Solutions Review’s Expert Insights Series is a collection of contributed articles written by industry experts in enterprise software categories. Red Curry of Reco.ai says it’s time to look beyond the veil of DLP and take a better approach to data security.
The mass adoption of SaaS applications at a relatively quick speed has ushered in new ways of working in far more efficient and collaborative ways. But too often, these tools weren’t built with security in mind. Now, employees are sharing information across them, but seldom does the organization – and specifically, the security team – even know what information is being sent across these tools. And in this case, what you don’t know can hurt you.
In the era where everything was on-prem, on physical servers, protecting the data on those servers was paramount. However, with SaaS, things have progressed so quickly that organizations and IT teams haven’t always been able to keep up with the strategy needed for protecting the data in these apps. Not knowing and not having visibility into sensitive SaaS data carries inherent risks – reputational, regulatory, financial, security – which are often “overlooked” as it isn’t a “current problem.” In other words, many are concerned, but since it hasn’t been specifically targeted or exploited yet, they choose to have written rules in place but kick the can down the road when it comes to actually addressing the problem. This is a perfect recipe for a dangerous incident just waiting to happen.
Organizations need a new approach that goes beyond legacy tools like data loss prevention (DLP) and provides more context. This will help IT teams get a handle on who is sharing what, where and when, and how to put the right security focus on the most sensitive information.
Where Legacy Tools Fall Short
In the on-prem days, every organization had their servers, and they had software and applications to protect the data, encrypt it and restrict access to that data. And in most cases, those tools worked pretty well. But the infrastructure underneath these tools and environments has largely shifted to SaaS. And the ability to maintain control over the data being shared, and the notion of perimeter security, has gone out the window.
Most legacy security tools were structured and fitted for the on-premises world. Older DLP tools, for instance, were meant for those use cases – and they were using pretty basic classifiers for the data that was created on those servers. An example would be “If the file has extension Y, allow the movement of this data.” Or “This file is highly restricted confidential because it’s got customer data.” This all worked fairly well when that was the only thing you could be concerned with, but when everyone shifted to SaaS, those black-and-white abilities for those tools to apply their static logic on their data ended up “breaking” as the DLP tools cannot accommodate unstructured data sets. Data teams or security teams have basically lost the ability to have the necessary visibility into the sensitive data within all of the different SaaS platforms used.
In a SaaS environment, legacy tools overwhelm security teams with false positives. The tools can’t keep up, and they prevent businesses from running smoothly and efficiently. It’s no longer a black-and-white situation. Organizations need a way to be confident about what data is sensitive so they can apply context to stop data loss based on the users and data involved, all while enabling normal businesses to function.
New Use Cases Require a New Approach
To assess the risk that’s associated with all the data traversing your SaaS applications, you need the ability to discover it in an unstructured “world map” and classify it. In a SaaS world, you need additional context to ascertain the real level of sensitivity of a given file or data set. You need to be able to determine who is sharing the information, which will help ascertain how sensitive it is or isn’t.
This is fundamental to any data security program; otherwise, everything that follows will be false. But organizations tend to avoid it because it can seem daunting and overly time-consuming. Most organizations know they have a blind spot when it comes to visibility and what data is going where, but they don’t have the resources or time to go through all of the SaaS applications or Google folders to determine what is and isn’t sensitive. It’s a manual that requires everyone across departments to participate – unless there is an automated way to address it.
Taking Action and Mitigating Risk
So, what if this could be done in an automated fashion? What if you could develop additional levels of classification based on context? There are new solutions being introduced to the market that are trying to tackle this challenge. It is considerably simpler to lower the risk level when there is a means to automatically assess the interactions between both people and the data they are accessing. Even better would be having a mechanism to deliver true alerts whenever potentially sensitive material is exchanged.
Organizations need a solution that can automatically map the data continuously using business-based analytics. It would then estimate the risk level associated with accessing, deleting, sending or sharing sensitive data. Instead of relying solely on one attribute, today’s new solutions use analytics to cross-reference the data with the users interacting with it. This enables your teams to accurately determine the level of risk, and if necessary, you can work toward lowering risk. You want to be certain that an action is necessary rather than just stopping legitimate business in its tracks. In cases when corrective action is required, your teams can change who can access the data, store it more securely or enforce configuration settings.
It’s Time for a Change
Organizations have increased their use of SaaS apps by at least 44 percent since the pandemic began. The data security threat of using these apps is real, but legacy security solutions aren’t equipped to deal with the threat. It’s time to look for solutions that offer better control and visibility over all the information being shared within SaaS apps – without slowing business down.
- Going Beyond DLP: A Better Approach to Data Security - May 19, 2023