Info-Tech Research Group blueprint helps security teams build a data loss prevention strategy aligned with their organization’s security program and architecture.
Driven by reduced operational costs and improved agility, the migration to cloud services continues to steadily grow. At the same time, organizations must prevent the misuse and leakage of data, especially sensitive data, regardless of where it’s stored. Moving to the cloud poses unique challenges for cybersecurity practitioners, such as compliance obligations and mitigating insider threats without impacting legitimate business access. Furthermore, all stages of the data lifecycle exist in the cloud, and all stages provide the opportunity for data loss.
To help security teams build a data loss prevention strategy aligned with their organization’s security program and architecture, global research and advisory firm Info-Tech Research Group has published its latest blueprint, Prevent Data Loss Across Cloud and Hybrid Environments.
“Cloud services do not offer the same level of management and control over resources as traditional IT approaches. The result can be reduced visibility of data in cloud services and reduced ability to apply controls to that data, particularly data loss prevention (DLP) controls,” said Bob Wilson, research director at Info-Tech Research Group. “It’s not unusual for organizations to approach DLP as a point solution. Many DLP solutions are marketed as such. The truth is, DLP is a complex program that uses many different parts of an organization’s security program and architecture.”
DLP: Striking A Balance
According to Info-Tech’s research, data loss prevention doesn’t depend on a single tool. Many of the leading cloud service providers offer DLP controls with their services, and the firm states that these controls should be carefully considered. As organizations increasingly move data into the cloud, their environments become more complex and vulnerable to insider threats.
“Insider threats are a primary concern, but employees must be able to access data to perform their duties,” explains Wilson. “It isn’t always easy to strike a balance between adequate access and being too restrictive with controls.”
Furthermore, it’s not uncommon for an organization not to know what data they use, where that data exists, or how they are supposed to protect it. Cloud systems, especially software as a service (SaaS) applications, may not provide much visibility into how that data is stored or protected.
“To successfully implement DLP for data in the cloud, an organization should leverage existing security controls and integrate DLP tools, whether newly acquired or available in cloud services, with its existing security program,” adds Wilson.
Info-Tech’s blueprint highlights that DLP is a set of technologies and processes that provides additional data protection by identifying, monitoring, and preventing data from being illicitly used or transmitted. DLP depends on many components of a mature security program, including but not limited to acceptable use policies, data classification policies, data handling guidelines, and effective identity and access management.
The research blueprint outlines some of the tactics that organizations can use to achieve DLP:
- Identify: Data is detected using policies, rules, and patterns.
- Monitor: Data is flagged, and data activity is logged.
- Prevent: Action is taken on data once it has been detected.
Info-Tech advises organizations to start applying DLP with the most critical data, as applying it to all data may not be feasible. Additionally, the firm emphasizes the fact that DLP should be considered a secondary layer of protection and that an existing security program should do most of the work to prevent data misuse.