$4.35 million. That's the average total cost of a data-exposing cybersecurity incident, according to the Ponemon Institute's "Cost of a Data Breach Report 2022." That's an all-time high, up 12.7% from 2020.
Between the potential loss of trade secrets, reputational harm, and regulatory fines related to data privacy, data breaches can threaten an organization's very existence. And if you don't take proactive measures to prevent them, the circumstances that led to one breach can easily result in another. Eighty-three percent of breached organizations report having suffered more than one such event.
Data loss prevention, or DLP, refers to a category of cybersecurity solutions that are specifically designed to detect and prevent data breaches, leaks, and destruction. These solutions do so by applying a combination of data flow controls and content analysis. And in today's cyber-threat landscape, DLP has become a basic business need.
The Three States of Data and How DLP Protects Them
There are three main states in which data can reside within an organization:
- Data in use: Data is considered to be in use when it's being accessed or transferred, either via local channels (e.g., peripherals and removable storage) or applications on the endpoint. An example could be files that are being transferred from a computer to an USB drive.
- Data in motion: Data is considered to be in motion when it's moving between computer systems. For example, data that is being transferred from local file storage to cloud storage, or from one endpoint computer to another via instant messenger or email.
- Data at rest: Data is considered to be at rest when it's stored, either locally or elsewhere on the network, and is not currently being accessed or transferred.
Of course, most sensitive data will change between these states frequently — in some cases, almost continuously — though there are use cases where data may remain in a single state for its entire life cycle at an endpoint.
Similarly, there are three primary "functional" DLP types, each dedicated to protecting one of these states of data. Here are just some examples of how this can work:
- Data-in-use DLP systems may monitor and flag unauthorized interactions with sensitive data, such as attempts to print it, copy/paste to other locations, or capture screenshots.
- Data-in-motion DLP detects whether an attempt is being made to transfer (confidential) data outside of the organization. Depending on your organization's needs, this can include potentially unsafe destinations, such as USB drives or cloud-based applications.
- Data-at-rest DLP enables a holistic view of the location of sensitive data on a local endpoint or network. This data can then be deleted (if it's out of place), or certain users' access to it blocked depending on your security policies.
Not all potential sources of a data breach are nefarious — they're often the result of good old-fashioned human error. Still, the impact is just as real whether sensitive information is intentionally stolen or simply misplaced.
DLP Architecture Types
DLP solutions can be categorized based on their architectural design:
- Endpoint DLP solutions use endpoint-based DLP agents to prevent data in use, data in motion, and data at rest from leaking — regardless of whether they're used solely within a corporate network or exposed to the Internet.
- Network/cloud DLP solutions use only network-resident components — such as hardware/virtual gateways — to protect data in motion or at rest.
- Hybrid DLP solutions utilize both network- and endpoint-based DLP components to perform the functionality of both endpoint and network DLP architectures.
It's important to note that due to the nature of their architecture, network DLP solutions cannot effectively safeguard data in use: It remains vulnerable to purely local activities, like unauthorized printing and screen capturing.
Adopting DLP Is More Important Than Ever
The benefits of a strong DLP program are clear. By taking proactive steps to slash the risk of data loss and leakage, organizations can achieve some powerful benefits:
- More easily achieving and maintaining compliance with relevant data privacy regulations, such as the GDPR and HIPAA
- Protecting intellectual property and trade secrets
- Strengthening security in an era of widespread remote work and BYOD policies
- Minimizing the potential impact of human error and negligence
Larger enterprises may choose to adopt on-premises DLP solutions — and for some, this may be the right choice. But setting up a successful DLP program is complex and resource-intensive, and it requires fine-tuning over an extended period of time. Businesses will also need to bring aboard specialized experts with relevant experience. Those without such a team already in place will likely find it more efficient to work with a managed service provider (MSP) for their DLP needs.
In turn, MSPs are turning to partners to help them build out these Advanced DLP offerings to help prevent data leakage from clients' workloads.
Whether you manage your DLP in-house or turn to a vendor to help, it is a critical part of a modern, and future, security stack.
About the Author
Iliyan Gerov is a Senior Product Marketing Specialist at Acronis.