Can you protect your business from data breaches before setting up security policies?

Can you protect your business from data breaches before setting up security policies?

One of the biggest frustrations with implementing and managing legacy DLP solutions is managing policies. Part of this is the industry’s fault. Legacy DLP solutions have conditioned security teams to believe that data can best be secured by granular and complex policies.

These require teams to follow a strict process:

1. Build a data classification scheme. Legacy DLP requires organizations to define their classification schemes before starting. This means identifying the characteristics of sensitive data.. Some are fairly simple to understand, such as Personally Identifiable Information and Personal Health Information. Others will be specific to an organization, such as source code, design documents, customer lists, and financial documents.
2. Identify and classify all sensitive data, everywhere in the organization. Before data protection begins with legacy DLP, all data must be identified and marked with classification tags. Teams must search the enterprise to identify all instances of the data. This includes servers, endpoints, and employee devices.
3. Build policies. Legacy DLP requires granular rules that determine which class of data every user can access and which actions can be taken with each class.
4. Repeat. This process creates a point in time solution that can rapidly become out of date as your business evolves, leaving you with a false sense of security.

A focus on policies delays protection and time to value

It can take months or years to identify and classify all the data in an organization. And, once you are done, that scan is already out of date based on new data created, added, or modified during the process. In legacy DLP environments, these activities must be completed before data protection can begin. In addition, teams must update and maintain policies as inevitable false positives disrupt legitimate workflow. As organizations add new classes of data and/or new user groups, the entire process must start again.

Machine learning on endpoints allows a policy-free approach

While policies will always have a role in DLP, a policy free strategy provides more accurate protection and faster time to value. The Reveal Platform by Next accomplishes this by moving intelligence to the endpoints.

With machine learning on each endpoint, Reveal eliminates the need for pre-classification of data and granular policies. Instead, Reveal’s real-time data classification considers content and context to identify and classify data as it is created and used. Content level inspection identifies patterns for PII, PHI, PCI, and other fixed format data types. Contextual inspection identifies sensitive data in both structured and unstructured data without predefined policies.

Machine learning on each endpoint allows autonomous decision making - without dependence on network connections. Behavior analysis on the endpoint also minimizes the requirement for granular policies and their resulting false positives. Individual baselines surface individual anomalies, isolating risks to each device and user. Agents are deployed quickly and deliver immediate visibility to user behavior and risk, driving value right away.

Benefits of a policy free approach

A policy free approach eliminates workflow disruptions due to outdated policies and data created after discovery and classification scans. In legacy DLP solutions, new data types, new users, and new threats result in new rules and false positives that interrupt legitimate data use. A policy-free approach understands acceptable behavior for each user and reports on risks to data without preset rules.

A policy free approach is better able to adapt to new threats. Insider threats are individual threats and require DLP solutions to understand the context of individual activities. Individual baselines provide analysts with context to actions.