Network, Endpoint, and Cloud DLP: A Quick Guide
At the beginning of 2019, 60% of companies responding to the Insider Threat Report survey reported that they were planning to implement a data loss prevention (DLP) solution. For a few years, organizations have been aware that they need to add data loss prevention (DLP) tools and software to their technology stack in order to safeguard sensitive information collected and stored`
However, there’s a common misconception that DLP is just one “thing”. In fact, DLP involves a range of different tools and software solutions that are designed to protect your data via your network, devices, and storage
Data loss prevention can be secured on the network, endpoint, or cloud solution layer. Understanding how these different types of DLP solutions work is necessary for designing a secure system to lower the risk of insider threat and prevent malicious hackers from accessing your sensitive information. Here’s the difference between endpoint, cloud, and network DLP and why your organization should consider a holistic approach to data security encompassing protection on multiple fronts.
What is network DLP?
Network data loss prevention is a set of tools and practices that secure an organization’s network communications: including, but not limited to email, web applications, and data transfer mechanisms like FTP. Network DLP is a key component of network security, a type of cybersecurity that protects computer networks and data using both software and hardware at an organization.
Network DLP is concerned primarily with traffic on email, webmail, and web applications –– communications that happen over the company network. Network DLP tools scan email subject lines, messages, and attachments for sensitive content. They may be used to encrypt email messages, or to block web applications that could expose data.
Network DLP is often at the heart of the overlap between privacy and security. “Network data loss prevention solutions [are] commonly used for meeting regulatory compliance requirements including PCI-DSS, HIPAA, HITECH, GLBA, and Sarbanes-Oxley, among others. Many of these regulations have overlapping requirements for compliance that can be met by network DLP solutions, including the ability to monitor and control regulated data, restrict data access or transmissions, encrypt regulated data, and identify regulated data as well as repositories containing that data,” describes Digital Guardian.
Network DLP is a component of a more traditional DLP approach, and experts warn that it doesn’t protect against insider threat. Insider threat is any action from an employee or other internal resource that compromises the security of an organization’s systems. To protect against the accidental – or malicious – risk of insider threat, additional DLP solutions must be deployed.
Network DLP vs. endpoint DLP
The easiest way to think about how different DLP solutions compare is to understand how the data will be used. As it relates to security, data is categorized into three groups: data in use, data at rest, and data in motion.
- Data in use relates to when data is being accessed within a system at any time. Security gaps can occur as data is used, undergoes updates, readings, and even erasures across a network or database.
- Data in motion means when data is in transit, both on and off the network or database. A typical security vulnerability for data in motion is when users send sensitive data to personal email accounts or cloud drives to work remotely.
- Data at rest refers to where data is located on a network or database. Insecure storage locations and unencrypted backup copies of sensitive data pose the biggest risks for data at rest.
With these categories in mind, we can begin to understand how network, endpoint, and cloud DLP solutions work together to protect your company’s information. Network DLP protects and monitors all data in use, in motion, or at rest on the company’s network. Endpoint DLP, on the other hand, monitors endpoints: servers, computers, laptops, and mobile devices on which data is used, moved, or saved.
Endpoint DLP solutions are particularly important as companies are supportive of employees bringing their own devices to work. Any device on which data is used, moved or saved can leverage endpoint DLP security to prevent data leakage, loss or misuse. And, as we all shift to remote work tools like Slack and Google Drive, cloud DLP solutions make up the missing piece of the entire DLP puzzle.
The missing piece: cloud DLP
Cloud data loss prevention is a subset of network DLP specifically designed to protect data stored in the cloud. A cloud DLP will scan and audit data to detect and encrypt PII and other valuable information shared across IaaS, PaaS, and SaaS programs.
Organizations need to have cloud DLP on top of network and endpoint DLP. Traditional DLP platforms focus on securing data in use – on laptops, phones, servers and networks. Data in motion and data at rest from an unauthorized device or from an authorized device not within the company network will remain largely vulnerable. Likewise, traditional network and endpoint security solutions lack the visibility into cloud applications and cloud data infrastructure – tools many businesses are using more frequently as we move toward remote work.
Nightfall is the industry’s first cloud-native DLP platform focused on discovering, classifying and protecting data in the cloud by integrating directly with popular platforms – like Slack, Jira, and Google Drive on the API level. We leverage machine learning to scan data and its surrounding context. This allows Nightfall to scan both structured and unstructured data with high levels of accuracy.
Learn more about Nightfall’s cloud DLP by scheduling a demo at the link below.