Traditional data protection has been about securing data behind the corporate perimeter, locking down IT systems and endpoints with firewall and data loss prevention (DLP) technology. Now there is an increasing recognition that traditional data protection is not working. Faced with the new realities of cloud, shadow IT, BYOD, increasing collaboration with 3rd parties, and “last mile” endpoints like USB devices… no matter how well you secure data behind the perimeter, your data will eventually leak.
In their DLP magic quadrant analysis, Gartner said “At present, even with extensive DLP coverage across endpoints, networks and data repositories, there are still gaps and data flows where data can leak. The better answer is a data security strategy focused on securing the data itself, as opposed to trying to secure every system that comes in contact with sensitive data.”
What Gartner is talking about is a revival of Digital Rights Management (DRM) technology, that embeds encryption directly in a company’s valuable data assets themselves – their sensitive files and e-mails – so that even if the data does leak beyond the perimeter, it’s still protected.
Much like AI and Blockchain, Digital Rights Management technology is an extremely attractive concept that has had implementation challenges, but is now starting to overcome those implementation obstacles to go mainstream, most notably Microsoft Azure Information Protection (AIP). Here’s a look at what to expect.
There’s a lot of excitement in the security world today around artificial intelligence (AI) and, more specifically, machine learning (ML). CSO Online lists their top 5 use cases for machine learning in security which include detecting malicious activity in the network, automating repetitive tasks, and analyzing large volumes of data for threat intelligence. But another immediate application of machine learning will be in data protection and the prevention of data leaks.
The General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) introduced a higher bar than ever before for data protection, in all industries. It applies to any company that comes in contact with any form of European personal data. Article 32 of the GDPR, covering the security of processing recommends the use of encryption for personal data. In fact, encryption is increasingly recognized as the “get out of jail free card”, because GDPR does not require you to report a data breach if it involves data that was encrypted, giving companies a powerful incentive to re-think their company-wide encryption strategy.