Why you need to rethink your data security strategy and move beyond DLP



The increasing frequency and scale of data breaches has highlighted the need for organizations to rethink their approach to data security. Data loss prevention (DLP) technologies have been around for decades and form a large part of the data protection strategies of many organizations. However, there is ample evidence that DLP and other traditional security controls such as perimeter controls, endpoint protection, and privileged access management (PAM) have failed to prevent breaches. large-scale data.

In fact, the number of data breaches is increasing by over 30% each year, and the number of compromised records each year is increasing by an average of 224%. To put this in context, in January 2021 alone, we saw over 870 million compromised records, which is more than the total number of compromised records for the whole of 2017.

While yes, part of the increase in breaches can be attributed to organizations creating and collecting more data than ever before, another part is due to the lack of attention paid to database security.

Modern data security must include database security

The modern way that data is collected involves applications and APIs that directly send the data collected from end users to a database. As a result, today there are huge amounts of critical business data stored in databases. However, many organizations have not focused enough on developing comprehensive data security strategies that incorporate more in-depth monitoring and controls around the datastore itself.

Historically, organizations have paid little attention to the area of ​​database security and instead have asked security teams to monitor the small segment of the data park that ensures regulatory compliance. However, this strategy no longer makes sense when you consider the growth of giant data parks that organizations manage in increasingly complex environments. To mitigate security risks, organizations should make database security, not just compliance, the primary goal of their data protection strategy. Securing data at its source and understanding how it is accessed and used is very important if we are to identify anomalous data accesses and take action before it becomes a large-scale data breach.

DLP still leaves gaps in data security

Many organizations rely heavily on DLP to protect their data. However, the complexity of defining and maintaining allow / deny policies in traditional DLP leaves significant gaps in data protection. A recent survey from Osterman Research found that 68% of cybersecurity professionals said existing DLP tools are difficult to configure, 60% said they are difficult to maintain, and 51% said DLP cannot not prevent data exfiltration.

Former Gartner analyst Mike Wonham sums up the challenges:

“What hurts DLP analysts is the context – the need to assess each instance and decide whether Alice should be allowed to do it, Bob this and Chris the other.

At the end of the day, security managers struggle to have the insight to make those decisions, and sales managers are reluctant to block things when productivity is at stake.

The scenarios are getting more complex and DLP providers need to rethink to allow them to reset their solutions and allow customers to realize value. The situation has become critical due to mobility, business interconnections, the proliferation of data types, regulations and of course the cloud.

As a concept, DLP for data-on-the-fly appears to allow and solve a number of problems. But in today’s market, it’s like riding a horse and cart on a modern freeway – good idea, bad execution, potentially dangerous, and HARD WORK.

Rather, I suggest … that the demand for DLP for data in motion increases and will continue to do so. But the scenarios are getting more complex and DLP vendors need to rethink to allow them to reset their solutions and allow customers to realize value.1

Due to the complexity of implementing DLP and the ongoing investment required to review and update DLP policies, many organizations fail to achieve a good return on investment. In fact, Gartner research consistently shows that organizations are getting far more DLP functionality than they can absorb and have deployed.2. A Gartner article on DLP stated: “Wanting to do too many things at once with DLP technology will often lead to doing nothing, while seeking to do less will lead to doing them well.3. “

Main challenges of data protection

Beyond these DLP-related challenges in particular, a recent Forrester report found that organizations face three common data protection challenges:

  1. Need better data protection. With the growing amount of data comes the responsibility of ensuring that protection against a wide variety of possible breaches and breaches is adequate. In their legacy environments, organizations were unable to sort through the growing number of data access behaviors through anomaly detection, data classification, data access rights, and vulnerability assessment .
  2. Lack of readily available and constructive analyzes. Lacking the ability to easily access historical data, organizations lacked visibility into the data access activity they needed to accurately assess their data security positions and meet regulatory requirements. Without quick access to accurate analytics, organizations have faced lengthy incident investigations, unresolved inquiries, and inefficient audit processes, often followed by penalties and fines.
  3. Increased licensing and expensive storage requirements. Faced with a rapidly growing daily influx of log data, surveyed organizations faced growing and expensive storage and licensing requirements that collected, aggregated, and hosted hard-to-access and sometimes redundant data. They were looking for a platform that offered an improved compression ratio, allowing longer audit data retention periods and eliminating expensive storage costs and appliance requirements.

Protect your data and get a return on investment

The Forrester Report found that businesses can solve these problems and realize a significant return on investment by embracing Imperva Sonar for data protection. Imperva Sonar is a database monitoring and security management solution that protects data by continuously analyzing the access behaviors of users, processes, and applications.

Using the composite results of Imperva’s deployment in five customer environments, Forrester Research discovered these quantitative benefits:

  • Received a Net Present Value (NPV) of US $ 4.1 million over 3 years, including:
    • Save US $ 2.9 million in security and compliance staff time
    • Reduced infrastructure and storage costs by US $ 1.7 million
    • License reduction US $ 1.4 million
    • Reallocation of FTE resources of US $ 722,000
  • Achieved 152% ROI
  • Return on investment achieved in less than six months

Compliance management

Another critical risk that businesses must manage when it comes to their data is privacy. Regulations and compliance controls hold organizations financially responsible for the security and privacy of data in their environment. It is therefore essential for organizations to be able to discover, identify and classify personal data on all of their assets.

Imperva has leveraged its expertise in database discovery, data classification, and sensitive data management to ease the difficult task of identifying all the places personal data is stored in an environment, and who and what. access it.

With Imperva Sonar, businesses can streamline compliance and data privacy protection and minimize the manual processes required to maintain ongoing compliance while saving time and money.

Adopt a defense-in-depth strategy

Businesses today need security solutions that protect data and all of its paths. The best way to do this is to use security that offers true defense in depth from the edge to the applications and the data itself. The ideal scenario is a “layered” security model where malicious actors must pass through multiple doors in order to execute an attack, without introducing latency or compromising critical business processes.

DLP is just one line of defense in this “layered” security model. Organizations can further reduce the attack surface by securing their database environments. Continuous execution of Discoveries and Assessments (DAS) to locate sensitive information and find security breaches is a great way to stay on top of your organization’s security posture and eliminate bad practices within. the database environment. These practices, combined with the implementation of security products such as Web Application and API Protection (WAAP), Database Security and Database Risk Analysis (DRA), and Adopting good security practices, such as frequent patches, excessive privilege dilution, and strong authentication mechanisms, can help prevent a data breach.

Protecting your organization’s data is a never-ending process, you should always strive to optimize your security architecture, policies and practices, both for your assets and your employees.

1Wonham, Mike. “It’s a complex world and DLP struggles. »Gartner Blog, October 22, 2020,
2Chuvakine, Anton. “My Second DLP Post Post,” Gartner Blog, April 18, 2013
3Chuvakine, Anton. Gartner Blog “My First DLP Articles” published, March 15, 2013

The article Why you need to rethink your data security strategy and move beyond DLP appeared first on Blog.

*** This is a syndicated Security Bloggers Network Blog blog written by Reinhart Hansen. Read the original post on: https://www.imperva.com/blog/why-you-need-to-rethink-your-data-security-strategy-and-go-beyond-dlp/



About Author

Comments are closed.