At the beginning of 2019, 60% of companies responding to the Insider Threat Report survey reported that they were planning to implement a data loss prevention (DLP) solution. Since then, the stakes have only grown higher. McKinsey reports that 2021 was the worst year on record for breaches of enterprise data.
Organizations know that they need to add data loss prevention (DLP) tools and software to their technology stack in order to safeguard collected and stored sensitive information.
And, as managing cybersecurity becomes more complex, organizations are realizing it’s not just enough to implement a single data loss prevention tool and call it a day. DLP not just one “thing” — and approaches to DLP have changed in recent years, due to improvements in data inspection, data discovery, exfiltration notification, data management, and other approaches. Today’s DLP tools look very different than their predecessors.
The speed at which this important practice and its technologies have advanced makes it difficult for enterprises to know where to start.
In this quick guide, we’ll help clear up some of the confusion. Data loss prevention can be secured on the network, endpoint, or cloud solution layers. Understanding how these different types of DLP solutions work is necessary to design a secure system, lower the risk of insider threat, and prevent malicious hackers from accessing your sensitive information.
What is network DLP?
Network data loss prevention is a set of tools and practices that secure an organization’s network communications, including, but not limited to: email, web applications, and data transfer mechanisms like FTP.
Network DLP is a key component of network security, a type of cybersecurity that protects computer networks and data using both software and hardware at an organization.
What does network DLP do? Network data loss prevention is concerned primarily with traffic on email, webmail, and web applications –– communications that happen over the company network. Network DLP tools scan email subject lines, messages, and attachments for sensitive content. They may be used to encrypt email messages, or to block web applications that could expose data.
Network DLP is often at the heart of the overlap between privacy and security. These tools are commonly used to meet compliance regimes, such as PCI-DSS, HIPPA, GLBA, and others. Network DLP tools monitor and control data, restrict user access, encrypt, and identify regulated data in different platforms, repositories, and devices.
Network DLP is a component of a more traditional DLP approach, and experts warn that it doesn’t always protect against insider threat. For this reason, network DLP approaches and tools are the first layer of protection; but other types of data loss prevention should be deployed to create a system of checks and failsafes.
Network DLP vs. endpoint DLP
The easiest way to think about how different DLP solutions compare is to understand how the data will be used. As it relates to security, data is categorized into three groups: data in use, data at rest, and data in motion.
- Data in use relates to when data is being accessed within a system at any time. Security gaps can occur as data is used, undergoes updates, readings, and even erasures across a network or database.
- Data in motion means when data is in transit, both on and off the network or database. A typical security vulnerability for data in motion is when users send sensitive data to personal email accounts or cloud drives to work remotely.
- Data at rest refers to where data is located on a network or database. Insecure storage locations and unencrypted backup copies of sensitive data pose the biggest risks for data at rest.
With these categories in mind, we can begin to understand how network, endpoint, and cloud DLP solutions work together to protect your company’s information.
The difference between network and endpoint DLP comes down to the state of the data. Network DLP protects and monitors all data in use, in motion, or at rest on the company’s network. Endpoint DLP, on the other hand, monitors endpoints: servers, computers, laptops, and mobile devices on which data is used, moved, or saved.
Endpoint DLP solutions are particularly important as companies continue to support hybrid/remote work and allow employees to use their own devices. Any device on which data is used, moved or saved can leverage endpoint DLP security to prevent data leakage, loss or misuse. And, for tools like Slack and Google Workspace, cloud DLP solutions make up the missing piece of the entire DLP puzzle.
The missing piece: cloud DLP
Cloud data loss prevention is a subset of network DLP specifically designed to protect data stored in the cloud. A cloud DLP will scan and audit data to detect and encrypt PII and other valuable information shared across IaaS, PaaS, and SaaS programs.
And yes, organizations need to have cloud DLP on top of network and endpoint DLP.
Traditional DLP platforms focus on securing data in use – on laptops, phones, servers and networks. Data in motion and data at rest from an unauthorized device or from an authorized device not within the company network will remain largely vulnerable. Likewise, traditional network and endpoint security solutions lack the visibility into cloud applications and cloud data infrastructure – tools many businesses are using more frequently as we move toward remote work.
Nightfall is the industry’s first cloud-native DLP platform focused on discovering, classifying, and protecting data in the cloud by integrating directly with popular platforms – like Slack, Jira, and Google Drive on the API level. We leverage machine learning to scan data and its surrounding context.
McKinsey’s analysis suggests that machine learning and AI are critical components to add to your DLP capabilities. “Developing in-house capabilities in advanced analytics and artificial intelligence enables organizations to not only improve their own in-house data-management solutions but also better integrate vendor tools and gain a clearer picture of their data-loss risk, making incidents easier to prevent and contain,” wrote their 2022 study.
Nightfall’s AI is configured to scan both structured and unstructured data with high levels of accuracy. As a result, security teams save time, pinpoint vulnerabilities more efficiently, and are more likely to remedy issues before they can be exploited.
Learn more about Nightfall’s cloud DLP by scheduling a demo at the link below.