Federal government security has reached an inflection point – and not one that has resulted in a decline of data attacks. Data loss prevention (DLP), the traditional security system for protecting information, has tried to keep data safe in the past, but there’s a question as to whether it’s the best strategy to deal with a widening landscape of new risks.
Traditionally, data loss prevention has governed the way agencies have guarded their data. But as workflows expand to remote locations and agencies go to the cloud to enable modern, mobile workflows, DLP becomes less effective.
Oftentimes security concerns are what preclude agencies from considering cloud migrations and remote applications, despite potential productivity gains for their IT organizations and encouragement from the federal hierarchy. Data loss prevention works by identifying sensitive data housed within an agency and stopping its sharing outside of agency networks. By operating on these premises, however, DLP can drastically slow projects in progress as employees may not immediately be able to conduct legitimate business outside of networks because of security protections against potential data leaks.
As such business cases are common, DLP overloads security IT teams with a deluge of alerts, many of which may not be threats at all but legitimate business activities. The problem of false positives – or denying legitimate actions – has become so critical that some security teams have decided to lift some permissions, which in turn opens the floodgates to attackers.
“Nobody loves their DLP implementation,” Bharath Vasudevan, Senior Director of Product Marketing at Forcepoint, said. “It’s just a necessary evil that people have implemented to demonstrate regulatory compliance, and it usually brings far more challenges than it actually solves.”
Agencies have years of data on their systems, but often lack visibility into what they actually possess and what is worth protecting.
This can be dangerous in the case of archaic data policies that fail to understand the unique role of every individual and the data they need access to. Insider threats, furthermore, are enabled by the openness of unsecured, uncounted-for data.
While these challenges of DLP are well known, they are not likely to diminish as systems progress. Conversely, more devices and more access points, from more locations and on unlimited networks, threaten to overwhelm DLP administrators. The dark data of today’s on-premises world is small compared to what dark data could be when introducing the cloud.
To answer a spate of cyberattacks against federal agencies, regulations mandate that agencies secure their data at rest and have incident response plans in place. Agencies that rely on DLP alone could fail to meet many of these requirements.
“Government is recognizing the value of cloud solutions as well to allow for agility and growth, and the advancements in security tools have given them confidence to move their data. Much is still being evaluated by agencies based on each agency’s data management rules and regulations,” Denise Harrison, Chief Information Officer of Four Points Technology, said. Those regulations can include the Federal Risk and Authorization Management Program (FedRAMP) for cloud and the Health Insurance Portability and Accountability Act (HIPAA) in health care, as well as others such as the Payment Card Industry Data Security Standard (PCI DSS).
With DLP, agencies face greater roadblocks on the path to satisfying regulations and incorporating modern technologies. As the amount of data and number of access points grow, agencies need a new solution that enables productivity instead of hindering it.