Data management and security practices are changing rapidly as data becomes fully distributed and fully deployed in the cloud today.
Each organization uses hundreds software as a service (SaaS) applications – many that are not approved by the company. SaaS applications allow users to access them from anywhere, anytime, increasing productivity and collaboration, making Shadow IT one of the biggest headaches for enterprise IT.
Distributed data poses challenges to prevent data loss
While cloud Allowing businesses not to skip a beat during and after a pandemic, this change creates the new IT challenge of managing fully distributed data that is no longer local. Data is everywhere. The traditional security model for hubs and spokes is not enough to protect data in the cloud. Every organization should think about implementing modern ones prevent data loss (DLP) practices.
I recently did a ZKast with Moinul Khan, Vice President of Product Management for Zscalerdiscussing the importance of data protection in the cloud. Khan explained why DLP should not be a long, laborious process that takes time and resources for the security team. Highlights of Interview on ZKastmade in connection with eWEEK eSPEAKS are below.
See also: Secure Access Service Edge: Great benefits, great challenges
- Zscaler is a pioneer in the use of the cloud for security. It now uses the cloud to provide data protection. Zscaler believes that the platform’s strategy is key, where data protection, secure web gateway (SWG), security access brokers (CASB) and zero-trusted network access (ZTNA) are integrated into one platform.
- All these elements are combined in the Edge Security Service (SSE), a concept introduced by Gartner in 2021. SSE provides network access, cloud services and private applications. Conceptually, Zscaler has made SSEs from the beginning with its Zero Trust Exchange cloud platform, which securely connects users, applications and devices across any network.
- Later, Zscaler raised the bar for monitoring applications with Zscaler digital exchange (ZDX), a subscription-based service provided on the Zero Trust Exchange platform. ZDX focuses both on improving the user experience and on providing stable security by identifying various barriers. The two go hand in hand. If the user experience suffers from security, end users will not be satisfied.
- In the cloud age, organizations need to have strong protections focused on external and internal threats, as well as accidental data loss. Internal threats are a big problem for organizations. They can come from anywhere, for example when employees leave a company and take sensitive data with them. Zscaler is different from other vendors in this space in that it doesn’t just provide an overlay proxy like traditional DLP.
- The traditional DLP approach is not effective in verifying structured and unstructured data. This requires constant policy tuning, ongoing management by large teams and a lot of overhead. That’s why Zscaler focuses on contextual DLP and the different types of files that leave the premises. If users upload encrypted documents, Zscaler can determine where the data comes from, where it goes, and the activity of cloud-based applications.
- Organizations need to pay attention to the type of data being shared. Therefore, Zscaler has automated data classification using machine learning (ML) and artificial intelligence (AI) to reduce false positives. He also introduced advanced data classification techniques such as exact data matching (EDM), indexed document matching (IDM), and optical character recognition (OCR).
- OCR is important for DLP to verify screenshots that contain sensitive information. There are cases in which a dissatisfied employee can take a screenshot of a company file with his phone and steal the data. OCR can extract data from an image file while DLP protects the data and / or intellectual property of the company. Zscaler can detect and block these types of transactions.
- Zscaler uses ML / AI algorithms to build predefined dictionaries and to classify data, as noted above in the OCR example. In addition, ML / AI helps to identify user behavior. For example, if an employee starts downloading an excessive number of files, this is a deviation from his normal behavior and an indication that he may be stealing company data. AI / ML identifies such anomalies and triggers signals.
- Data protection is a gradual journey. The first step is to have full visibility, that is, to be able to see all the traffic connected to the Internet. The second step is to block all risky applications that are not approved by the company. The third step is to focus on the zip files that users can send, as the leading exfoliation points for organizations are personal cloud storage and email applications. Finally, data that is already in the cloud must be protected and not exposed to the outside world.
See also: The Successful CISO: How to Build Stakeholder Confidence