Zscaler book

Learn how Zscaler enables work-from-anywhere.

Download the eBook today

Zscaler book

Learn how Zscaler enables work-from-anywhere.

Download the eBook today

What is DLP?

Today’s digital age has produced unprecedented amounts of data. Much of this data is considered sensitive, such as personal information about customers and employees, financial data, and intellectual property. This data is an organization’s lifeblood and the organization has been entrusted to keep it safe. In another day and age, this information was printed on paper and secured in a locked file cabinet. Now, these highly valuable zeros and ones race from one place to another, more vulnerable than ever. Thus, it has become incumbent on organizations to implement comprehensive data loss prevention (DLP) solutions.

DLP is a set of technologies and processes that monitors and inspects data on the corporate network to ensure sensitive data is not lost or stolen.

A DLP tool should always be part of an organization-wide data protection initiative, which gets business and IT leaders together to identify what constitutes “sensitive data” for the particular organization, and agree upon how this data should be used and what a violation would look like. These guidelines can then be translated into a set of rules within a DLP tool.

While many organizations have an incentive to deploy DLP to be compliant with regulations and to avoid fines or even restrictions to their business operations, data loss bears much broader financial and reputational risk, such as losing customers, incurring brand damage or even facing legal ramifications. With a well-defined DLP process that is bolstered by well-managed supporting technology, organizations are able to significantly reduce these risks.

From enterprise DLP to integrated DLP

DLP solutions have been around for 15 years and have reached a high level of maturity. The market has seen very little differentiation between Enterprise DLP solutions, compelling analyst firm Gartner to retire its Magic Quadrant for Enterprise DLP. Instead, Gartner is focusing on a market guide that highlights the importance of a holistic data protection strategy and educates readers on the use of integrated DLP solutions.

Traditional enterprise DLP solutions have typically provided a variety of products across all channels (endpoint, storage, in motion) on which data is either stored or passes through, and from which data can potentially be lost. And they all require a different set of tools or techniques to prevent data loss.

Digital transformation, however, has created a shift in user behavior and traffic patterns, placing more importance on securing the data that flows between endpoints, cloud applications, and storage with a data-in-motion/network DLP solution. This protection can be natively provided by technologies, such as secure web gateways, content management, or CASB, and is referred to as integrated DLP.

Enterprise DLP solutions are notorious for being overly complex and costly. Organizations that purchase enterprise DLP often end up using only a small subset of its capabilities and address only basic use cases that could be solved with an integrated DLP solution, thus sparing the organization from costly and time-intensive setup and integration.

By 2021, 90% of organizations will implement at least one form of integrated DLP, an increase from 50% today.

- Gartner

DLP can’t prevent data loss if it is blind to traffic

As organizations continue to move to the cloud, three challenges have emerged that leave network DLP solutions unable to see the traffic they are supposed to inspect:

  • Remote users: When relying on network DLP, the level of visibility and protection depends on where users are located. They can easily bypass inspection when off network, connecting directly to cloud applications.
  • Encryption: The tremendous growth of SSL-encrypted traffic has created a significant blind spot for network-based DLP.
  • Performance limitations: Traditional network DLP appliances have finite resources and can’t scale to inspect the constantly growing amount of internet traffic inline.

Data loss prevention in a cloud- and mobile-first world requires a new mindset and modern technology

To address the data protection challenges that have emerged with digital transformation and to overcome the shortcomings of traditional enterprise DLP solutions, it is not enough to reconfigure a traditional hardware stack for the cloud as it is inefficient and doesn’t provide the protections and services of a cloud-build solution. Any cloud-based DLP solution should provide the following three elements:

  • Identischer Schutz für alle Benutzer innerhalb und außerhalb des Netzwerks

    To provide comprehensive data protection, a DLP solution should provide identical protection to all users, regardless of their location, whether they are in the office, an airport lounge or a home office.
  • Inspection of encrypted traffic

    With more than 70 percent of today’s traffic being encrypted, it is incumbent upon organizations to inspect this traffic. The only way to get visibility into encrypted traffic is to use a DLP solution that natively inspects SSL.
  • Elastische Skalierbarkeit für die Inline-Überprüfung

    Eine Cloud-Lösung mit elastisch skalierbarer Untersuchungskapazität kann Datenverlust verhindern, indem sie den gesamten Traffic von vorneherein inline überprüft, statt sich auf Schadensbegrenzung zu beschränken, nachdem Daten kompromittiert wurden.

According to the Ponemon 2019 Cost of a Data Breach Study, 30 percent of organizations will experience a breach within two years which, on average, will result in a cost of $3.9 million and the loss of more than 25,000 records.

The Future of Network Security Is in the Cloud

Read Gartner Report

Was passierte mit dem Gartner DLP Magic Quadrant?

Blog lesen

The loss of non-regulated data costs more than you think

Blog lesen

Data Loss Prevention and Digital Transformation

Whitepaper herunterladen

Where your enterprise should start when it comes to data loss prevention

Steigendes Risiko und vermehrte Datenschutzbestimmungen erfordern, dass Organisationen die durch Cloud und Mobilität verursachten Sicherheitslücken schließen. Laut einer aktuellen Studie habenCybersicherheits-Insider festgestellt, dass die Verhinderung von Datenverlust bei IT-Verantwortlichen zweithöchste Priorität hat.

In the past, that would have meant adding more appliances to an already complex security stack. But there is a better way: With a cloud DLP solution that is part of a broader secure access service edge (SASE) platform organizations can close data protection gaps, regardless of where users connect from or where applications are hosted, while reducing IT cost and complexity.

Additional resources: