Tessian’s mission is to secure the human layer by empowering people to do their best work, without security getting in their way.
For many organizations, Data Loss Prevention (DLP) is at once one of the most important components of their security framework and the biggest headache for administrators. Why? Because most risks to data security actually come from within an organization, which means security teams have to classify and monitor data across hundreds – even thousands – of different entry and exit points of a corporate network.
This includes user devices like laptops and mobile devices, email clients, servers, and gateways within the network.
While every vendor offers a slightly different functionality – and can solve for data loss on email, endpoints, or networks – the goal of DLP software is essentially the same: to minimize the risk of data leaving the organization.
To understand the agility and efficiency of some modern solutions, it’s important to understand not only the history of DLP but the history of email. This is, after all, where employees now spend 40% of their time.
Today, most of us have at least one email address. It’s the main form of communication both in the workplace and with consumer-facing brands. While a decade or two ago, we might have used traditional mail, picked up the phone, or even met in person to share information, now we freely send sensitive data and information like bank account details, medical records, and confidential trade secrets via email every day. And, the fact is, most of us don’t consider the security of these exchanges.
But, with the exchange of sensitive information comes potential risks. As such, there’s an urgent need to keep email – and therefore data – safe and secure.
Back in the 1990s, when email started to take off, there was little-to-no email security. It soon became apparent that some kind of filtering system was necessary. This way, people could not only limit the volume of emails they received, but they could ensure that whatever landed in their inbox was relevant.
While this filtered out spam broadly, we remain exposed to targeted email threats like phishing or spear phishing attacks.
Internet Service Providers (ISPs), Secure Email Gateways (SEGs), and anti-virus software took filtering a step further, using pattern and keyword recognition to identify potentially threatening emails, but it’s still not enough. In fact, the number of phishing attacks continues to rise and 2019 saw the highest number in three years.
Of course, this isn’t the only problem with email. As we mentioned, there are also data risks within an organization. Data could be lost through a simple mistake, for example sending a misdirected email. Or, there could be more nefarious intent, like a disgruntled employee leaving the company on bad terms and taking valuable information with them.
So, how do you solve all of these problems? There are two schools of thought: one is data-centric and the other is human-centric.
When you consider the objective of DLP, you realize there are two distinct approaches to take.
While both approaches have their merits, there are some clear shortcomings to a data-centric approach.
That means that the more effective solution is one that’s adaptable and can discern the variations in human behavior over time. A solution like this relies on machine-intelligent software that learns from historical email data to determine what is and isn’t anomalous in real-time.