data security

Data security vs productivity: is it really one or the other?

For modern enterprises embracing digital transformation, finding the right balance between security, collaboration, productivity, and privacy can feel like an impossible juggling act. Data loss prevention (DLP), in particular, can leave security practitioners (using traditional DLP tools) in a “Sophie’s Choice” situation, forced to choose between:

  • Sacrificing employee productivity and privacy by enforcing strict DLP controls and fulltime monitoring to protect corporate IP.
  • Accepting a greater level of organisational risk in return for a more permissive and productive work environment.

The downsides of traditional DLP

“Research shows that among the organizations that use traditional data loss prevention solutions (DLP), 73% are concerned with data transformation difficulties, and more than half cite enabling productivity is a challenge.”  – Rudra Mitra, CVP, Microsoft Data Security and Privacy

Sacrificing productivity for data security is not a rare (or new) phenomenon. In fact, research shared in a recent Microsoft Whitepaper on the evolution of the DLP landscape suggests that over 50% of organisations using traditional DLP solutions struggle with productivity.

This isn’t the only drawback of traditional DLP solutions, either. Others to be aware of include:

  • Reactive Controls: Traditional DLP focuses on detecting breaches after they occur, requiring complementary proactive measures like encryption for effective defence.
  • False Positives: Inaccurate detection can generate numerous false alerts, overwhelming security teams and leading to alert fatigue.
  • Monitoring-Only Mode: Many DLP systems notify of leaks without stopping them automatically, requiring manual intervention and increasing the workload on security teams.
  • Business Disruption: DLP tools often necessitate changes to business processes, potentially impacting overall efficiency if not well integrated.
  • Complex Environments: DLP struggles to keep up with dynamic data environments and cloud services, leading to inadequate coverage.
  • Evasion by Attackers: Sophisticated attackers can bypass DLP tools by modifying data formats or using other evasion techniques.

But what’s the alternative?

The cloud-age solution

The inevitable future of DLP lies in cloud-based, cloud native technology, and a substantial number of organisations are already transitioning to these solutions. Most currently sit in a hybrid state, with some on-premises and some cloud functionality. Of these, Microsoft’s research shows 59% intend to complete their transition to fully cloud-based DLP, despite the improvements the hybrid state has already brought to their challenge levels.

“59% of the respondents in the hybrid state report a desire to move all of their DLP solution to the cloud and another 39 percent say they want to move at least some of their current on-premises solution to the cloud.” – Data Loss Prevention: From on-premises to cloud, Microsoft Security

The advantages of cloud DLP

The biggest advantage of cloud-native DLP is its ability to encompass the full people/process/technology triangle. 

The technology itself is able to prevent unauthorised sharing, use or transfer of sensitive information. At its most advanced, it can also automatically classify data to remove any dependence on people applying appropriate labels to safeguard the most sensitive data. 

Cloud DLP policies, controls and policy tips are also built into the apps in which sensitive content is used/shared/created, essentially meeting employees where they are to keep them compliant and productive.

Adaptive Protection

Microsoft’s latest release for DLP – adaptive protection – takes productivity support one step further. 

Adaptive protection enables organizations to automatically add users exhibiting risky behaviour to stricter DLP policies, adjusting restrictions as their risk profiles change. This dynamic approach means that organizations no longer have to choose between being too restrictive or too open. They can save time, maintain productivity, and effectively manage risks all at the same time.

We like to think of it as the beginning of a new era. One of dynamic and proactive risk prevention in which organisations can ensure security without sacrificing productivity. 

If you’re considering getting on board the cloud DLP movement – particularly as part of a wider Microsoft Purview adoption programme – get in touch with our security and compliance experts to discuss how we can help. Contact us.

The only way to really know if we’re a good fit is to get in touch, so let’s have a chat! One of our friendly experts will get straight back to you. You never know, this could be the beginning of a great partnership.
Bristol
Cape Town
Johannesburg
Email