The Evolution Of Data Protection – Forbes

Data protection solutions are finally evolving to the current state of data: distributed, cloud-centric and always-on. Data used to only exist within the corporate network on devices that never left the physical protection of the company.

Data loss prevention (DLP) has been the default solution for protecting data. It's literally in the name. What countless organizations have determined is that DLP doesn't stop breaches, but it does generate extremely high operational overhead. The same is true for other legacy solutions such as pretty good privacy (PGP) and information rights management (IRM).

DLP is only as good as the classification rigidity enforced by the organization. Classification is always too rigid and can't keep up with fluid data movement. For DLP to prevent data from egress, data must be classified correctly. Classification is complicated and fragile. What is sensitive today is not sensitive tomorrow and vice versa. Classification turns into an endless battle of users trying to manage the classification of data. Ultimately, classification and DLP deteriorate over time. DLP adds an extremely high operational overhead, as it requires users to be classification superstars, and even then, mistakes will happen. Desjardins Group, a Canadian bank, recently made news for a malicious insider who obtained information on 2.7 million customers and over 170,000 businesses. The exact details of the breach haven't been made public yet, but DLP solutions are standard in all financial institutions.

PGP's encryption is a privacy tool. Users can encrypt their data so others can't access it, but PGP fails once users try to share data with other users. Once a user distributes the encryption key, the user has completely lost control of the data. Anyone with the key can decrypt the data and transfer the unprotected data as they wish. PGP was never intended to secure an organization's data set. Wired Magazine went as far as claiming PGP is dead.

IRM is limited to a small set of applications. Typically focused on Office documents, IRM can protect data with significant depth of protection such as blocking copy and paste, blocking save as, blocking print, etc. Blocking copy and paste adds overhead to users, however. For organizations that only work with Word and Excel files, IRM may be an acceptable solution. Organizations that need to protect any non-Office will need to find another solution. IRM only works with a limited list of applications and versions. Even Microsoft Azure Information Protection has significant restrictions on file types and sizes.

A New Approach to Data Protection

A new wave of solutions has appeared in the market to significantly shift the focus of data protection. Here are four criteria to measure data protection in the solutions you're currently considering:

Data Protection Vs. File Protection

Protecting files is no longer the focus. Data should be protected and continue to be protected as it moves from file to file and format to format. A file is simply the container to store data. Ensure solutions are capable of automatically protecting derivative work, including copy and paste and save-as.

Identity Authentication Vs. Device Or Location Authentication

Access control should be associated with a user identity and not devices, locations, or networks. Having a unified and centralized identity and access management solution will allow for all security permissions to be applied across multiple data protection solutions.

Data DNA Vs. Classification

Protection criteria should not be based on file classification, but rather the actual data DNA. As sensitive data is moved, protection needs to follow data. Classification is too manual and adds too much operational overhead to users.

Transparency Vs. Usability

Legacy solutions added operational overhead to end-users. The best data security solutions are the ones that are not visible to end-users. Don't ask users to change their behavior in the name of data protection. Only unauthorized users should notice security is in place. Data protection solutions also have to protect a broad range of applications, file types, sizes, etc. The more limitations the solution has, the less practical it will be.

With the rise of new data protection solutions, organizations need to review new solutions and replace legacy solutions that aren't capable of protecting data in today's data workflow and increased scrutiny on data security and privacy.

Read the original:
The Evolution Of Data Protection - Forbes

Related Posts
This entry was posted in $1$s. Bookmark the permalink.