Evolving the Cybersecurity Conversation

The Evolving Landscape of Data Security: From DLP to DMP

Data breaches are now a commonplace occurrence, impacting organizations across all sectors – from healthcare and education to government and business. In 2020, the healthcare industry alone experienced 640 breaches, resulting in the exposure of 30 million personal records. This represents a 25% increase from 2019, averaging approximately two breaches each day, as reported by the U.S. Department of Health and Human Services.

Challenges with Traditional Data Loss Prevention

Currently available data loss prevention (DLP) tools are increasingly challenged by the complexities of modern data environments. The proliferation of data, widespread adoption of cloud services, the diversity of devices, and inherent human behaviors all contribute to this difficulty.

The Castle-and-Moat Approach

Conventional DLP solutions operate on a “castle-and-moat” model, treating data centers and cloud platforms as fortified castles. Networks, endpoint devices, and personnel form the surrounding moats, defining the security perimeter. These systems categorize data based on sensitivity and monitor these perimeters for unauthorized data movement.

However, this traditional security framework is becoming less effective. The rise of bots, APIs, and collaborative tools as primary data exchange methods renders these established boundaries increasingly ambiguous.

Beyond Data Loss: The Problem of Data Misuse

Data loss represents only one aspect of the challenges facing modern enterprises. Organizations also face significant financial, legal, and ethical risks stemming from the improper handling or misuse of sensitive information internally.

While the risks associated with personally identifiable information (PII) are well-known, similar or even greater risks can arise from the mishandling of intellectual property, confidential business information, or data subject to usage restrictions.

The Need for a New Framework: Data Misuse Protection

Existing DLP frameworks are inadequate to address these evolving threats. A new data misuse protection (DMP) framework is required, one that safeguards data not only from theft or accidental loss but also from unauthorized or inappropriate use within the organization.

DMP solutions will empower data assets with enhanced self-defense capabilities, reducing reliance on perimeter surveillance.

Key Principles of a Data Misuse Protection Framework

Instead of simply tagging data and applying policies, data assets should inherently possess comprehensive metadata and subscribe to services that protect their integrity and control their usage.

Data Lineage and Asset Understanding

Critical data assets should maintain a complete record of their origin and evolution. Metadata should detail the creation process – how, when, why, and where the asset was initially constructed – and this information should be inherited by all derivative assets.

Consistent application of security classifications and usage restrictions can minimize the need for extensive scanning and tagging processes.

Emerging Solutions for Data Lineage

Several companies are pioneering solutions to address these challenges. Cyberhaven offers a tracing solution to retroactively determine data file lineage. Secure Circle ensures that files transferred to portable devices retain the access controls established for their source systems. Manta focuses on establishing lineage by continuously analyzing the software algorithms used to create derivative assets.

Policy-as-Code and Metadata Management

Platforms like Stacklet, Accurics, Bridgecrew, and Concourse Labs are emerging as policy-as-code vendors, enabling enterprises to populate and maintain consistent metadata schemas during application development.

Continuous Security Assessment and User Behavior Monitoring

New tools are also providing continuous insights into the security of data hosting environments. Kenna Security integrates threat intelligence with existing security tools to assess infrastructure vulnerabilities. Traceable monitors user behavior, API interactions, and data movements to detect potential misuse.

The Human Perimeter

In today’s cloud-centric, device-agnostic, and collaborative environment, people represent the primary security perimeter. The retention surface – encompassing access permissions and authorization privileges – defines the scope of potential data exposure.

Authomize analyzes user privileges and suggests ways to mitigate privilege escalation. Okera enables data stewards to manage entitlement rights on an asset-specific basis. CloudKnox, Ermetic, and Sonrai Security provide privilege management capabilities within public cloud platforms.

Self-Defense Mechanisms and Automated Policy Enforcement

A next-generation DMP framework will equip data stores with self-defense mechanisms leveraging enriched metadata, specialized service subscriptions, and customized applications to regulate usage scenarios.

Automation is crucial for accelerating responses to security events and reducing the burden on security teams. However, inconsistent policy enforcement across multiple tools can lead to confusion and undermine security effectiveness.

The Need for Policy Brokerage Services

Abstracting policy administration into centralized brokerage services would streamline enforcement. However, the lack of accessible APIs for existing tools complicates the discovery, normalization, and orchestration of procedures.

Developing configurable policy brokerage services capable of orchestrating asset-specific responses is a key area for innovation.

Regulating Human-Data Interactions

Customized low-code applications, RPA software bots, and data service APIs can further regulate human interactions with sensitive data, restricting how data is sourced, transformed, and shared.

The Path Forward: From DLP to DMP

The transition from DLP to DMP will be an iterative process. New tools and capabilities will emerge gradually. Security teams should initially integrate these capabilities with existing practices and eventually replace legacy DLP solutions.

Delaying a comprehensive reimagining of data security as a DMP problem is not advisable. Many foundational practices – metadata enrichment, hosting environment surveillance, entitlement management, and automation – can be implemented today using cloud-based services.

Proactive adoption of these practices will position organizations to benefit from emerging DMP capabilities.

Disclosure: Sid Trivedi is a board member of Stacklet and CloudKnox; they are Foundation Capital investments. Mark Settle is an advisor to Authomize.