With POPI on the horizon, businesses are looking to technology to prevent and control the unauthorised use of information, be it accidental or deliberate. A solid chain of security links is vital in preventing any breaches, and data loss prevention (DLP) is one of the major links in that chain.
DLP prevents unauthorised access and loss of sensitive data, and therefore should reduce risk to the business, as well as ensuring that highly confidential data is secure, and meets compliance and confidentiality policies. While there is no doubt that DLP is therefore a vital element of the compliance and privacy conversation, many companies that have implemented DLP have still suffered data losses.
The reason for this, says John Mc Loughlin, Managing Director of J2 Software, is that many DLP tools do not offer a fully comprehensive approach. “Despite spending billions on DLP technology, enterprises still leak data every day. We repeatedly hear the same stories from companies struggling to get value out of DLP. Dtex Systems, the developer of SystemSkan recently conducted research into the main causes of DLP failure, and found a number of aggravating factors.”
He says many of companies surveyed reported ripping out DLP after small installations failed, because huge DLP tools bogged down computers, choked networks, and required massive servers to deploy. In addition, many organisations can’t afford the large team it takes to configure and maintain the complex rules in a typical DLP deployment. Instead, companies fall back to a few basic, intrusive rules (e.g., “block all USB devices” and “no usage of Facebook”.
“In nearly every risk assessment performed, it was found that DLP systems are not performing as they should. DLP tells you what it catches, but has no way to identify and learn from data loss that it misses. What files were on a lost laptop? What data did a user take when they resigned? Or even something simple like how many people try to use USB devices? The research showed that DLP fails to answer even these most basic questions,” says Mc Loughlin.
“Add to this that DLP penalises everyone because of a few bad actors, essentially making good employees less efficient and – if anything – encourages them to explore riskier ways of working. And yet, despite all the time and effort, it’s still relatively easy for employees to take data out of an organisation. The proliferation of bring your own device (BYOD) policies and cloud services have made organisations more porous, not more secure.”
However, while DLP is designed to allow businesses set up, operate, and distribute a solid security policy, and protect information, it addresses many of the security challenges that remote workers pose to the company. Mc Loughlin points out that DLP mostly reduces data complexity which often prevents and organisation from being able to control and monitor data flows from a central location. This also drives users to bypass controls and break rules in order to do their job, which increases the chance of data loss.
According to Mc Loughlin, the failure of DLP calls for a new approach to protecting against the insider threat – and this approach rests on visibility. Global companies are finding success catching insiders using a solution that provides lightweight, enterprise-wide visibility, and which offers answers and focus where DLP provides rules and complexity. Dtex SystemSkan is a lightweight, highly scalable system that provides true user visibility across all companies, whether you are an SME or one of the largest global organisations.”
In addition to having a 0.1% network impact, Dtex provides real time visibility into the files and data users’ touchpoints, the applications they run and sites they visit – both on and off the corporate network from the moment it is installed. It also allows companies to move away from “lock and block” to “trust but verify”, meaning that the whole company will not be punished for a few bad apples.
However, the key to the solution’s success is prediction, not prevention through behavioural analytics. “Dtex monitors changes in behaviour that indicate a user is preparing to steal data, and allows you to see what your logs miss. If you rely on log files to stop the insider threat, you’re missing critical data needed for successful analytics and investigations,” Mc Loughlin concludes.