

Recent data shows that employees are being disrupted while trying to do legitimate work; 51% of IT security leaders receive daily or weekly complaints about mistakenly blocking legitimate employee file activity. In turn, employees find workarounds by working off- network or using unsanctioned applications to remain productive, which ultimately puts company data at greater risk. Fast-paced, collaborative and productive companies cannot afford to have this happen.

Security teams need to choose a solution that meets today’s working environment, one that does not block collaboration and allows employees to work together, is transparent and provides real-time visibility into employee data.

Greg Young, VP of Cybersecurity, Trend Micro

DLP is not a one-size-fits-all product. For example, an enterprise DLP is a big project with big benefits whereas a drop in DLP or simply activating a DLP feature within an incumbent product is limited, but easier. So, how should you decide? Don’t look at products or even mention one before identifying what you need and what the impact will be on operations and staffing.

A DLP solution won’t read your mind about what to consider important. Keep in mind compliance, as well as your general IT and data state. Data state and your level of maturity for data classification are what you are trying to protect. Ask yourself: is my target data sprinkled everywhere in various uncategorized forms, or is it recognizable, acknowledged and in a common format (like credit cards) that is usually only handled in a narrow part of the business?

Also consider how you do business with the data: do you want coverage for data at rest, in transmit, and/or data being processed? Can you deploy an endpoint agent or are your endpoints unmanaged? What about privacy? A heavy-handed DLP regime sounds great — but does your legal, ethical, and cultural state fit with decrypting or inspecting to that level?

It’s a complex selection, and one most about looking in the mirror rather than testing products.