Well, that only took 10 years. It is amazing to realize, that given the speed of innovation and significant technological advances in the world of cybersecurity, it took over a decade to develop a practical solution to help small to midsize organizations protect their information from a malicious or accidental data breach. Information that is amongst not only the most vital and personal for these organizations, but information that lies at the heart of its operation and is critical to help serve the local community.
The traditional DLP challenge
While SMBs and public sector organizations were not the primary target for cyber-attacks and data breaches when DLP solutions were first brought to market, newer automated threats via malware and data theft monetization strategies (i.e. identify theft, ransomware, etc.) have made it more efficient and profitable to focus on smaller organizations that were apparently in the clear. However, traditional DLP solutions were designed for larger organizations with extensive IT resources and budgets to manage the complex deployments and maintenance headaches (i.e. tremendous false positives, quarantines reviews and releases, etc.) known to be common with older and heavy-handed data loss prevention tools. As a result, the likes of SMBs, educational institutions and local county and city government organizations were faced to deal with an ever increasing set of information-borne threats and compliance regulations without a practical DLP option.
The wait for a practical DLP solution is over
Designed to be straightforward, agile and cost-effective, the next generation of Adaptive DLP solutions has now made critical information protection practical for organizations that are faced with limited IT personnel resources and budgets, are moving more of their operations to the cloud and mobile applications, and face more complex cyber threats and compliance regulations (PCI, HIPPA, FERPA, GLBA, etc).
Here are 8 reasons DLP is now a practical option for any size organization:
1) Provides critical information protection without disruption
Newly designed Adaptive DLP offers a unique, non-disruptive approach to protecting the unauthorized disclosure of sensitive data wherever it lives – at the endpoint, on premise or in the cloud. While traditional solutions, can ‘stop and block’ questionable communications and digital processes, A-DLP presents a new option: automatically removing only the sensitive information (credit cards, students IDs, healthcare details, social security numbers, etc.) and malicious content as it passes in and out of the organization’s network without the need for human intervention, allowing the rest of the business activity to continue.
2) Simplifies and consolidates more security in fewer tools
Technology sprawl of multiple, overlapping tools and manual processes can play havoc on any size organization, let alone those with limited IT administration resources. Adaptive DLP provides a single, simplified solution that is more complete for small to midsize organizations.
Data Loss Prevention – In addition to the new, non-disruptive approach to critical information, Adaptive DLP can also identify and remove sensitive or critical data that often goes unnoticed as false negatives in smaller and midsize organizations (i.e. hidden metadata, revision information and auto-saved data associated with documents and images) before it leaves the organization.
Advanced Threat Protection – Enables a proactive approach to preventing a data breach at the initial point of attack. Newer cyberattacks are going unnoticed by major AV scans and basic hygiene. Organizations need to prevent more advanced malware and APTs from creating a breach at the start by removing malicious, active content from entering the network.
Automated Sanitization and Data Redaction for Legal Reviews and Compliance – Prevents the leak of sensitive data by automating the sanitization of important documents and messages common with legal reviews and compliance procedures.
3) Enables and secures the move to cloud and mobile applications
Cloud and mobile applications offer tremendous agility and operational benefits for smaller and midsize organizations that simply don’t have the necessary infrastructure to scale their collaboration and innovation. Adaptive DLP removes the hesitation and barriers to adopt technologies such as hosted email, cloud storage and collaboration, social media and more by ensuring information that shared in and out of these tools is safe and doesn’t risk its exposure to unauthorized access.
4) Allows for rapid and phased roll-outs based on available resources and risk priority
Smaller and midsize organizations with limited IT resources can deploy Adaptive DLP in minutes – no need for weeks of intrusive services required for implementation. In addition, organizations can phase their roll-out by risk priority, department and budget/resource availability. For example, Adaptive DLP can be first rolled-out to protect email, which continues to be the sources of a majority of malicious attacks and accidental data breaches, then expanded to secure web, social media, and cloud applications, finally DLP can be extended to cover the endpoints.
5) Integrates with existing IT security tools, no rip and replace
Adaptive DLP enhances and leverages investments made in existing IT security tools (i.e. Cisco, Symantec, Microsoft, Sophos, F5, Blue Coat, etc.) or the basic security functionality provided in hosted cloud solutions (i.e. Office 365) by simply plugging-in and adding a deeper layer of sanitization and DLP.
6) Prevents false positives
False positives were the absolute showstopper for a number of organizations that deployed traditional DLP. In fact, they have been known to be so disruptive and overwhelming that organizations significantly scaled back their initial deployment or designated it to shelfware status. Adaptive DLP’s ability to redact only the sensitive data that breaks policy allows the rest of the communication or web sharing of information to continue and all but eliminates false positives.
7) Offers a cost-effective solution for all size budgets
SMBs, education and local government organizations now have an affordable DLP option. Often 2 to 3 times less expensive than the high-price tag and extensive service fees associated with traditional DLP, Adaptive DLP also helps organizations reduce costs associated with managing false positives, distributed reviews and releases to direct supervisors and the need to purchase multiple security tools (i.e. Anti-malware, legal redaction and sanitization, PCI compliance, etc.).
8) Protects the organization’s reputational image and trust.
New data breach notification laws rolling out and the legal precedent from recent, costly settlements are requiring organizations to step-up their security practices to protect the privacy of their customers, students, and citizens. Preventing excessive costs associated to a data breach goes beyond fines, lawsuits or keeping business leaders and elected public officials out of the headlines, but helps ensure trust in the institutions that serve as the backbone of our local communities.
The introduction of Adaptive DLP (A-DLP) has now truly made critical information protection practical for SMB, education and local government organizationsand will significantly help secure the information and people that they support.
By: Scott Kosciuk, Clearswift North America