Info-Tech’s latest research shows that data loss prevention is not just a single tool. Rather, it’s an additional layer of security that depends on different components of a security program and requires adequate time and effort to mature.
TORONTO, Aug. 10, 2023 /PRNewswire/ – Driven by reduced operational costs and improved agility, the migration to cloud services continues to steadily grow. At the same time, organizations must prevent the misuse and leakage of data, especially sensitive data, regardless of where it’s stored. Moving to the cloud poses unique challenges for cybersecurity practitioners, such as compliance obligations and mitigating insider threats without impacting legitimate business access. Furthermore, all stages of the data lifecycle exist in the cloud, and all stages provide the opportunity for data loss.
To help security teams build a data loss prevention strategy aligned with their organization’s security program and architecture, global research and advisory firm Info-Tech Research Group has published its latest blueprint Prevent Data Loss Across Cloud and Hybrid Environments.
“Cloud services do not offer the same level of management and control over resources as traditional IT approaches. The result can be reduced visibility of data in cloud services and reduced ability to apply controls to that data, particularly data loss prevention (DLP) controls,” says Bob Wilson, research director at Info-Tech Research Group. “It’s not unusual for organizations to approach DLP as a point solution. Many DLP solutions are marketed as such. The truth is, DLP is a complex program that uses many different parts of an organization’s security program and architecture.”
According to Info-Tech’s research, data loss prevention doesn’t depend on a single tool. Many of the leading cloud service providers offer DLP controls with their services, and the firm states that these controls should be carefully considered. As organizations increasingly move data into the cloud, their environments become more complex and vulnerable to insider threats.
“Insider threats are a primary concern, but employees must be able to access data to perform their duties,” explains Wilson. “It isn’t always easy to strike a balance between adequate access and being too restrictive with controls.”
Furthermore, it’s not uncommon for an organization not to know what data they use, where that data exists, or how they are supposed to protect it. Cloud systems, especially software as a service (SaaS) applications, may not provide much visibility into how that data is stored or protected.
“To successfully implement DLP for data in the cloud, an organization should leverage existing security controls and integrate DLP tools, whether newly acquired or available in cloud services, with its existing security program,” adds Wilson.
Info-Tech’s blueprint highlights that DLP is a set of technologies and processes that provides additional data protection by identifying, monitoring, and preventing data from being illicitly used or transmitted. DLP depends on many components of a mature security program, including but not limited to acceptable use policies, data classification policies, data handling guidelines, and effective identity and access management.
The research blueprint outlines some of the tactics that organizations can use to achieve DLP:
- Identify: Data is detected using policies, rules, and patterns.
- Monitor: Data is flagged, and data activity is logged.
- Prevent: Action is taken on data once it has been detected.
Info-Tech advises organizations to start applying DLP with the most critical data, as applying it to all data may not be feasible. Additionally, the firm emphasizes the fact that DLP should be considered a secondary layer of protection and that an existing security program should do most of the work to prevent data misuse.
To learn more about how organizations can build an additional layer of data protection, download the complete Prevent Data Loss Across Cloud and Hybrid Environments blueprint.
For media inquiries on the topic or to get exclusive, timely commentary from Bob Wilson, a cybersecurity and privacy expert, please contact [email protected].
About Info-Tech Research Group
Info-Tech Research Group is one of the world’s leading information technology research and advisory firms, proudly serving over 30,000 professionals. The company produces unbiased and highly relevant research to help CIOs and IT leaders make strategic, timely, and well-informed decisions. For 25 years, Info-Tech has partnered closely with IT teams to provide them with everything they need, from actionable tools to analyst guidance, ensuring they deliver measurable results for their organizations.
Media professionals can register for unrestricted access to research across IT, HR, and software and over 200 IT and industry analysts through the firm’s Media Insiders program. To gain access, contact [email protected].
For more information about Info-Tech Research Group or to access the latest research, visit infotech.com and connect via LinkedIn and Twitter.
SOURCE Info-Tech Research Group