Data Centric Visibility to Prevent Cyber Attacks

The image of perimeter walls crumbling down around enterprise networks leads to the obvious conclusion that CISO teams had better start focusing on their data. The challenge is that visibility into structured and unstructured data in an enterprise requires a fundamentally different paradigm than the existing focus on servers, systems, and networks. Data loss prevention (DLP) is a start, but the modern enterprise security teams needs to have tools and processes that ensure full visibility, accountability, and protection from cyber attacks for all relevant business information. I recently sat down with Ken Levine, CEO of Digital Guardian, to solicit his expert views on DLP, data centric security, and trends in our industry.

EA: Ken, it is obvious across the cyber security community that DLP projects are one of the most important priorities in the enterprise. What do you think are the main factors driving this focus and interest in DLP?

KL: We see three main factors in the growing acceptance that DLP is a critical control in enterprise data protection. First, we see a growing acceptance that systems have already been breached. This recognition is certainly not good news, but it does produce the healthy view that with malware already existent in the enterprise, something had better also be in place to prevent sensitive data from leaking out – which is where DLP solutions are well-suited. Second, we see a daily drumbeat of enterprise attacks, many of which have involved prominent companies losing business data, sensitive information, and other assets. The Sony attack, for example, shone new light on the business impact of a data breach, and the C-suite seemed to notice. At Digital Guardian, we saw a noticeable uptick in inbound interest after the Sony attack, because security teams began to recognize how important it is to avoid leakage from endpoints, systems, and networks. Finally, a third factor is the improved delivery of DLP products and services to enterprise customers. For example, at Digital Guardian, we began offering an outsourcing DLP solution, because we saw the scarcity of security talent to manage the technology and the ongoing care and feeding required to have a successful data security program. Solutions like this are designed specifically to make it easier to deploy and use DLP.

EA: How exactly is cloud DLP different from on-premise data loss prevention products and services?

KL: Both cloud and on-premise DLP have the same goal, and that is to prevent data from leaking into unauthorized hands, either as a result of unintentional or deliberate action. Cloud-based DLP solutions are focused on protecting customer sensitive data as it moves to and from the cloud. This complements similar offerings focused on providing DLP for the network, enterprise, and endpoint. These are all offered either on-premises or outsourced to Digital Guardian experts. Our product, Digital Guardian for Cloud Data Loss Prevention, integrates with leading cloud storage providers such as Box, Citrix and Microsoft to extend DLP policies to the cloud. This solution is a good example of the type of capabilities security teams should be looking for in their DLP. For example, they should be demanding accurate sensitive data discovery for cloud storage; they should demand continuous protection of files that have been uploaded from the cloud; they should require automatic remediation according to enterprise policies; and they should demand instant alerts sent to the appropriate administrator and data owner when some event or action require attention. As more corporations rely on cloud technologies, it’s important they take the proper steps to protect their sensitive data as it moves outside the traditional IT security perimeter.

EA: What are some of the biggest challenges and opportunities you expect to see in the cyber security market over the next five years?

KL: In the next five years, there will be an increase in sophisticated targeted attacks, which will force a convergence to happen within endpoint detection and response, endpoint protection platforms, and endpoint DLP. This might be driven at the product level by mergers and acquisitions, as the larger vendors integrate the capabilities of smaller, feature-specific security vendors. Another trend is that given the continued talent shortage, security teams will come to rely even more on automated protection platforms. CISO teams can no longer employ disparate systems that require scarce resources to log into and manage a variety of separate panes of glass. They will instead demand an endpoint command center where they can access endpoint health, and instantly react based on their diagnosis – whether that means applying a browser patch, fully quarantining a device to suspected malware infection, or some other actions. A third trend will be greater data awareness at the endpoint. Security professionals will have complete visibility into the sensitive data accessed on the device and enable policies and controls to protect it at rest, in motion and in use.