A New Approach to Fighting Data Breaches

Nov 02, 2020
4 minutes

Data breaches are a huge and growing problem worldwide.

In the past decade we’ve all seen reports on the evening news about retailers, health insurance companies, credit reporting agencies, social media sites, government offices and others losing the personal information of 100s of millions of people due to data breaches. This has gotten so common that the idea of “breach fatigue” has emerged.

These leaks often include sensitive data such as date of birth, social security numbers, driver’s license info, home addresses, credit card numbers, passwords, intellectual property and so much more.

With attention to cybersecurity growing rapidly over the past decade many wonder: Why this is still such a big problem, why is it continuing to grow and what can be done about it?

When organizations consider how best to protect their corporate networks and assets “threat protection” is typically the first thing they turn to. This often comes in the form of firewalls and endpoint protection and is designed to help secure networks, servers, users and applications from outside threats.  Threat protection systems from Palo Alto Networks and others have evolved to the point where they are easily accessible to all companies whether they have an on-prem or cloud strategy, or both -- and they are very effective.

Because of the digital transformation of business over the past 20 years, vastly more organizations are creating, collecting and storing large amounts of sensitive data. We are finding that many of these organizations--along with companies that have to comply with particular data privacy and protection regulations--want to extend their security and create a two-pronged approach. They want to continue to protect against threats while building systems to help protect their data.

Data Loss Prevention - A Different Approach

These systems, known as Data Security, or specifically Data Loss Prevention (DLP) systems, take a different approach than threat protection systems. DLP systems watch for data on the move and restrict where it can go.

Some of the technology developed for DLP systems is very impressive. Not only can these systems look for someone sending a huge database full of personal info but they can even look at an image file that has a screenshot and detect a single social security number.  DLP systems don’t just protect the personal information we hear so much about in the news, they are also designed to help companies protect their valuable intellectual property and confidential information.

Unfortunately, DLP solutions have not evolved to where they are accessible to all who need them. Most of the current DLP systems were only designed to help global-scale organizations that have huge data protection budgets and staffs. We know of some organizations that have had to build data protection teams with up to 30 people. They are massively complex to design, install and operate so they are not practical for most of the companies and organizations who need them--and each year more and companies seem to need them. 

In addition, many organizations have moved data and applications to the cloud over the past few years and the legacy DLP systems were never designed with the cloud in mind.

We believe there is a better way!

So how do security teams implement a two-pronged approach? Going forward, Data Loss Prevention must evolve and integrate with threat protection systems. We think DLP systems should--and must--be accessible to all. 

We believe modern DLP systems should:

  • Be effective and minimize user effort
  • Scale for all size organizations
  • Be simple to deploy and manage
  • Integrate with existing cybersecurity systems
  • Work for companies whether they keep their data in the cloud, on-prem or take a flexible approach

Stay tuned--We’re looking forward to showing you how we are rethinking and reimagining DLP. 

Subscribe to Network Security Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.