For many organizations, Data Loss Prevention (DLP) is at once one of the most important components of their security framework and the biggest headache for administrators. Why? Because most risks to data security actually come from within an organization, which means security teams have to classify and monitor data across hundreds – even thousands – of different entry and exit points of a corporate network.
This includes user devices like laptops and mobile devices, email clients, servers, and gateways within the network.
While every vendor offers a slightly different functionality – and can solve for data loss on email, endpoints, or networks – the goal of DLP software is essentially the same: to minimize the risk of data leaving the organization.
To understand the agility and efficiency of some modern solutions, it’s important to understand not only the history of DLP but the history of email. This is, after all, where employees now spend 40% of their time.
How has email changed over the years?
Today, most of us have at least one email address. It’s the main form of communication both in the workplace and with consumer-facing brands. While a decade or two ago, we might have used traditional mail, picked up the phone, or even met in person to share information, now we freely send sensitive data and information like bank account details, medical records, and confidential trade secrets via email every day. And, the fact is, most of us don’t consider the security of these exchanges.
But, with the exchange of sensitive information comes potential risks. As such, there’s an urgent need to keep email – and therefore data – safe and secure.
Back in the 1990s, when email started to take off, there was little-to-no email security. It soon became apparent that some kind of filtering system was necessary. This way, people could not only limit the volume of emails they received, but they could ensure that whatever landed in their inbox was relevant.
While this filtered out spam broadly, we remain exposed to targeted email threats like phishing or spear phishing attacks.
Internet Service Providers (ISPs), Secure Email Gateways (SEGs), and anti-virus software took filtering a step further, using pattern and keyword recognition to identify potentially threatening emails, but it’s still not enough. In fact, the number of phishing attacks continues to rise and 2019 saw the highest number in three years.
Of course, this isn’t the only problem with email. As we mentioned, there are also data risks within an organization. Data could be lost through a simple mistake, for example sending a misdirected email. Or, there could be more nefarious intent, like a disgruntled employee leaving the company on bad terms and taking valuable information with them.
So, how do you solve all of these problems? There are two schools of thought: one is data-centric and the other is human-centric.
Data vs. human behavior
When you consider the objective of DLP, you realize there are two distinct approaches to take.
- Data-centric approach: Rule-based solutions use the content of an email to perform analysis. These rules consider keywords, attachments, seniority level, and even the role or department of an employee to identify sensitive information and keep it within the organization.
- Human-centric approach: Instead of focusing only on the data, human-centric approaches like those offered by Tessian seek to understand complex and ever-evolving human relationships in order to protect sensitive information.
While both approaches have their merits, there are some clear shortcomings to a data-centric approach.