What is Adaptive Data Loss Prevention?

Animation

We are often asked the question, “What is Adaptive Data Loss Prevention, and how is it different from traditional DLP?” Many security folks are familiar with DLP and its benefits and drawbacks, but they aren’t aware of an alternative that can provide all of the benefits with far fewer obstacles. Let me enlighten you.

What is Traditional DLP?

Data Loss Prevention, or DLP, has been around for over a decade and is a mixture of policy and process, coupled with technology to ensure sensitive data is not leaked outside an organization or shared without the proper authorization. The technology is designed to stop breaches in their tracks by identifying sensitive information and then quarantining anything that might be deemed a possible risk by the IT department. It can then be reviewed and released if it does not pose a risk. While this approach has served its purpose as in immediate stop-gap solution in severe situations, it has proven to be extremely burdensome and costly for most organizations by trapping countless emails, file sharing attempts and business communications in a holding pattern. This causes a huge backlog for IT to slog through, as most of the quarantined files are false positives, held in error. The result is a slowing down of important client correspondence. Traditional DLP technologies have caused so much frustration, that it’s not uncommon for a company to deploy a DLP solution and then turnaround and disable it because it was causing such a hassle for business operations and employees. This makes DLP possibly one of the most costly “shelfware” IT security solutions in history.

Unfortunately, DLP is needed now more than ever. With more advanced cyber-attacks, more critical applications being hosted in cloud, and the adoption of collaboration tools in a Shadow IT-fashion like DropBox, Google Drive or Box, organizations have never been at a higher risk of losing sensitive information. Additionally, the proliferation of new communications tools in the form of social media, mobile personal devices and BYOD policies, also make it even more important than ever to put a companywide emphasis on security. These applications that help workers be more productive, come with inherent risks that every user in an organization needs to be aware of. The main problem is that if employees feel that DLP slows them down and hurts their ability to do business, they won’t use it. Businesses have adapted and continue to do so, security solutions need to do the same. This is where Adaptive Data Loss Prevention (A-DLP) comes in.

What is Adaptive DLP?

Adaptive DLP, or A-DLP was born out of the critical need for a DLP solution that doesn’t hinder business operations. The industry needed a solution that could deal with evolving workforce needs and new risks from information-borne threats. It would also need to understand not just the content but also the context of the communication. A-DLP is the next generation, non-disruptive solution which supports continuous collaboration, avoids business interruption and mitigates the risk of financial or reputational damage caused by the unauthorized disclosure of sensitive data wherever it lives – at the endpoint, on premise or in the cloud.

While traditional solutions, can ‘stop and block’ communication, A-DLP presents a new option: automatically removing sensitive information and malicious content as it passes in and out of a company network without the need for human intervention, allowing the rest of the communication to continue - without holding it hostage in quarantine.

A-DLP removes only the content that breaks policy, for example personal information, credit card details, or healthcare identifiers. A-DLP is made possible by deploying advanced Deep Content Inspection (DCI) which goes beyond what is often overlooked by traditional DLP solutions.
By understanding document structures, A-DLP removes active content and the risk of malicious code buried in email attachments or web downloads, making it a highly cost-effective way of preventing malware from entering the environment. DCI in A-DLP can also remove hidden metadata, revision information and auto-saved data associated with documents and images before they leave the organization, preventing reputational damage.

Why context matters

Understanding content is a key piece to A-DLP, but context also needs to be included in the automated policy and decision making process. Who is sending or uploading the document? How are they doing this? A-DLP can adjust its behavior based on the context. For example, one person and one document containing critical information. If they email it – it gets encrypted. If they tried to upload it to a website, it is redacted (the critical information which breaks policy is removed). If they try to copy it to a USB stick, it’s blocked. This flexibility can extend to groups. For example, the legal department may be only ones who can email Intellectual Property, or the finance team is only allowed to email the end of quarter numbers in the last two weeks of the quarter to a restricted list (internally or externally). A-DLP is not just about information traversing the boundary, it can enforce internal polices as well.

Why does A-DLP matter to your business?

If you are running a company, you will have critical information, and any information considered confidential or sensitive needs to be protected. You need to have policies and technology in place to protect that information from being leaked, lost or stolen, but you will also want to create an environment that fosters optimum productivity. Traditional DLP can create frustration leading employees to either disable the system or work around it – creating even more risk. Employees have been known to circumvent an email being quarantined by using personal email to bypass corporate email security. This demonstrates the need to protect all the potential communication channels, leaving nothing to chance. A-DLP provides a solution which adapts to meet the needs of your organization. By preventing attacks and protecting your sensitive information, A-DLP enables better collaboration with your partners and customers, as well as, keeping your critical information safe, providing security that enables your employees instead of working against them.

By Dr. Guy Bunker

Additional Information:

Related Articles: