The fading network boundaries in the ‘Cloud’ era have made organizations realize just how easy it is for data to escape out of the impermeable safety network of the enterprise and land into the hands of bad actors.
Today every business is concerned with protecting its reputation from the possibility of being targeted with a data breach. Having said that, every business bears the tremendous responsibility of taking vigorous measures to safeguard sensitive data that personally identifies employees and customers or gives away business secrets.
Enterprises generally rely on a two-pronged approach to data security: a) by stopping attackers from infiltrating the network and stealing data, and b) by creating a fail-safe with a data loss prevention (DLP) solution to protect data from intentional or unintentional exposure.
Most enterprises have access to two broad categories of data protection solutions: traditional DLP and cloud embedded DLP. When it comes to capabilities, coverage, cost, and implementation, we believe both options fall short and create restrictions in some way or the other.
For one, most of these data loss prevention (DLP) solutions don’t apply to all enterprise segments as they are designed keeping mostly large enterprises in mind. If you take the traditional DLP solutions into account, most are not designed for simplicity. They run on-premises and use bolt-on technologies, forcing IT security teams to install new infrastructure. The high CapEx and OpEx results in sky-high total cost of ownership (TCO).
Cloud embedded DLP options offer better TCO but provide only partial protections. We say this because in order to cover every control point, embedded DLP requires two sets of policies forcing at least two solutions to ensure full coverage. Think about the administrative nightmare this creates, with multiple management consoles, policy languages and data classification systems.
It’s safe to say that neither type of DLP solution available in the market today has matured over time to cover workforce mobility and the evolving cloud landscape.
At Palo Alto Networks, we strive to continuously deliver the best security solutions that enable you to meet your security responsibilities. We are the global cybersecurity leader in Next-Generation Firewalls, which makes us the leader in attached intrusion prevention systems (IPS)—and aim to lead the industry with our fresh approach to DLP as well. Our vision is to bring to market a disruptive, all-inclusive, modern and simple approach to data protection, privacy, and compliance. One that promises the peace of mind that solid security offers.
We have been innovating on a new breed of DLP technology that fits into the evolving needs of the cloud-enabled enterprise, tangibly lifting the restrictions that come with traditional DLP and cloud embedded DLP solutions currently available in the market.
You’d agree that the standard network security model—that enforces security policy on network hardware—is essential to protecting all enterprises against data breaches, given that virtually all data and applications connect to a network. Equally important is leveraging a cloud security model to effectively protect data stored in public cloud environments such as AWS S3 buckets; and, data moving within SaaS-based applications such as Salesforce, Office 365, G-Suite, Box and many others.
As the industry's leading cloud-delivered network security provider, we believe today’s cloud-enabled organizations need a data protection solution that integrates with both models to offer broadest coverage. This is why our idea behind modern DLP is that of a unifying cloud-delivered service that natively integrates with your standard network security infrastructure or is seamlessly delivered via SASE to protect sensitive enterprise data everywhere.
Data protection using this all-inclusive approach would cover both physical and virtual networks and workloads in the cloud—including SaaS at rest, SaaS inline, and cloud native IaaS—and every user’s data, whether on campus, at branch locations, or working remotely.
Figure 1: A View of Our All-Inclusive Approach to Enterprise DLP
We have so much more to share about our imminent entry into the DLP market with a DLP solution that will be available across all channels—physical and software firewalls, Prisma Access, and Prisma Cloud. In a few days from now, we will discuss in detail how you can benefit from the simplicity of our DLP innovation as a simple licence-activated service that doesn’t require additional infrastructure investments. Think about the lowest TCO you can experience without having to settle for average data security.
Best-of-breed, enterprise-grade data security to us is synonymous with accurate discovery and protection of sensitive data using automatic classification, context, and machine learning. On November 10, 2020, we will dive deep into how our DLP helps mitigate the risks associated with accidental exposure of your sensitive data using these cutting-edge mechanisms. See you at our on-demand virtual launch event.