Data breaches are increasingly common as companies are faced with securing a multitude of networks, devices, applications, users, and files used in the course of conducting business. And with global workforces and the rise of cloud computing, security perimeters are more difficult to define than ever before. These issues combine to create a perfect storm – a climate ripe for hackers to take advantage of.
With the number of high-profile security breaches on the rise, such as the massive healthcare data breaches at Anthem and Premera, the hack and ensuing data breach at the U.S. government's Office of Personnel Management, Sony's multiple hacking incidents in recent years, the highly publicized Target breach, and many others, industry analysts have noted a massive resurgence in demand for data loss prevention (DLP) solutions. But how will today's trends impact the DLP market in 2016 and beyond, and what changes looming on the horizon will cause DLP solutions to evolve to accommodate the increasingly complex data protection needs of modern organizations?
To find out how today's security experts see the DLP market evolving in the coming years, we asked a panel of leading cybersecurity experts to answer this question:
"Where do you see the data loss prevention (DLP) market going in 2016 and beyond?"
See what our experts had to say below:
Meet Our Panel of Cyber Security Experts:
Slawek Ligier
Slawek Ligier is an industry veteran focused on protecting consumers from everyday cybersecurity threats. As the Vice President of Product Development at Barracuda, he fights spam, assuring that inappropriate data does not leak outside of the corporation and that users can safely browse the Internet.
"As the threat landscape evolves so does the security market. The Data Loss Prevention (DLP) market is going to..."
Grow and change in 2016 faster than the overall security market as the defense shifts from perimeter to protecting data assets directly. After all, the main purpose of breaching the security perimeter is the desire to access valuable data stored within it. Once the data is reached, it will be either exfiltrated or held for ransom. The objective of the DLP solutions is to prevent unauthorized access to data and most importantly, to ensure that no sensitive data is moved outside of the organization without proper authorization.
As the DLP problem and market grows, we expect to see solutions move from centralized data classification engines to distributed end points, which have additional intelligence pertaining to the attempted communication such as email, file sharing solutions, and web sites. Vendors providing solutions in this space will need to enable application of DLP policies at egress points based on all available information, not just the content of the message. The enforcement of data protection policies will move from simple yes or no answers to the more nuanced approach: an employee might be permitted to send a specific file to their auditor, but not to their friend, and only if the file is encrypted at the proper level.
Charles Foley
Charles Foley is Chairman and CEO of Watchful Software. He has significant systems, software, networking, security, and compliance experience to address the need for protecting proprietary information against accidental or malicious theft or loss. Mr. Foley has spent two decades bringing technology companies in NJ to new levels of success.
"The fundamental shift in DLP technology will be related to..."
Where is the technology applied?
You see, for the past 15 years, DLP technology has largely been applied at network resources, i.e., domains that emails can/can't be sent to, devices that can/can't be written to, storage servers that users can/cannot access, etc. The job of DLP solutions was to enforce the what/where of the equation (i.e., what data can go where).
The problem is that with a world based upon BYOD/Cloud/IoT there is no way to manage where data will flow or where users send it, one way or the other. IT security professionals have realized that it's a fool's errand to try to stay ahead of the next web-sharing site to block, or to try to tell users that they can't use USB, or BlueTooth, etc. to move information. Organizations have devoted significant teams to locking down devices, networks, etc., all with mounting frustration.
So has this become Don Quixote's impossible dream? Or, can DLP technologies and strategies evolve to address today's threat vectors?
DLP is a critical and valid strategy for any organization, and DLP-oriented technologies can/will evolve to continually increase their efficacy. The focal point, however, will move from network resources to the data itself, as DLP technologies will need to get better at identifying sensitive/confidential data at the point of creation (versus after the fact), assigning that information to the proper category of sensitivity (in line with a pre-defined corporate policy for risk mitigation), and engaging encryption on the data objects themselves (versus the device, drive, etc.) to lock them against unauthorized use. In short, between 2016 and 2020, DLP technologies will admit that they can't block the flow of information and as a result they will disregard attempts to stop/block transmission. Instead, they'll employ an increasingly powerful schema for encryption tied to authorization and credentials for use.
Once this is done, they will begin to embrace a wider array of non-traditional forms of data, moving from today's commonly considered structured (database) and unstructured (email, documents, files, etc.) data formats to encompass less traditional means of information transfer such as social messaging, click selections, and voice objects.
Joseph Steinberg
Joseph Steinberg is a cybersecurity expert and entrepreneur who founded the information security companies, Green Armor Solutions and SecureMySocial. He invented several popular cybersecurity technologies in use today, writes a column on cybersecurity for Inc., and is the author of several books on information security.
"One area in which the DLP market will mature is..."
The expansion of DLP technology focused on data leaks emanating from outside of organizational infrastructure and control. As an increasing number of systems are housed in the cloud, the possibility for data leaks via messaging capabilities of cloud-based systems (e.g., CRM) and other technology located outside of corporate infrastructure has grown, and DLP and DLP implementations have not fully kept pace with those risks. We will see continued progress on that front in the next year.
A related area of DLP that is becoming increasingly important – and in which existing technology will be improved or supplemented – is to defend against information leaked via social media. As more people who came-of-age oversharing on social media enter the workforce, and as businesses increasingly utilize social media to target younger consumers, a growing amount of sensitive information is being inadvertently leaked via social media posts – sometimes resulting in lawsuits, people getting fired, etc. Classic DLP technology – which scans data leaving an organization's infrastructure (or, in some cases, cloud-based systems) – does not catch these types of problems, and will need to be improved or supplemented in order to address the risk that emanates primarily from employee and customer personal accounts used on personal devices rather than from corporate controlled systems.
Chad D. Carr
Chadd Carr is the Director of Cyber Threat Detection and Response Services for PricewaterhouseCoopers (PwC). As a former Special Agent with the Air Force Office of Special Investigations, Carr has over 18 years’ experience in cyber security, network intrusion investigation, and information operations expressly related to data breaches and data loss. As a Director with PwC, he oversees both the Incident Response and Cyber Threat Intelligence services, servicing both national and international clients, public and private, throughout each of the 16 critical infrastructures. Data loss detection and prevention is one of many threats he identifies, counters, and remediates daily. Furthermore, as he is a management consultant as opposed to a tech consultant, he maintains awareness and expertise across a wide range of data loss prevention technologies in order to present the best cyber security solution to clients.
"The new paradigm around cybersecurity, specifically data loss prevention and identification, will certainly be..."
Centered around data fusion with a particular focus on minimizing the time to identify, validate, and remediate incidents of exposure. This will most likely come in the form of integrated intelligent platforms designed to mimic the training, capabilities, and methodologies of security professionals and threat actors alike – capable of fusing end-to-end intelligence (external-to-perimeter-to-end point), all tipping-and-queuing each other, and feeding logic into active control defenses; essentially removing the human from the action loop.
Why focus on identification as opposed to prevention? Since the first truncated transmission traveled between the University of California and the Stanford Research Institute in 1969, our society has become increasingly integrated. Specific to data loss, this integration has enabled access to networked resources, the tools/knowledge needed to nefariously exfiltrate data they contain, and a way for threat actors to monetize it. The previous barriers of entry into this market (software, technical training, methods, etc.) have gone away, attracting a wide group of actors including hackers, hacktivists, and advanced persistent threats (APTs). Although motivation may be used to differentiate these groups, the primary delineators of these are technical expertise and access to resources. Ultimately, there are too many exfiltration points to monitor effectively. By searching for hives of data across the surface, deep, and dark webs, organizations are better positioned to contain exposure.
In the meantime, organizations need to remain vigilant and committed to a defense-in-depth framework. No one single solution is capable of defending against all variety of data exfiltration. Security-savvy or threat-aware organizations understand that sound cyber security is much like physical fitness in that it is a lifestyle, and any plan that forces users to deviate too far off of their normal behaviors will not endure. The trick is to achieve balance between security and usability and trade-off between threat probability and threat ramifications.
Saviz Izadpanah
Saviz leads HighQ’s technology strategy, product management, and product development. Prior to HighQ, Saviz was the global head of Debt Capital Markets IT at Deutsche Bank where he was responsible for the program management of multiple applications including Deutsche Bank’s online debt order capture system, “dbbonds,” for the global DCM sales teams. Prior to Deutsche Bank, Saviz was part of the lead web development team at Barclays Capital. Saviz holds a Bachelors of Engineering in Computer Science and Technology from Imperial College London.
"There are a few things I believe will impact the Data Loss Prevention market in 2016 and beyond..."
More and more organizations move their content into the cloud due to financial and market pressures as well as a general increase in trust in the cloud. At the same time, the sophistication and frequency of both automated and manual attacks against organizations hosting data is constantly on the rise. Due to these factors, the importance of appropriate DLP technologies is more important now than ever before, and this trend will continue well into 2016 and beyond.
If organizations offering firewalls, Web Servers, and Operating Systems are to remain competitive in this market, it is expected that such organizations will implement some level of DLP solutions built-in to their standard offerings.
Data center hosting providers like Sungard and content delivery networks like Akamai will also need to improve their offerings in this area.
Web based applications will provide end user interfaces to allow for the application users to configure custom DLP rules which match their specific requirements.
Development frameworks like Apache Struts may incorporate some level of DLP provisions.
All of the above will make it easier and cheaper for smaller organizations to deploy DLP solutions in order to add another level of protection for their client data.
In summary, DLP technologies will continue to improve and will be integrated into more aspects of the technology stack required by service providers to deliver a secure offering.
Chris Camejo
Chris Camejo, director of threat and vulnerability for NTT Com Security (formerly Integralis), comes from a technical assessment background, having personally coordinated and conducted numerous large-scale, multi-discipline penetration tests spanning multiple countries for global clients.
As part of NTT Com Security’s threat intelligence capabilities, he follows the latest tactics and techniques of attackers. Camejo has conducted presentations on this topic at Computerworld Security Summit and with the United States Secret Service San Francisco Electronic Crimes Task Force, and has assisted in research for a presentation at Black Hat Briefings. Camejo has been working with NTT Com Security since 2001.
"I expect there will be more interest in DLP as organizations increasingly realize that..."
Attackers will eventually be able to breach their networks and that keeping sensitive data from leaking out in the aftermath of a breach is just as important as trying to keep the perpetrators out in the first place.
Unfortunately, DLP suffers from the same problem as IPS: configuring, tuning, and maintaining it to prevent false-positives while still identifying and blocking real attacks takes a significant amount of time and effort. If the lessons of IDP are anything to go by, we can expect many DLP installations turning into “shelfware” – the tools sitting in the corner collecting dust with automatic blocking disabled and alerts getting ignored. Large organizations will have the manpower to manage the ongoing maintenance and stand to benefit the most from the use of DLP, while smaller companies that take the potential for data leaks seriously will tend to migrate to managed services that can provide them with enough support to keep things running effectively.
Ondrej Krehel
Ondrej Krehel, CISSP, CEH, CEI, EnCE, is the founder and principal of LIFARS LLC, an international cybersecurity and digital forensics firm. He's the former Chief Information Security Officer of Identity Theft 911, the nation's premier identity theft recovery and data breach management service. He previously conducted forensics investigations and managed the cyber security department at Stroz Friedberg and the Loews Corporation. With two decades of experience in computer security and digital forensics, he has launched investigations into a broad range of IT security matters, from hacker attacks to data breaches to intellectual property theft. His work has received attention from CNN, Reuters, The Wall Street Journal, and The New York Times, among many others.
"The future of the DLP market in 2016 and beyond is..."
The DLP market is heavily focused on two verticals:
- Data in transit - email, web, file uploads, and sharing
- Data at rest - in databases, local computers, and controlling access ports - such as USB
It was generally combined by access control rules and logical conditions.
IRM products are now combined with DLP solutions, adding an additional layer of encryption, and also controlling metadata of content – such as access, lifespan, and storage policies outside of specified locations.
The future of DLP will be integration with IRM and data access control programs, as well as improving algorithms for recognition of sensitive data, such as PII, PHI, or non-public private data.
Andrew Sherman
Andrew Sherman is the Security Practice Lead at Eden Technologies. After starting his career in the academic world, Andy Sherman joined AT&T’s famed Bell Laboratories in 1985 to work in one of the new ventures formed in the wake of the breakup of the Bell System. It was at Bell Labs that Andy discovered the power of distributed systems and networks – and their flaws. It was also in those early days of the Internet that he first explored the importance of network security, working with and learning from colleagues who were building the first firewalls. In 1992, Andy moved to the financial services industry, following the challenge of large distributed computing networks. While he worked in a number of engineering and infrastructure delivery roles, he is best known for his 10+ years in security. Andy’s security expertise spans a wide range of topics: engineering, architecture, and operations for network, platform, application, and data security.
"I predict that in 2016 and beyond, the DLP market will undergo a transformation..."
Cloud services for bread and butter functions like email and calendar are getting increased traction, a lot of it driven by Microsoft Office 365 as a replacement for on-premises Exchange servers. Because this has also pushed enterprise data into the cloud as companies leverage the other services that come with Office 365, including SharePoint, OneDrive (cloud storage), Yammer (social media and microblogging), and other services. All of these move enterprise data and disclosure risk out of the enterprise.
In addition, despite policies to the contrary, enterprise users put data into cloud storage services. While Box, Dropbox, Microsoft, and Google all have enterprise offerings that allow companies to set up sanctioned file sharing services, users still persist in storing data in unapproved repositories.
The traditional DLP vendors will need to adapt or die. They are starting to cover Office 365 email. But there are startup challengers (some staffed by veterans of DLP 1.0 vendors) that are bringing DLP technology to market that helps the enterprise discover the cloud services in use from within the enterprise and to enable data loss prevention on the use of those services.
If the powerhouse DLP vendors are smart, they will acquire the best-in-class cloud DLP companies and integrate their technology into their existing products, much as the best-in-breed independent DLP companies all were acquired by major security companies.
Another trend to watch is DLP baked into enterprise applications, either in the cloud or on-premises. Microsoft has built-in DLP for Exchange 2013, Exchange Online, SharePoint online, and OneDrive for Business. The capabilities are also expected to be built in to the next release of Word, Excel, and PowerPoint. This is potentially a game changer, as the DLP vendors will have to really demonstrate either the value of a single console for all technologies or vastly superior detection or workflow to compete with free. The history of endpoint security indicates that it’s possible to compete with free security from Microsoft, but you need strong differentiators.
Bottom line: the next few years, starting in 2016, will be a time of transformation in the DLP market.
Scott Pitcock
Scott Pitcock is a Service Desk Technician at iProv, LLC in Little Rock, Arkansas. He has been working as an IT professional for 13 years, calling general user support his forte. His newest passion project is developing a cyber security testing program for his customers.
"In 2016 and beyond, I expect the DLP market to grow..."
In Symantec's 2015 Internet Security Threat Report, it was shown that Insider Threats were up 2%, from 6 to 8. The average identities exposed per breach was down a staggering 1.1 million, down 50% from last year, and Total Identities exposed was down 37%. Data theft from attacks was up 15%.
Seeing this, I would expect companies to continue to improve and adopt DLP solutions on endpoints, gateways, and email servers. BYOD will become more of a focus, and policy on personal storage reviewed. Mobile encryption will hopefully become more user-friendly, and we'll continue seeing its use more and more in business. Technologies such as ActiveSync that allow you to wipe a disgruntled employee's phone will have more aggressive usage by companies wanting to protect their data.
With so many dated systems still having such a wide use on the internet (XP is still around 20%, via Internet Market Share), DLP solution providers will start marketing more and more services to small businesses. Attacks will continue to remain high as these systems get further and further from their end of support.
Outsourced vulnerability and penetration testing could be on the rise, as companies seek a new perspective on the security of their networks. Security researchers will continue to stay current with trends and educate the business world on data security. More time will be taken to train customers on data security, and how to manage new tools, encryption, and other policies implemented in the office. The increasing demand to implement these policies and tools will inevitably up the demand for cyber security professionals, as noted in Cyber Professional Trends: A SANS Survey.
Michael Kummer
Michael Kummer is a technology and security expert. He has enjoyed a decade-long history within the IT industry, going back to his days in the Austrian Army. As an innovative and independent thinker with a broad knowledge of security-related technologies, he plays a key role in facilitating SECUDE's latest efforts in the field of data protection and classification for SAP.
"I think the DLP market will go towards a..."
More context-aware approach vs. the traditional content-aware approach it follows today. Many of today's DLP solutions rely heavily on pattern recognition and other content-scanning technologies in an attempt to classify, detect, and block data. That very much limits their reliability and often leads to end-user frustration. Even worse, DLP prevented less than 20% of data breaches, according to the Ponemon Institute. Both enterprises and DLP vendors have realized that and are looking for solutions. I believe that a key ingredient to DLP's future success is deep integration into the applications out of which data is born. Such an integration can either be provided by the DLP vendor or through third parties. Leveraging deep application integration allows DLP solutions to become very much context-aware, reducing or eliminating the need for content scanning (guessing).
Simon Bain
Simon Bain, SYC CEO, has been called upon by leading companies and governments to solve challenging problems with solutions that are both highly secure and user-friendly. With the development of the core technology for SearchYourCloud, Simon has brought together Search and Security to deliver the most powerful solution available for securing and searching your documents.
"In 2016 and beyond, in terms of the Data Loss Prevention market, companies should pay attention to..."
More businesses are relying on cloud applications and storage (Office 365, OneDrive, Dropbox, etc.) to enable a mobile environment and easily share work. While there are many benefits to migrating documents to the cloud, there are also negatives as corporate users combine their company's clouds with their own devices and personal cloud services. Although it is convenient to think of our data in a virtual box, ready whenever we need it, this is not the case. Rather than creating a separate storage place, your data could easily become mixed with the data storage of other customers, whether by accident or on purpose, as cloud service providers store all data together, including yours, your company's, and even other customers'. Add to this the increase in data and files shared and stored, and security implications rise to new heights.
I believe the only way to prevent data loss among the file-sharing services employees use, often without corporate approval, is by implementing document-level security. This means the data and files are transported and stored to and from the cloud already encrypted to AES 256 standards and can be securely accessed from any authorized mobile or static device, with dynamically assembled keys. Therefore, all content at rest and in transit between the cloud storage and on a user device stays secure and will not get mixed in a large pool of data storage.
Ashish Tandon
Ashish Tandon is the Chairman and CEO of Indusface.
"I predict that the DLP market is ripe for big changes in the next few years..."
Data loss is a big problem for businesses that are increasingly using the cloud. While physical and network layers definitely need to be secured, a large part of the problem will be the Layer 7. Application data breaches make up 70% of hacking attempts, according to Gartner.
That is precisely why the data loss prevention market will become huge in the coming five years. In the new age, apps will need to be secured by storing critical data without compromising on speed or performance. Unfortunately, most of these businesses have no in-house application security expertise, hence exposing their application layer to potential security breaches.
With an increasing per capita data loss expense every year and business reputation repercussions, companies will have to focus largely on data loss prevention rather than investigation. Information security will be critical even when there is not enough time or expertise to fix or block these errors. Companies will need a security partner to protect their web and mobile apps from critical data loss. Regular application scanning and patching will rise.
Kevin Liebl
Kevin Liebl is VP of Marketing of Zadara Storage, an enterprise storage as a service (STaaS) provider. He has over 25 years of experience in growing storage, backup, and data loss protection-related startups from incubator-stage to leading players.
"Data loss protection is becoming..."
An OpEx, cloud-based function performed as a service, because it just makes more sense. Big company or small, no one has excess resources or excess budget these days – and everyone is wearing a lot of hats. At some point, hiring all these specialists including data storage managers, data security managers, data protection managers, etc., becomes unmanageable. Why not outsource it just as you would your computing resources, your storage, or even your software as a service? That way, you get the resource you need, and the time-consuming IT monitoring, management, upgrades, and support are all offloaded to someone else.
By leveraging data protection as a service, IT teams can offload the management aspect so that they can focus on growing the business rather than managing the storage.
Lloyd Marino
Lloyd Marino is the enterprise solutions expert and CEO of Avetta Global. Mr. Marino is a “Tech Whisperer,” a true master at translating and communicating byzantine technical processes that elude even the savviest business minds into language they can grasp. Mr. Marino’s clientele consists of the heaviest hitters in the interconnected worlds of business, finance, technology, government, NGO, and the military. He brings to the table a quarter century of experience working in senior management roles, including service as Chief Technology Officer and Chief Information Officer for various organizations ranging from emerging growth startups to Fortune 500 companies.
"The next generation of DLP will have to accommodate some changing trends..."
As more and more corporations are realizing the importance and benefits of allowing mobile devices in the enterprise, they have just scratched the surface of how to secure devices that are in their environment but that they do not own. I believe the next generation of DLP will need to focus on the environment in which a device is located and accessible from. The contextual awareness of a security application will be uniquely important so that it may realize the level of security that will have to be applied to the device it resides on.
For example, if your employer allows you to bring your personal mobile device on to the corporate network, you are inherently a security risk. Your internet traffic might be communicating on a separate network from that of the core operations of the employer in a best case scenario. When your device enters other environments where it could potentially pick up a threat, for example, your favorite coffee shop, you might bring said threat back into the corporate environment.
The industry will start to think along the lines of contextual awareness as new software and technology pertaining to DLP is being developed. This way, the security level of a device can adapt to the environment it is located in.
Darren Guccione
Darren Guccione is the CEO and co-founder of Keeper Security, Inc. Keeper is the world’s most downloaded password security application, is certified SOC 2 compliant and utilizes world-class encryption to safeguard its users. Keeper and Keeper Enterprise, an international business solution for storing, accessing and safeguarding passwords and personal information, is available on all major smartphones, tablets, and computers.
"The future of the DLP market in 2016 and beyond holds..."
I think there will be significantly more breaches, especially with the Internet of Things proliferating the way it is. It’s causing a huge security concern with connected objects, wearable technology, and smart devices. There will be billions of devices launched into circulation in the next few years which will make it even easier for hackers to breach networks. Protection of all of these systems should be our greatest concern.
Babak Hafezi
Babak Hafezi is the CEO of HafeziCapital International Consulting and Investing, a business management consultancy that works with Cyber Security companies to structure, commercialize, and raise capital both in the US and internationally.
"The DLP market has been growing but..."
At a much lower rate. DLP solutions work in theory, but many clients turn them off after purchase because they are just too much to manage and provide too many false positives. The next level of cyber security products will be based on human behavior identification and management that is self propelled and automated. CISOs and admins are already running way behind and budgets are cut year after year. They need systems that are much more effective with far less false positives. The future of cyber security is based on solutions that find threats based on behavioral changes within the network.
Victor Congionti
Victor Congionti is the CIO of Proven Data Recovery. With a Bachelor of Science in Computer Information Systems, Congionti's expertise is in IT security, cyber security, disaster planning & recovery, technology, and its role in business.
"The future of the Data Loss Prevention market as I see it is..."
Data loss prevention didn’t seem like it was taken seriously until its need became apparent through security incidents and loss at high profile companies. Even a Forrester Research Survey involving 673 decision makers in European and North American technology companies showed that only fifty percent had any data loss prevention tools installed. The misperceptions of the past regarding DLP causing interruptions or requiring constant maintenance are quickly changing as companies streamline and identify their sensitive data and establish policies to accommodate security and retrieval.
Cloud storage for data preservation may have been slow to adopt, but it is now considered the single main resource for data storage. But even with the highest level of security and ease of transitioning, there are still challenges with cloud storage. Beyond just encryption, the difficulties lay in the individual data access process itself. As was observed in the supposed “Apple” breach, the difficulties for the future do not necessarily involve security itself but increased education of the average user in being proactive to protect their information. Single location data storage will no longer be an acceptable method. The future will involve multiple cloud platforms integrated so that there is a constant state of timed ‘backup’ and ‘handoff’ from one platform to the next. The platforms themselves will have a variety of locations, some on a global scale. The cost of cloud storage will become attractive enough so that larger companies will establish their own network of both on- and off-premise servers.
Since many data breaches occur in the daily routine of business functions, there is now and will continue to be a requirement to have a higher level security within companies themselves. It will become part of business practice to be aligned or partnered with security industry professionals for consistent review and updating of internal security protocols as well as emergency routines in the case of hardware/software failures. On the side of avoiding and escaping a cyber attack, there will be continued new encryption processes that combine consistently changing algorithms. The technology that may be currently used in various government and Internet programs will be commonplace in the masses. Known as multi-layer encryption key management technology; the ‘devil will be in the details’ to outwit the cyber criminals. Transitioning to a completely automated data loss prevention system may sound seamless, and even the answer that addresses the current and future problems. However, we need to remember that as long as there is human involvement on a variety of levels, this will need to be the focus to avoid and eliminate any cracks in the system.
Bryan Ansley
Bryan Ansley is CEO of Secure Identity Systems, a company that specializes in identifying and combating fraud. He is based in Brentwood, Tennessee.
"To catapult the data loss prevention (DLP) market into the future we need to..."
First stop relying on what is currently not working. Dual-factor authentication does not stop intruder-in-the-middle attacks. Tokenization does not stop intruder-in-the-middle attacks. “Out of wallet” authentication methods do not stop intruder-in-the-middle attacks. Encrypted browsers have too many shortcomings to list in the scope of this article.
As 63 percent of all reported data breaches last year were point-of-origin sourced to key-logging, it is imperative that the future includes encryption at the keyboard level, as that is the only way to stop this form of attack. When we focus on the source of the biggest means of attack with real solutions is when we will see the breach numbers drop.
Randal Wark
Randal Wark is the founder and public speaker of IT Revolution, a firm that helps IT Firms hack their business to increase profits. Having survived in the IT world for 20 years, Randal’s instincts have given him the tools to help others adapt and evolve with the changing market.
"In 2016, I believe we'll see a few key trends in the Data Loss Prevention market..."
Would you trust a bank that uses a pencil and notepad to track its money? As awareness of very high profile hacks such as Sony and Ashley Madison have been highlighted in the press, companies are finally understanding the devastation of a security breach. While many companies have been doing backups, progressively improving from tape backups to imaging solutions, they are now understanding that a backup is only a small part of the solution.
You might have the best security to keep anyone from the outside from penetrating your network, but what about those from the inside who have access to your sensitive information 24/7? Imagine a bank that would lend money to people and not track if they were paid back? How long could they survive without someone taking advantage of the situation? What if all those transactions were tracked with legacy solutions that left much of it in the hands of human monitoring? The same is true with your precious data today. Many companies are realizing that their information is as valuable as money and without a proper system tracking your sensitive data using contextual analysis, human error or carelessness can lead to situations where sensitive information simply slips away from the company and into the wrong hands.
The trend for 2016 will be that companies will start looking beyond disaster recovery and look at securing their precious data from within. It might take a high profile example to expose risk, but companies that value their business will act before a disaster strikes.
Daren Klum
Daren Klum is the CEO of Secured² Corporation, a technology executive, inventor, and futurist who thrives on solving global challenges, developing exciting new technology, and bringing the total solution to market. With a growing list of patents/patents-pending, Klum continues to push the boundaries of what's possible with technology. His background includes information technology, hardware development, software development, technical marketing, and corporate finance. Klum enjoys the challenges of growing and investing in start-up ventures.
"Today, data conveniently sits in mass ready to be taken and..."
Too many companies have legacy technologies that deliver a static security posture of discover, monitor, and protect. All the problems of DLP are solvable by shredding data and having the ability to restore it on demand, after proving oneself physically. Shredding, randomizing, and placing it in globally diverse storage locations addresses the at-rest security and in-transport security issues. DLP is also moving to a 'prove it' model of authentication. No longer can we trust someone with a password. Instead, the password becomes the person. Knowing physically who someone is when they login provides the tools to track, report, and prevent unauthorized access to data. Tools for discovery and monitoring will continue to improve and very soon the thin veil of security caused by relying on math will come to an end.
Jerry Irvine
Jerry Irvine is a member of the National Cyber Security Task Force and CIO of Chicago-based Prescient Solutions. As CIO Irvine provides strategic direction for all clients, overseeing product innovation and implementation of the highest quality of service. Irvine has been deeply involved with the IT industry since 1987. As a result of his early experience, he became an expert in network communications and protocols when others in the industry were just learning how to use their first computer. Armed with this expertise, Irvine entered the consulting world working for companies like Network General and Advantis, performing detailed network analysis, design, and troubleshooting. Since then, Irvine has filled MIS and CIO positions at multiple facilities and has managed more than 100 technicians and thousands of devices. He has led multiple project teams, such as the largest Microsoft Directory migration project ever. In 2008, Irvine was selected to join the National Cyber Security Task Force, a joint operation between the Department of Homeland Security and the U.S. Chamber of Commerce. His expertise on cyber security has been featured in a number of national and industry publications, including The New York Times, WGN Radio, and Wired magazine.
"I see the future of the DLP market in 2016 and beyond as..."
Data Loss Prevention (DLP) to date has been little but a buzz word. Depending on the source, estimations for DLP's market growth over the next few years is around 20-23 percent; however, without major enhancements to the technology, I would be surprised if it meets those forecasts. In fact, the primary reason DLP applications are being projected to grow 20-23 percent per year is the continued increase in publicized security breaches, hacks, and loss of data.
Unfortunately, the technology has not grown rapidly since its introduction in 2006 due to the complexity of installation, time to implement, number of resources required to install and maintain, and percentage of false positives and false negatives. In fact, most implementations of DLP products are used simply for monitoring and alerting, which requires manual review and intervention rather than automated blocking because the number of false actions causes too much disruption to production environments.
There are multiple implementations of DLP products (server-based, endpoint-based, data solution-based), but all of them share the same difficulties and challenges – first and foremost, data categorization. DLP products are designed to monitor data environments and via a combination of automated and manual processes learn the confidential and/or proprietary data within an enterprise in order to define and implement data loss prevention rules. Many products provide hundreds of data format templates designed to make data categorization easier. Still, different states of data present problems with these products. Organizations may have data in proprietary applications or nonstandard data formats that are unreadable by the DLP solution. Encrypted data presents the same issue as it is unreadable by design. Additionally, unstructured data stored outside of databases and known applications presents a different issue as searching unstructured source and data files is more difficult, memory and processor intensive, and requires more time. As a result, categorization or tagging all data is difficult, if not impossible.
Another major challenge to DLP solutions is mobile devices. Mobile solutions are now being permitted to directly access the enterprise via perimeter-based security solutions such as the firewall, IDS/IPS, etc. Yet, these mobile devices have no real enterprise level security solutions on them or even available, leaving systems and data accessible to them vulnerable for theft, loss, and corruption of data.
Nevertheless, the increased requirements of Internet-based systems, data access, and mobile solutions is placing higher requirements on data security and controls. DLP solutions are being presented as the tool to provide that security and control, but will require much more functionality in order to fulfill all the industry requirements.
