The data protection landscape has changed dramatically over the past 20 years. Two decades ago, when most data loss prevention (DLP) solutions were designed, work was still primarily on-premises using company-issued devices. Windows was the most popular operating system, software was configured as golden images, and security teams focused their attention on file servers, network printers and internal network collaboration.

There was also a well-defined perimeter between the inside and the outside of the company.

The current situation is very different. Although the Covid pandemic accelerated change in terms of how businesses operate, these changes began long before the pandemic struck. Software-as-a-service (SaaS) applications and cloud environments have been used for some time to help streamline operations and reduce the size and cost of maintaining internal data centres. Today’s business world is “work from anywhere”, “bring your own everything” and “cloud enabled”. The applications used to create, distribute and manage data have become the new perimeter.

Supply-chain security

Unfortunately, the threat landscape evolved alongside business environments. Where DLP was once only an issue for enterprises that managed large quantities of sensitive or proprietary data, in today’s increasingly connected world threat actors understand that an organisation’s weakest link is often its supply chain.

Non-employees such as partners and vendors who may require access to internal systems to provide their services are now a target, and this can include legal teams with access to patent applications, accounting firms managing non-public financial data, and outsourcing partners with access to source code, product plans and other intellectual property.

Security, privacy gain board-level attention

In addition, poor data protection leads to financial, legal, regulator, and reputational risk. The EY Global Board Risk Survey found that 84% of boards do not believe their organisations have highly effective risk management strategies.

This is key from a strategic standpoint because the regulatory environment is growing increasingly stringent. South Africa’s Protection of Personal Information Act (Popia), the EU’s General Data Protection Regulation (GDPR) and other laws require organisations to better protect sensitive consumer data.

Effective data loss protection is also important to leadership because data breaches grew ever more “personal” after the 2017 Equifax attack. The fallout included a reduction in the company’s market capitalisation by more than 30% and the forced retirement of the chairman and CEO, CIO and chief security officer. In addition, these days directors and executives may face personal liability as a result of having breached privacy law in South Africa.

Employee experience matters

The great resignation and changes in worker attitudes and behaviours have made organisations acutely aware of the need to build trust relationships with their workforces to improve recruitment, retention and engagement. Too often, legacy data protection solutions lead employees to believe that management does not trust them, and intrusive monitoring cements the sentiment.

A shift to privacy by design is critical to successful data protection strategies. This includes technologies such as pseudonymisation, which replaces any information that could be used to identify an individual with a pseudonym until circumstances dictate that unmasking is justified. Certain privacy acts such as the GDPR recommend this technique, and it’s only a matter of time before others follow suit.

Faster time to value

A cloud-dominant world requires cloud-native solutions. These include machine learning on endpoints with agents for fast deployments, immediate visibility to risk, and rapid time to value. Today’s solutions must be capable of protecting data on and off the corporate network, and across SaaS, messaging and video conferencing apps.

Legacy DLP requires months to pre-classify all data prior to enforcing rules, and entities cannot keep up with the velocity at which data is created, shared and changed today. Moreover, businesses must also look beyond granular rules that dictate which users can take which actions with each class of data, because these inevitably lead to false positives that impede legitimate workflow, frustrate users and cause alert fatigue in the security operations centre.

Next-generation DLP revealed

Next DLP designed its data protection platform, Reveal, for the modern technology stack, user, and threat space. Reveal is cloud native and features smart agents for fast deployments. It classifies data in real time as it is created and used, and employs machine learning on the endpoint for immediate visibility to risk and rapid time to value.

In addition, Next DLP protects data on and off the corporate network and across browsers, USB storage, SaaS, messaging and videoconferencing apps. Policy-free visibility autonomously evaluates content and context to protect data as it is used.

Finally, Reveal leverages privacy by design principles and pseudonymisation to mitigate threats while protecting user privacy and limiting bias in monitoring activity.

About Next
Next DLP (“Next”) is a leading provider of data protection solutions for organisations with valuable data that must uncover risk, educate employees and fulfil security, compliance and regulatory needs. Next’s mission is to reinvent data protection for today’s distributed organisation. It is disrupting the legacy data loss prevention market with a user-centric, flexible, cloud-native, AI/ML-powered solution built for today’s threat landscape. The company’s leadership brings decades of cyber and technology experience from Fortra (previously HelpSystems), DigitalGuardian, Forcepoint, Mimecast, IBM, Cisco and Veracode. Next is trusted by organisations big and small, from the Fortune 100 to fast-growing healthcare and technology companies. For more, visit https://www.nextdlp.com or connect on LinkedIn or YouTube.