Data loss prevention (DLP) is one of the most important tools that enterprises have to protect themselves from modern security threats like data exfiltration, data leakage, and other types of sensitive data and secrets exposure. Many organizations seem to understand this, with the DLP market expected to grow worldwide in the coming years. However, not all approaches to DLP are created equal. DLP solutions can vary in the scope of remediation options they provide as well as the security layers that they apply to. Traditionally, data loss prevention has been an on-premise or endpoint solution meant to enforce policies on devices connected over specific networks. As cloud adoption accelerates, though, the utility of these traditional approaches to DLP will substantially decrease.
Established data loss prevention solution providers have attempted to address these gaps with developments like endpoint DLP and cloud access security brokers (CASBs) which provide security teams with visibility of devices and programs running outside of their walls or sanctioned environments. While both solutions minimize security blind spots, at least relative to the network layer and on-prem solutions, they can result in inconsistent enforcement. Endpoint DLPs, for example, do not provide visibility at the application layer, meaning that policy enforcement is limited to managing what programs and data are installed on a device. CASBs can be somewhat more sophisticated in determining what cloud applications are permissible on a device or network, but may still face similar shortfalls surrounding behavior and data within cloud applications.
Cloud adoption was expected to grow nearly 17% between 2019 and 2020; however, as more enterprises embrace cloud-first strategies for workforce management and business continuity during the COVID-19 pandemic, we’re likely to see even more aggressive cloud adoption. With more data in the cloud, the need for policy remediation and data visibility at the application layer will only increase and organizations will begin to seek cloud-native approaches to cloud security.
What is cloud-native data loss prevention?
The explosion of cloud technologies in the past decade has brought new architectural models for applications and computing systems. The concept of a cloud-native architecture, while not new, is a development that’s taken off in the last five years. But what exactly does cloud-native mean, and how can it apply to security products like data loss prevention (DLP)?
Cloud-native describes a growing class of platforms that are built in the cloud, for the cloud. True cloud-native data loss prevention is defined by the following features:
- Agentless. Cloud-native DLP solutions aren’t deployed as software programs that require installation, rather they integrate with the applications they secure through APIs. This makes deployment easy and updates to such platforms effortless, without getting end-users or IT involved.
- API driven. Central to cloud-native data loss prevention is the API-driven nature of such solutions. Connecting with cloud platforms via API means that visibility and security policies immediately apply at the application layer. API-driven solutions can derive platform-specific context & metadata, as well as provide granular, platform-specific actions, versus broad-brush blocking on the network.
- Agnostic. True cloud-native solutions are platform, endpoint, and network agnostic in that they’re capable of integrating with cloud platforms quickly and can provide a single pane of glass visibility across the cloud.
- Automated. True cloud-native solutions don’t just provide visibility into the cloud but help automate policies whenever possible. The sheer volume of data that moves through cloud systems combined with the always-on nature of cloud applications means that incidents can happen at any time and will require immediate remediation. Automation ensures that security teams can respond to these as quickly as possible.
- Accurate. Finally, in order to help security teams process the massive amounts of data in the cloud, cloud-native DLP must be accurate. The accuracy of such platforms is often enabled by the same systems that make them automated — effective use of machine learning that can quickly and accurately identify when business-critical data has been exposed.
What are the advantages of cloud-native DLP?
When you consider the capabilities listed above, cloud-native DLP is designed to help organizations get a handle on protecting the massive volumes of data moving in and out of data silos daily. With organizations understanding that the security of their data in the cloud is their responsibility, security teams are increasingly investing in tools designed to help them address visibility and policy blindspots. While it might be the case that cloud-native data loss prevention platforms aren’t the only security tools companies choose to invest in, it’s clear that they’ll be one of the most essential parts of their security toolkit.
Nightfall is the industry’s first cloud-native DLP platform that discovers, classifies, and protects data via machine learning. Nightfall is designed to work with popular SaaS applications like Slack & GitHub as well as IaaS platforms like AWS. You can schedule a demo with us below to see the Nightfall platform in action.