Why you need to rethink your data security strategy and go beyond DLP

The increasing frequency and scale of data breaches has highlighted the need for organizations to rethink their approach to data security. Data Loss Prevention (DLP) technologies have been around for decades and formed a large part of many organizations’ data protection strategies. However, there is ample evidence that DLP and other traditional security controls such as perimeter controls, endpoint protection and Privileged Access Management (PAM) have failed to prevent large scale data breaches.

In fact, the number of data breaches is increasing more than 30% each year, and the number of records compromised each year is increasing by an average of 224%. To put that into context, in January 2021 alone we saw more than 870 million records compromised, which is more than the total compromised records for the entire year in 2017.

While yes, the increase in breaches can be partly attributed to the fact that organizations are creating and collecting more data than ever before, another part is due to the lack of focus around database security.

Modern data security must include database security

The modern way in which data is collected is through applications and APIs which directly send data collected from end users to a database. Therefore, there is huge amounts of critical business data stored in databases today. However, many organisations have not put enough focus on developing well-rounded data security strategies that incorporate deeper monitoring and controls around the datastore itself.

Historically, organizations have paid little attention to the database security domain and instead have had security teams monitor the small segment of the data estate that ensured regulatory compliance. However, this strategy is no longer sound when you consider the growing giant data estates organizations are managing in increasingly complex environments. To mitigate the security risks, organizations need to make database security, not just compliance, the core objective of their data protection strategy. Securing data at its source and understanding how it’s being accessed and used is very important if we want to identify anomalous data access and take action before it becomes a large-scale data breach.

DLP still leaves gaps in data security

Many organizations rely heavily on DLP to protect their data. However, the complexity of setting and maintaining allow/deny policies in traditional DLP leaves significant gaps in data protection. A recent survey by Osterman Research found 68% of cybersecurity professionals said existing DLP tools are difficult to configure, 60% said they are difficult to maintain and 51% said DLP cannot prevent data exfiltration.

Former Gartner Analyst Mike Wonham summarizes the challenges:

“What causes DLP analysts pain is the context – the need to evaluate each instance and decide whether Alice should be allowed to do that, Bob this, and Chris the other.

The bottom line is that security people struggle to have the insight to make those decisions and business managers are reluctant to block things when productivity is on the line.

Scenarios are getting more complex and DLP vendors need to rethink to enable them to reset their solutions and allow clients to realize value. The situation has become critical because of mobility, business interconnections, data type proliferation, regulation, and of course, the cloud.

As a concept, DLP for data on the fly seems to enable and solve a number of issues. But in today’s market, it’s like running a horse and wagon on a modern highway – right idea, wrong execution, potentially dangerous and HARD WORK.

I suggest instead … that the demand for DLP for data in motion is getting bigger and will continue to do so. But the scenarios are getting more complex and DLP vendors need to rethink to enable them to reset their solutions and allow clients to realize value.”1

Because of the complexity of implementing DLP and the continual investment needed to review and update DLP policies, many organizations fail to see a good return on their investment. In fact, Gartner research consistently demonstrates that organizations procure much more DLP functionality than they can absorb and have deployed2. One Gartner paper on DLP said, “Looking to do too many things at once with DLP technology will often lead to getting nothing done, while looking to do less will lead to them being done well3.”

Key challenges in data protection

Beyond these challenges with DLP specifically, a recent Forrester report found organizations faced three common data protection challenges:

  1. Need for improved data protection. The increasing amount of data brings with it the responsibility to make sure that protection against a wide variety of possible violations and breaches is adequate. In their legacy environments, the organizations were unable to triage the growing amount of data access behavior through anomaly detection, data classification, data entitlements, and vulnerability assessment.
  2. Lack of readily available and constructive analytics. Absent the capacity to easily access historical data, the organizations lacked visibility into data access activity they needed to accurately assess their data security postures and fulfill regulatory requirements. Without quick access to accurate analytics, the organizations faced lengthy incident investigations, unresolved requests, and inefficient auditing processes, often followed by penalties and fines.
  3. Increasing costly licensing and storage needs. Having to process a rapidly growing, daily inflow of log data, the interviewed organizations faced increasing, expensive storage and licensing needs that collected, aggregated, and housed difficult-to-access and sometimes redundant data. They sought a platform that would offer an improved compression rate, allow for longer audit data retention periods, and eliminate costly storage fees and appliance requirements.

Protecting your data and getting return on investment

The Forrester report found that organizations could solve these challenges and make a significant return on investment when they adopted Imperva Sonar for Data Protection. Imperva Sonar is a database monitoring and security management solution that protects data by continuously analyzing the access behaviors of users, processes, and applications.

Using the composite results of deploying Imperva in five customer environments, Forrester Research discovered these quantitative benefits:

  • Received a net present value (NPV) of USD$4.1M over 3 years including:
    • Security and compliance staff time savings of US$2.9M
    • Infrastructure and storage cost reduction of US$1.7M
    • Licensing reduction US$1.4M
    • FTE resource reassignment of US$722K
  • Experienced a return on investment of 152%
  • Realized payback in less than six months

Managing compliance

Another critical risk that businesses need to manage in relation to their data is privacy. Regulations and compliance checks are holding organizations financially accountable for the security and privacy of the data within their environment. This makes it critical for organizations to be able to discover, identify and classify personal data across their estate.

Imperva has leveraged its expertise in database discovery, data classification, and sensitive data management to ease the challenging task of identifying all the places personal data is stored in an environment, and who and what is accessing it.

With Imperva Sonar, organisations can streamline data privacy compliance and protection, and minimize the manual processes required to maintain continuous compliance while saving time and money.

Adopting a defense-in-depth strategy

Businesses today need security solutions that protect data and all paths to it. The best way to accomplish this is through security that provides true defense-in-depth from the edge to applications to the data itself. The ideal scenario is a “layered” security model where malicious actors must pass through multiple gates in order to execute an attack, without introducing latency or jeopardizing essential business processes.

DLP is just one line of defence in this “layered” security model. Organizations can further reduce the attack surface by securing their database environments. Continuously performing discovery and assessments (DAS) to locate the sensitive information and find security holes is a great way to stay on top of your organization’s security posture and eliminate bad practices inside the database environment. These practices, combined with the implementation of security products like web application and API protection (WAAP), database security and database risk analytics (DRA), and the adoption of good security practices like frequent patching, the dilution of excessive privileges and strong authentication mechanisms, can help avoid a data breach.

Protecting your organization’s data is a never ending process, you must always work toward optimizing your security architecture, policies and practices, both for your assets and employees.

1Wonham, Mike. “It’s a Complex World and DLP is Struggling.” Gartner Blog, October 22, 2020,
2Chuvakin, Anton. “My Second DLP Paper Publishes” Gartner Blog, April 18, 2013,
3Chuvakin, Anton. “My First DLP Paper Publishes” Gartner Blog, March 15, 2013,

The post Why you need to rethink your data security strategy and go beyond DLP appeared first on Blog.

*** This is a Security Bloggers Network syndicated blog from Blog authored by Reinhart Hansen. Read the original post at: