How to Map to Gartner’s DLP Framework
DLP Framework
Data Loss Prevention (DLP) addresses data security concerns through policies and rules that prevent sensitive data from leaving the organization. The rules are based on what is known about data and its associated metadata. As new data types have emerged, specifically cloud data, DLP is no longer as effective as it once was. Also, what is and isn’t DLP has gotten cloudier. Luckily, Gartner has laid out a framework for how DLP works in 5 Steps to Successfully Implement Data Loss Prevention.
Gartner indicates that DLP solutions are limited in scope and it’s likely that multiple DLP vendors will be required to fulfill the needs of a business. This can lead to policy inconsistency and misinterpretation. In addition, in the Market Guide for Data Loss Prevention, Gartner indicates that DLP vendors rely on data classification services.
The following data security concerns need more than what DLP alone can offer:
BigID can greatly improve the DLP process for these key data needs.
Why DLP Alone is Not Enough
The concerns with DLP stems from its roots. When first introduced, the movement of data in and out of an organization was primarily limited to email. DLP focused on the body of the email in addition to the few productivity documents that were commonly attached. As time has passed the volume, velocity, variety, and veracity of data has increased exponentially.
BigID can greatly improve the DLP process for these key data needs.
Individuals communicate via email, Slack, social and other avenues. In addition, almost everyone in the organization has access to numerous SaaS and other cloud services and are continually moving data accordingly. What used to be a case of creating simple pattern matching rules to flag sensitive data is far from adequate. In fact, it is now virtually impossible to create such rules for thousands of data types and billions of data elements. Through this malaise the number of false positives identified by DLP tools has increased to the point that critical data is being stopped from exiting the organization and thus slowing business. On the other hand, the number of false negatives is even more disconcerting, as truly sensitive data is not being identified correctly and thus slips through the DLP tool rules.
Whereas DLP started with the premise of catching sensitive data as it is leaving the organization, BigID comes from a different approach. You can only create rules for the data of which you are aware. BigID believes that you should know as much as possible about your data. That includes all your data and where it resides:
- Structured
- Semi-structured
- Unstructured
- Data-in-flight
- SaaS data
- CSP data
- On-premise
- Hybrid
If you have a complete map of all data, then you can start protecting the most sensitive data first, not what happens to be moving out of the organization at the time. Through BigID sensitivity classification and access controls sensitive data is made inaccessible to most situations where DLP would apply. This is where BigID can replace existing DLP solutions or augment to make them more accurate and predictable.
BigID’s Approach to DLP Challenges
BigID’s deep roster of connectors to hundreds of data sources makes sure that you can scan even those tough lesser known data sources. In addition, BigID has 600 out of the box next-gen classifiers leveraging not just pattern based matching, but also ML classifiers based on NLP, AI insight based on deep learning, document identification and patented file analysis classification.
As an example, BigID’s capability with NLP classifiers can identify certain numbers in free flowing text as a person’s age and therefore probably sensitive, but a DLP tool would not be able to pick this up. The ML-augmented discovery and classification results in a robust data registry and metadata catalog with sensitivity levels applied to the data. Data access can be granted or restricted according to the data sensitivity. This level of protection is more robust than trying to catch sensitive data as it is flying around the organization’s many communication and data transfer technologies.
There will always be a place for DLP as an additional level of protection offered alongside data access rules based on the actual data artifacts. However, BigID can greatly relieve the pressure on DLP tools by providing one of the industry’s broadest and open API sets. Linking the BigID deep repository of classified, curated, and qualified metadata and data with accompanying sensitivity levels to the DLP solution to create and augment rules will greatly reduce both false positives and negatives, reduce insider threats, and take pressure off of the DLP solution.
To find out more about how BigID’s Data Intelligence platform can help bridge the gap between your DLP tools, set up a 1:1 demo with us to see it in action.