Data Loss Prevention (DLP) has got a bad name. And deservedly so. It has been expensive to buy. Even more expensive to implement. And frankly, pretty shite.
But things have changed dramatically in the last few years, as we’ve moved away from classic DLP and into a raft of new names such as Data Protection and Data Posture Security Management. In fact, mentioning old school DLP in the same breath as a modern solution draws the wrong connotations, so I’ll stop doing that.
Modern data security solutions no longer rely upon clunky direct string matches, regexes and average-at-best dictionaries. I'm sure everyone would rather forget about document classification tags as well. Instead, they are dynamic tools that analyse both your data in transit (via a SASE solution) and your data at rest (using CASB-type capability).
The result is a comprehensive view of what data is exiting and entering your business, and what has already left and is now stored in some cloud service somewhere, where it can be reshared (deliberately or otherwise).
Data is the next frontier of zero-trust architecture. The initial focus has been on users connecting to applications, and more recently, applications or non-human identities connecting to other applications. But what about applications and users accessing data? Not just files or folders, but actual data — the information they should or shouldn't be accessing.
Surprise!
This truly is one of those “Surprise!!” moments when you see what is actually flowing across your network and being stored in various apps and platforms. And it really is as simple as this. If you’re a Zscaler ZIA customer, head over to the Analytics section and find the Data Discovery Dashboard. There, you will find a Dashboard that looks a little something like this:
From here, you can explore the ML-generated categories, see who the top risky users are and discover a number of other useful insights.
Now, fair warning: You can see things that cannot be unseen. You'll see who's uploading personal items to various locations (i.e. a CV) and you may very quickly discover that your policies aren't being followed. You'll need to make it very clear (again) to your employees that you monitor activity for security purposes. Expect to uncover plenty of other surprises about your business data.
If you want to go beyond looking and start setting controls, this is where you'll need a licence.
What else should I know?
Here are just a few other key points I thought I’d throw in the mix:
- Endpoints. A little-known fact is that Zscaler has Endpoint Data Protection. You can prevent data from leaving via your endpoints as much as you can across the network. It’s built into the same old Zscaler Client Connector.
- ChatGPT & other GenAI tools. Yes, it can see what users are posting and prompting in GenAI tools. You can also set policies to manage data being pasted into these tools.
- Licensing. There are a number of options depending on what features you want. But there are some pretty good capabilities included in some of the Zscaler bundles. I'd start by figuring out what you might already have included.
Takeaways
Here are three quick takeaways:
- Checking your Data Discovery Dashboard will almost certainly be an eureka moment. Seriously, check it out - you may have a big blind spot.
- Worried you’ll like it and won’t be able to get the budget? This is one of those things where if you do a proof of value and you learn a few things, the budget proposal will write itself.
- DLP has always been super hard to justify its ROI, but the next generation of Data Protection tools is in a fundamentally different class and well worth investing an hour in over the next week.
One last thought - we have never worked on more data leakage investigations than this year, some including insider threats. The one thing we wish we had access to every time the question of data exfiltration arises? Data protection visibility.
