Gartner Analyst and It’s Time to Redefine Data Loss Prevention

A Gartner Analyst and "It's Time to Redefine Data Loss Prevention"

 

Today, it seems to be in vogue to criticize DLP solutions as out of date, insufficient for modern business needs, and generally out of touch with industry realities.

 

One of the more notable sources to voice this opinion has been none other than industry leader Gartner.

 

In an analysis piece entitled “It's Time to Redefine Data Loss Prevention” [1] Gartner goes after the most dominant trends in DLP.   The article asserts that security and risk management leaders need to shift from current trends in data loss protection and “implement a holistic data security governance strategy.”  This is the only way for IT departments to insure “data protection throughout the information life cycle.”

 

The Gartner write up lays out a nuanced, but ultimately damning case against contemporary DLP.   Note that GTB Technologies customer's were not part of the analysis as the report appears to be about "Gartner Market Leaders".

 

The summary of their argument looks something like this:

Despite a market awash in DLP solution options, organizations are still struggling with communication between data owners and those responsible for administering DLP systems.  A symptom of this disconnect is that managers are opting for programs that will automate the work of DLP. This has resulted according to Gartner in “technology-driven — rather than business-driven — implementations.”

 

Another problem says Gartner is that many DLP solution users struggle to get out of the initial phases of discovering and monitoring data flows after the platform is first deployed. The focus on these meticulous tasks means that organizations never realize the potential benefits of “deeper data analytics” or “applying appropriate data protections.”

 

Lastly, the article points out that DLP as a technology is viewed by users--whether they be individuals or enterprises--as a “high-maintenance tool”, requiring constant attention and a substantial regular investment of man hours.   This ultimately leads to “incomplete deployments” in relation to the systems actual DLP needs.   As a result of all of these phenomenon, says Gartner, companies end up being stuck with systems that require constant fine tuning, and struggle to calculate the ROI on the substantial investments in DLP platforms.

 

While all of the above points are fair criticisms of contemporary DLP, the approach offered up in the analysis to solve these problems are totally off the mark.   Gartner suggests a total shift in data loss management, moving away from reliance on technology, and instead “sharing responsibility” for DLP between the different constituents in an organization. To achieve better DLP, the industry does not need to run away from technology, but rather incorporate programs that will address the very real problems Gartner has laid out.

 

GTB’s Smart DLP that WorksTM is a platform designed to do just that.

Using patented artificial intelligence models, the GTB data loss prevention programs use an artificial intelligence based approach to manage sensitive data. This allows the platform to learn and map the network, freeing IT from the tedious maintenance attached to other solutions.    Due to the precision of it’s detection technology, ease of use and quick time to value,  Smart DLP allows processes to be streamlined, instead of bogging down administrators with errors and false positives.

With Smart DLP managers can have their cake and eat it too.   GTB ensures users that security does not come at the expense of efficiency.

[1] It's Time to Redefine Data Loss Prevention Published 19 September 2017 - ID G00333194  Gartner

Zero Trust Data Protection

Zero Trust Data Protection Out with the Old Conventional security models, those based on firewalls, IDS, and the like, operate on the outdated assumption that "everything on the inside of an organization’s network can be trusted".   The contemporary threat landscape facing IT has shown that this is simply not true.   The increased attack…
Read more

Blockchain the Pros and Cons

In an era where cyberattacks can paralyze entire networks, the need for effective, reliable IT security has become paramount.   Some think they have found the silver bullet in the war against hackers. The Blockchain Revolution   When Bitcoin creator Satoshi Nakamoto, whose true identity is still unknown, revealed his revolutionary currency idea in a…
Read more

Insider Threat and 3rd Party Liability

PageUp and the 3rd Party Liability Problem

3rd Party Liabilities

 

The tech world was thrown into frenzy over the recent hack of international HR service provider PageUp.

In late June, chief executives reported "unusual activity" in its IT infrastructure.  An investigation was launched and emergency notifications were distributed to PageUp’s broad client base.

The industry quickly understood: the implications of this hack were potentially devastating.

PageUp specializes in storing personal details of workforce personnel.   The company boasts two million active users across 190 countries.   All of this data was now suspected of being compromised.

The most recent news on the PageUp damage report was the leaked data of the UK food and hospitality giant Whitbread.   The hotel and coffee shop operator acknowledged that some current and prospective employees’ data may have been compromised during the PageUp hack.  Whitbread sent a message to individuals potentially affected stating that personal detail collected during recruitment processes “may have been accessed and could potentially be used for identity theft.”

Whitbread has reportedly suspended its use of PageUp’s services.

 

The Third Party Liability

The PageUp breach and its subsequent fallout highlight the ever present--and increasingly risky--threat to data posed by third party outsourcing.

 

Third party contractors are extremely attractive targets for cyber criminals.   As one industry leader put it: “information like dates of birth and even maiden names […] gives cyber-criminals all that they need to successfully monetize the hack, from phishing attacks to identity theft.”

 

The risk of third party vendors is especially true in the era of heightened compliance demands set by current data regulations.   Laws like the EU GDPR put all the responsibility on companies when it comes to who they trust to handle their data.   In the medical industry,  HIPAA requirements also extend to any outside service provider dealing with personal data of patients.

 

Handle on the Data

 

Enterprises need to take control of their sensitive data, whether it is on their own networks, or being managed via outsourcing.

This means companies need to vet their digital-service supply chains more seriously.  Managers must get clear answers from service providers on very important questions:

  1. What are the security standards for personnel data?
  2. How up to date are the company’s data loss protection tools?
  3. How does the contractor deal with regulation compliance?

Ensuring the tight standards of contractors is the only way for companies to safely employ third parties to handle their most sensitive data.