There are data breaches become a part of life. They affect hospitals, universities, government agencies, charities and commercial companies. In healthcare alone, 640 breaches were recorded in 2020, exposing 30 million personal records, a 25% increase over 2019, which equates to approximately two daily breaches, according to the U.S. Department of Health and Human Services. Globally, 2.3 billion records were broken in February 2021.
It is painfully clear that existing data loss prevention (DLP) tools are struggling to cope with the extent of data, ubiquitous cloud services, diversity of devices, and human behaviors that make up our virtual world.
Conventional DLP solutions are based on a castle and moat framework in which data centers and cloud platforms are the castles that contain sensitive data. They are surrounded by networks, endpoint devices, and humans that serve as moats, defining the defensive security perimeters of all organizations. Conventional solutions assign sensitivity scores to individual data resources and monitor these perimeters to detect unauthorized movement of sensitive data.
It is painfully clear that existing data loss prevention (DLP) tools are struggling to cope with the extent of data, ubiquitous cloud services, diversity of devices, and human behaviors that make up our virtual world.
Unfortunately, these historical security boundaries are becoming increasingly ambiguous and somewhat irrelevant, as robots, APIs, and collaboration tools become the main conduits for sharing and exchanging data.
Actually, data loss is only half the problem that a modern company has. Companies are routinely exposed to financial, legal, and ethical risks associated with the misuse or misuse of sensitive information within the corporation itself. The risks associated with the misuse of personally identifiable information have become widespread.
However, risks of similar or greater severity may result from the mishandling of intellectual property, non-public material information or any type of data obtained through a formal agreement that establishes explicit restrictions on its use.
Conventional DLP frameworks are not able to address these challenges. We believe that they need to be replaced by a new Data Protection Framework (DMP) that protects data from unauthorized or inappropriate use. inside a corporate environment in addition to their absolute theft or involuntary loss. DMP solutions will provide data resources with more sophisticated self-defense mechanisms rather than relying on surveillance of traditional security perimeters.