Prevent Data Loss Across Cloud and Hybrid Environments
Leverage existing tools and focus on the data that matters the most to your organization.
- Organizations are often beholden to compliance obligations that require protection of sensitive data.
- All stages of the data lifecycle exist in the cloud and all stages provide opportunity for data loss.
- Organizations must find ways to mitigate insider threats without impacting legitimate business access.
Our Advice
Critical Insight
- Data loss prevention is the outcome of a well-designed strategy that incorporates multiple, sometimes disparate, tools within your existing security program.
- The journey to data loss prevention is complex and should be taken in small and manageable steps.
Impact and Result
- Organizations will achieve data comprehension.
- Organizations will align DLP with their current security program and architecture.
- A DLP strategy will be implemented with a distinct goal in mind.
Prevent Data Loss Across Cloud and Hybrid Environments
Leverage existing tools and focus on the data that matters most to your organization.
Analyst Perspective
Data loss prevention is an additional layer of protection
Driven by reduced operational costs and improved agility, the migration to cloud services continues to grow at a steady rate. A recent report by Palo Alto Networks indicates workload in the cloud increased by 13% last year, and companies are expecting to move an additional 11% of their workload to the cloud in the next 24 months1.
However, moving to the cloud poses unique challenges for cyber security practitioners. Cloud services do not offer the same level of management and control over resources as traditional IT approaches. The result can be reduced visibility of data in cloud services and reduced ability to apply controls to that data, particularly data loss prevention (DLP) controls.
It’s not unusual for organizations to approach DLP as a point solution. Many DLP solutions are marketed as such. The truth is, DLP is a complex program that uses many different parts of an organization’s security program and architecture. To successfully implement DLP for data in the cloud, an organization should leverage existing security controls and integrate DLP tools, whether newly acquired or available in cloud services, with its existing security program.
Bob Wilson
CISSP
Research Director, Security and Privacy
Info-Tech Research Group
Executive Summary
Your ChallengeOrganizations must prevent the misuse and leakage of data, especially sensitive data, regardless of where it’s stored. Organizations often have compliance obligations requiring protection of sensitive data. All stages of the data lifecycle exist in the cloud and all stages provide opportunity for data loss. Organizations must find ways to mitigate insider threats without impacting legitimate business access. |
Common ObstaclesMany organizations must handle a plethora of data in multiple varied environments. Organizations don’t know enough about the data they use or where it is located. Different systems offer differing visibility. Necessary privileges and access can be abused. |
Info-Tech’s ApproachThe path to data loss prevention is complex and should be taken in small and manageable steps. First, organizations must achieve data comprehension. Organizations must align DLP with their current security program and architecture. Organizations need to implement DLP with a distinct goal in mind. Once the components are in place it’s important to measure and improve. |
Info-Tech Insight
Data loss prevention is the outcome of a well-designed strategy that incorporates multiple, sometimes disparate, tools within your existing security program.
Your challenge
Protecting data is a critical responsibility for organizations, no matter where it is located.
45% of breaches occurred in the cloud (“Cost of a Data Breach 2022,” IBM Security, 2022).
It can take upwards of 12 weeks to identify and contain a breach (“Cost of a Data Breach 2022,” IBM Security, 2022).
- Compliance obligations will require organizations to protect certain data.
- All data states can exist in the cloud, and each state provides a unique opportunity for data loss.
- Insider threats, whether intentional or not, are especially challenging for organizations. It’s necessary to prevent illicit data use while still allowing work to happen.
Info-Tech Insight
Data loss prevention doesn’t depend on a single tool. Many of the leading cloud service providers offer DLP controls with their services and these controls should be considered.
Common obstacles
As organizations increasingly move data into the cloud, their environments become more complex and vulnerable to insider threats
- It’s not uncommon for an organization not to know what data they use, where that data exists, or how they are supposed to protect it.
- Cloud systems, especially software as a service (SaaS) applications, may not provide much visibility into how that data is stored or protected.
- Insider threats are a primary concern, but employees must be able to access data to perform their duties. It isn’t always easy to strike a balance between adequate access and being too restrictive with controls.
Insider threats are a significant concern
53%53% of a study’s respondents think it is more difficult to detect insider threats in the cloud. Source: "2023 Insider Threat Report," Cybersecurity Insiders, 2023 |
45%Only about 45% of organizations think native cloud app functionality is useful in detecting insider threats. Source: "2023 Insider Threat Report," Cybersecurity Insiders, 2023 |
Info-Tech Insight
An insider threat management (ITM) program focuses on the user. DLP programs focus on the data.
Insight summary
DLP is not just a single tool. It’s an additional layer of security that depends on different components of your security program, and it requires time and effort to mature.
Organizations should leverage existing security architecture with the DLP controls available in the cloud services they use.
Data loss prevention is not a point solution
Data loss prevention is the outcome of a well-designed strategy that incorporates multiple, sometimes disparate tools within your existing security program.
Prioritize data
Start with the data that matters most to your organization.
Define an objective
Having a clearly defined objective will make implementing a DLP program much easier.
DLP is a layer
Data loss prevention is not foundational, and it depends on many other parts of a mature information security program.
The low hanging fruit is sweet
Start your DLP implementation with a quick win in mind and build on small successes.
DLP is a work multiplier
Your organization must be prepared to investigate alerts and respond to incidents.
Prevent data loss across cloud or hybrid environments
Data loss prevention is not a point solution.
It’s the outcome of a well-designed strategy that incorporates multiple, sometimes disparate tools within your existing security program.
Info-Tech Insight
Leverage existing security tools where possible.
Data loss prevention (DLP) overview
DLP is an additional layer of security.
DLP is a set of technologies and processes that provides additional data protection by identifying, monitoring, and preventing data from being illicitly used or transmitted.
DLP depends on many components of a mature security program, including but not limited to:
- Acceptable use policy
- Data classification policy and data handling guidelines
- Identity and access management
DLP is achieved through some or all of the following tactics:
- Identify: Data is detected using policies, rules, and patterns.
- Monitor: Data is flagged and data activity is logged.
- Prevent: Action is taken on data once it has been detected.
Info-Tech Insight
DLP is not foundational. Your information security program needs to be moderately mature to support a DLP strategy.
DLP approaches and methods
DLP uses a handful of techniques to achieve its tactics:
- Policy and access rights: Limits access to data based on user permissions or other contextual attributes.
- Isolation or virtualization: Data is isolated in an environment with channels for data leakage made unavailable.
- Cryptographic approach: Data is encrypted.
- Quantifying and limiting: Use or transfer of data is restricted by quantity.
- Social and behavioral analysis: The DLP system detects anomalous activity, such as users accessing data outside of business hours.
- Pattern matching: Data content is analyzed for specific patterns.
- Data mining and text clustering: Large sets are analyzed, typically with machine learning (ML), to identify patterns.
- Data fingerprinting: Data files are matched against a pre-calculated hash or based on file contents.
- Statistical Analysis: Data content is analyzed for sensitive data. Usually involves machine learning.
DLP has two primary approaches for applying techniques:
- Content-based: Data is identified through inspecting its content. Fingerprinting and pattern matching are examples of content-based methods.
- Context-based: Data is identified based on its situational or contextual attributes. Some factors that may be used are source, destination, and format.
Some DLP tools use both approaches.
Info-Tech Insight
Different DLP products will support different methods. It is important to keep these in mind when choosing a DLP solution.
About Info-Tech
Info-Tech Research Group is the world’s fastest-growing information technology research and advisory company, proudly serving over 30,000 IT professionals.
We produce unbiased and highly relevant research to help CIOs and IT leaders make strategic, timely, and well-informed decisions. We partner closely with IT teams to provide everything they need, from actionable tools to analyst guidance, ensuring they deliver measurable results for their organizations.
What Is a Blueprint?
A blueprint is designed to be a roadmap, containing a methodology and the tools and templates you need to solve your IT problems.
Each blueprint can be accompanied by a Guided Implementation that provides you access to our world-class analysts to help you get through the project.
Talk to an Analyst
Our analyst calls are focused on helping our members use the research we produce, and our experts will guide you to successful project completion.
Book an Analyst Call on This Topic
You can start as early as tomorrow morning. Our analysts will explain the process during your first call.
Get Advice From a Subject Matter Expert
Each call will focus on explaining the material and helping you to plan your project, interpret and analyze the results of each project step, and set the direction for your next project step.
Unlock Sample ResearchContributors
- Andrew Amaro, CSO and Founder, Klavan Physical and Cyber Security Services
- Arshad Momin, Cyber Security Architect, Unicom Engineering, Inc.
- James Bishop, Information Security Officer, StructureFLow
- Michael Mitchell, Information Security and Privacy Compliance Manager
- 1 Anonymous Contributor
Assess and Manage Security Risks
Assess Your Cybersecurity Insurance Policy
Achieve Digital Resilience by Managing Digital Risk
Prevent Data Loss Across Cloud and Hybrid Environments
What is an IT risk management program?
Develop and Deploy Security Policies
Fast Track Your GDPR Compliance Efforts
Build a Security Compliance Program
Embed Privacy and Security Culture Within Your Organization
Establish Effective Security Governance & Management
Improve Security Governance With a Security Steering Committee
Develop Necessary Documentation for GDPR Compliance
Reduce and Manage Your Organization’s Insider Threat Risk
Satisfy Customer Requirements for Information Security
Responsibly Resume IT Operations in the Office
Master M&A Cybersecurity Due Diligence
Integrate IT Risk Into Enterprise Risk
Present Security to Executive Stakeholders
Deliver Customer Value by Building Digital Trust
Address Security and Privacy Risks for Generative AI
Protect Your Organization's Online Reputation