7 major trends changing how organizations use DLP

The pandemic accelerated a number of technological, business, and workforce behavior trends that are transforming today’s risk landscape. The downstream impact of this is that security practitioners must take these changes into account when procuring and deploying security applications. In this post, we’re going to briefly highlight these changes and the ways in which they’re impacting how security and IT teams are approaching data protection.

The new normal

It’s no big secret that post-pandemic, many companies want employees to return to the office, if only part-time. Simultaneously, many organizations are retaining globally distributed teams, which is entrenching hybrid work as the new normal. For security and IT, this means protecting a wide array of infrastructure. Some of it will be on-premise, like data centers and corporate intranets. Some of it will live in employees’ homes or be used in public spaces, like laptops and work phones accessing data in corporate cloud applications. This new normal requires you to protect your data, wherever it lives. This means understanding the need for uniform visibility into cloud, endpoint, and on-premise systems as data egresses across all of these modalities. In response to this change, many organizations will need to revisit what types of security solutions they’re leveraging for their data protection programs.

The trends shaping risk for hybrid organizations in 2024

While there are many factors that contribute to data security risk, there have been seven pre-pandemic trends whose impacts have become more extensive in 2023 going into 2024.

Technology-based factors affecting data security risks

Many organizations currently leverage a suite of data security solutions, including data loss prevention or DLP, to monitor the movement of data within their systems. However, this state of affairs is resulting in coverage gaps, as the ways in which data can be shared have grown since the initial introduction of DLP applications. Unfortunately, legacy DLP solutions have struggled to keep pace with these changes. For example:

1. Direct device-to-device transfer technology has made it easier than ever for employees to send large volumes of sensitive data through non-traditional vectors. Typically, DLP monitors egress via email or, if a CASB is deployed, through applications initiating HTTP requests. Apple AirDrop and Windows Nearby Share bypass these controls.

2. Encryption has changed security, with modern cloud applications leveraging certificate pinning and end-to-end encryption to ensure data is not intercepted in transit, which makes it impossible for network based DLP tools to inspect this content.

{{ promo }}

Business-related factors affecting data security risks

Security is just one part of the broader set of considerations that organizations navigate. Some broader business risks with security implications include:

3. Layoffs and organizational restructuring have become important considerations in the past two years. While economists have indicated that the economy is currently not in recession (having shown strong growth for much of 2023), 2022 and 2023 saw many large companies—especially tech companies, downsize. Surveying of some companies indicates that many expect layoffs and restructuring to continue throughout 2024. Layoffs require security organizations to coordinate with HR and IT to properly deprovision employee access and verify that employees don’t leave with sensitive or critical information on their way out. Modern and mature security programs must have the bandwidth to address the security risks associated with any amount of downsizing.

4. Corporate espionage is growing as many organizations face increased risk from competitors or foreign companies who want to steal proprietary information in order to gain an advantage. This year has seen a number of high-profile stories that really highlight this problem and illustrate that security teams need modern security solutions that enable them to not just monitor risk, but proactively block the unauthorized movement of IP in real time.

5. Third-party risk from an extended human supply chain has been growing over the past few years. Organizations are increasingly finding that the actions and behavior of contractors and partners they’re working with might jeopardize sensitive data. For example, your company might have external contributors who have access to your code repositories, or maybe your company works with an external agency with API access to your customer database. It’s critical that you have the visibility in place to secure sensitive assets, regardless of who in your human supply chain has access to them.

Risks stemming from changes in workforce behavior

Finally, post-pandemic, the way that employees engage with work has changed. Some of these trends include:

6. Usage of personal instances of corporate apps is becoming more common. Employees are leveraging personal versions of popular corporate applications like Google Drive, Microsoft OneDrive, Dropbox and other collaborative SaaS tools. For example, an employee might wish to migrate work documents to a personal instance of one of these apps to continue work from a personal or mobile device, which may not have access to their corporate accounts. It’s critical that organizations retain control of where their data is egressing, especially if this leads to data leaving environments under an organization’s control.  

7. Overemployement is another trend that started during the pandemic but accelerated in 2022 and 2023. Overemployment is the act of remote or hybrid employees working more than one job at a time without the knowledge of any employers. Colloquially known as “double dipping,” overemployed individuals usually have work devices from each of their employers and anecdotally have ended up in situations where they’ve shared data or content with employers from the wrong company. Although it’s not the security organization's responsibility to police employees’ time or enforce moonlighting and non-compete clauses, overemployment does introduce security risks, with employees potentially accessing resources while using other corporate networks or devices.

Shopping for security solutions to solve modern problems

As these seven trends highlight, companies are facing new challenges that are shaping the nature of the data security risks they face and are bumping up against the limitations of legacy solutions which were not built from the ground up to tackle the problems of a hybrid world. In conducting research and speaking with security practitioners, we’ve put together a DLP buyer’s guide to share 11 common considerations that will help you evaluate whether a solution can effectively address today’s security challenges. Download it here.