Recently, I had a potential customer ask me to look into my crystal ball (more of a Magic 8 Ball) and tell them what I see as the future of data protection. To understand the future, you need to first look at and understand the here and now.
Most organizations are going through or have mostly gone through an effort to “go digital.” Unless the company you work for was started in the last six years, chances are you still rely on paper processes to communicate with your customers or exchange sensitive information. This is at the core of “going digital,” in the sense that companies want to rely less on paper and more on electronic methods of communicating.
While paper definitely had its issues with loss, companies have spent decades learning how to control these manual processes as best they can. Now that learning process needs to transition to our newer electronic world. Why? People are still at the core of sharing data, be it paper or electronic, and they are still the primary reason for accidental loss.
Data loss prevention (DLP) tools are at the core of maintaining oversight when sharing data and if you’ve used them in the past, you know that as good as DLP tools are, they can all have blind spots. Last blog post, we talked about how combining the management of DLP with the identification capabilities of a data classification tool can help you cover those blind spots and start to give you a solid understanding of the data that's moving around and outside of your organization. Today, let’s look at maintaining control of that data, even if that data no longer resides in an environment you own.
At the root of most encryption tools in use today is the ability to secure the file in transport and only allow it to be opened by the person you initially intended to open the file. This has been in use for decades without much evolution. The issue is that once the individual has the file in their possession, you no longer control what happens to it.
That would be great if people at companies didn't regularly make mistakes and share the wrong data, however we know that's not the case, as accidental loss is now one of the top concerns for loss within a corporation.
Digital Guardian Secure Collaboration (DGSC) follows different patterns when it comes to encryption, because the rights are centrally stored in a service, and the data (when being accessed) has to “phone home” to see if the individual opening has the rights to open it.
That doesn’t sound all that revolutionary right?
At first blush, that's standard “assign rights/validate user” type of activity, however where it becomes powerful is when a change is needed. If I realized I sent the wrong file to someone, with one click of a mouse, they could no longer have access. A central team like an insider threat or security operations center (SOC) could also manage the rights on any file via an administration portal. Additionally, DGSC tracks if the individual I sent it to attempted to access the file so you can see, with auditable evidence, whether the data was actually seen/breached or not.
No matter where the file exists, since it always needs to call back to the service you own to validate the rights, you never lose control.
How about data loss prevention, how does that fit into this story?
If we leverage our DLP tool to ensure anything sensitive or important to the company gets encrypted within the DGSC service as its leaving company owned repositories, you can still control your data regardless of where it lands.
Our customers using DGSC in cooperation with Digital Guardian DLP have cut losses in the billions to date, because intercepting a design file on the internet no longer means you can access it. The added benefit of the “phone home” method of managing rights is that you know when someone has intercepted a file and is attempting to access it because DGSC tracks and alerts on that information (it can even geo-locate where).
Consider accidental loss. Have you ever tried to recall an e-mail you accidentally sent via Outlook? It has happened to us all and recall has been successful maybe twice in my career due to all the “conditions” that must be met for a successful recall.
If DLP automatically applies rights to the outbound files and a mistake is realized, you still have a chance to “recall” the mistake, which in DGSC’s case is removing the rights of the person receiving the file.
Going digital is an exciting opportunity for most companies to streamline their processes and enhance support of their customers, however if not thought through with all the important safeguards in place, it could be more expensive than the paper processes, as you can make mistakes much faster when digital, and on a greater scale.
Digital Guardian, when paired with the DG Secure Collaboration product, is an important step in getting those safeguards in place.
Learn more about Digital Guardian Secure Collaboration and if you have any questions, or want to see a demo, don't hesitate to reach out.
Understanding the Combined Power of Data Loss Prevention (DLP) and Secure Collaboration
Posted on November 15, 2023
