A lot of us remember the time when DLP was the darling of the security industry. It seemed like each new January, DLP would be touted again as that year’s catalyst of change and the semi-salvation of a data-poached world.
Now, DLP providers have largely been swallowed up by farther-reaching solutions with AI/ML capabilities. People don’t want a point product now so much as they want a strategy. We’re done picking entrees – give us a buffet. More with less, maximize, optimize – and none of this sounds new (or even strange). It’s just par for the course in a digital landscape where AI is being used to spin up ridiculous amounts of ransomware and the SaaS economy has exploded in the criminal underground.
However, DLP still ‘lives on’ in the capabilities of its successors and in the re-vamped versions hardline DLP providers have developed today. Let’s take a look at where this all came from, why the pivot, and where DLP is going in the future (which is, we can say, today).
Why We Needed Data Loss Prevention in the First Place
Here’s where it all began: sometime around the early 2000s (think Blackberry era) corporations started to amass large amounts of digital data on consumers. We were entering forms, taking our banking online, and using the internet for all of its ingenious and connective capabilities. Data was flying and, unfortunately, often flew in the wrong direction. As data started to ‘get lost’ (leak, get stolen, otherwise end up in the wrong places) the security industry came up with a solution: the (aptly named) Data Loss Prevention category.
The Heyday of DLP
And it worked. It was a straightforward product that was built around securing data in a couple of foreseeable cases:
- Data heist (malicious pilfering by bad actors)
- Employee mistakes (unintentional, sloppy data handling)
- Non-compliance (not following compliance rules designed to keep data safe)
- Malware (external threats like ransomware, encryption, corruption, etc.)
This held up well in an era in which there was no cloud, a basic ‘perimeter’, a (mostly) bot-less traffic lineage, and easy culprits (unsecured protocols like HTTP and SMTP to scan for).
The Decline of Data Loss Prevention Proper
All was going well, until DLP ran into some problems. It was the classic, “it’s not me, it’s you” scenario; the landscape had changed. Good little DLP had stayed the same, but the world it was now called to protect was strapped to a rocket. Suddenly, it couldn’t keep up.
Data turned “big”, and the cloud became the new operational modus operandi. Suddenly, any semblance of a perimeter was no more and the tools that protected on a linear scale were outmoded. Cybercriminals started obfuscating their signatures (so we couldn’t catch them) and when that didn’t work, they spun up thousands of new exploits (so we couldn’t keep up). AI and bot-based crawlers created petabytes of traffic (an order of magnitude previously unheard of) and disparate working environments (hybrid, remote, cloud-native) further complicated the once-simple task of keeping data from leaving the network.
In relief, there were now some glaring DLP limitations. Those included:
- Not being able to protect on the endpoint
- Not being able to secure what’s between the endpoints
- Not being able to see what’s between the endpoints
- Not being able to keep up with the sheer volume of data/traffic networks bear today
- Not being suited for complex and decentralized environments; cloud, hybrid, remote work, extended supply chains, etc.
In other words, DLP as we knew it was a tool for its time. Then, like T9, it reached a point where it had to evolve or be phased out for good.
Gartner agreed that something was changing. In 2018 they discontinued their Data Loss Prevention Magic Quadrant, noting that DLP vendors were shifting towards integrating DLP technologies within other, broader security areas instead. This was to better prevent leaks, respond to insider threats, protect the endpoint, and essentially do more that was needed to really protect data in a landscape that had fundamentally changed.
DLP Today: Absorbed or Evolved
There are two places you’ll find DLP today: absorbed as part of wider security strategies, or evolved as a bigger, beefier version of itself.
Absorbed
As noted in an article in Forbes, “[DLP is] bigger and more deeply integrated than ever before. It’s buried in your cloud productivity ecosystem, a feature of your next-generation firewall, a component of your email security SaaS, key to your zero-trust and SASE plans and central to your XDR provider’s service offering.” And it is. You can find it in:
- Digital Risk Management (DRM)
- Secure Service Edge (SSE)
- Insider Risk Management (IRM)
- Extended Detection and Response (XDR)
- Data Detection and Response (DDR)
And more.
In these ways, DLP is still with us; just more cleverly hidden.
Evolved
The second route is adaptation. To keep up with the demands now placed upon it, current DLP offerings have addressed the gaps and fixed what they’ve lacked. For example, they now offer:
- Alerts in context (for fewer false positives)
- Full-scale data lineage (where it comes from, where it goes)
- Comprehensive visibility and file recovery
Now that next-generation DLP offerings have come to the table with more relevant solutions, the DLP category has a chance of holding its ground, if not making a comeback.
DLP: Always with Us
So, the ultimate ending to this strange tale of evolution and resolution is that DLP never really left us. Like Star Wars’ Obi Wan, its disembodied form takes on near super-human powers as DLP-inspired capabilities float around Detection and Response solutions and sharpen the overall whole. And for those who don’t feel like a total strategy overhaul, some DLP pure-play providers have acclimated to the modern-era by trying to make DLP now as useful as it ever was then.
However, you get your DLP these days, one thing is for sure; no matter the form, “preventing data loss” is still the darling of the security industry.
