Data Loss Prevention (DLP) is like the kid in high school who never seemed to graduate. They’ve been around for a long time, they’re established – they might be useful in some capacity, but every year that goes by they become less relevant.
Cloud Access Security Broker (CASB) when it first showed up was like the kid who transferred to a new high school their sophomore or junior year. They were new. Everyone was skeptical. Where would they fit in and how would they be perceived?
For some, the high school years were the best years. They never move on or they try to and it just doesn’t work. For example, taking a selfie with a disposable camera, while rollerblading and wearing your favorite graphic tee.
Sure, you might’ve gotten the desired outcome of taking a picture of yourself looking ToTalLy AmaZinG – but the propensity to make mistakes runs high if you’re using outdated tools (i.e. falling while rollerblading). Plus, it's embarrassing.
Preventing the loss of sensitive information is still very much top of mind for CISOs and security practitioners. But in today’s reality, technology moves fast. The way in which users are accessing, manipulating, and sharing files and data has changed significantly. The days of putting an email together, and uploading attachments are starting to fade alongside those acid-washed jeans you used to wear.
The use of content collaboration tools like Google Drive, Box, and Slack are the new preferred method of both communicating and sharing files with internal and external users. In a recent webinar we highlighted the fact that organizations that use Slack use email 32% less, can reduce meetings by 23%, and bring products to market 23% faster. In terms of providing secure access to sensitive data – as well as protecting the actual business-critical data and files – is paramount in today’s world of Zero Trust.
Traditional DLP solutions struggle in attempting to secure this new egress channel which is Software as a Service (SaaS) applications. They’re challenged by unstructured data and file types in the cloud, as their primary focus is on traditional endpoints and networks. They are also prone to way too many false positives, taking the time and attention away from security teams. Modern data loss solutions do not provide automated remediation functionality to effectively prevent the loss, leakage or misuse of sensitive company data.
Anyone that uses a CASB solution will tell you it’s complex and difficult to manage. The scope of policies that can be created to address data loss and data access use cases are limited to hard-coded. This is a problem. Especially at scale when a technology is hard to manage and only provides limited policy enforcement, and struggles to close the security gaps that need to be closed within your security program.
Both of these solutions and markets are truly beginning to fade. Analysts are no longer covering these technologies as they once had, or they are converging or getting enveloped entirely into other markets (i.e. Secure Access Service Edge (SASE)).
But as mentioned before, the desire to prevent the loss of sensitive data is still very much relevant both in terms of general breach prevention, as well as maintaining compliance with various regulatory frameworks (especially those with a focus on data privacy).
DoControl is focused on data access security. We provide preventative measures and detective mechanisms that identify, detect and block sensitive data from leaving the confines of your cloud. At the beginning of the year we launched DoControl’s Security Workflows, which provide the ability to address a vast number of data access use cases through dynamic DLP policy enforcement. Our platform is a completely event-driven solution that allows for the creation of granular data access policies to be applied consistently across all the business critical SaaS applications that your business is leveraging.
Join the growing list of cloud-first organizations that are partnering with DoControl for secure business enablement – and don’t miss our upcoming webinar all about how we’re helping our customers modernize their DLP and CASB for SaaS.
This stat comes from the industry report we published earlier this year: The Immense Risk of Unmanaged SaaS Data Access. It’s a great read. We recommend you check it out.
DoControl is named as a Representative Vendor in 2022 Gartner® Market Guide for Insider Risk Management Solutions. Gartner recently published the market guide which assists in understanding and implementing a comprehensive insider risk management program. Gartner describes how “the increase in a hybrid or remote workforce, compounded with additional vendor integration, has prioritized insider risk management as a focus area for security and risk management leaders.”
In today’s hybrid work environment, SaaS security has never been more important. Understanding your existing risks is a critical step to choosing the right security tool, but few SaaS apps provide the visibility necessary to perform a proper assessment.
On April 12th, GitHub announced they had uncovered evidence of an attacker abusing stolen OAuth user tokens to download data from dozens of their customers. The applications maintained by the compromised platform service providers, Heroku and Travis-CI, were used by GitHub users, which makes this breach a new addition to the growing list of recent attacks that utilized unauthorized access to target suppliers' systems.