We speak to Arlan about:

• Why traditional or legacy data loss prevention solutions are inadequate for running a modern DLP and data security program.
• The security challenges that are faced by a large and high-profile law firm like Kirkland.
• The value and power of data lineage and how it helps security practitioners save time.
• And more.

Why Kirkland doesn’t rely on traditional or legacy DLP solutions for its security program

In this clip, Arlan speaks directly to the limitations that traditional DLP solutions present when trying to manage a DLP program for a firm of Kirkland’s size. As an industry veteran who’s worked in highly regulated industries, he's leveraged DLP to satisfy security requirements but has found the technology lacking. 

The key limitation that Arlan sees with legacy solutions is that they’re reactive. Admins must first “define” what types of sensitive data they’re trying to prevent from leaking, and the security application takes its best guess at blocking this activity, usually without much context besides data classification through tags or regex. This results in an annoyingly high number of false alerts that security admins must take the time to sift through.

“The false positive rate of using RegEx is through the roof. You look for the word ‘classified’ in a document and get news articles containing that word. False positives sink many DLP programs.”

– Arlan McMillan, CSO, Kirkland and Ellis

What is the security landscape that Kirkland faces?

Here, Arlan goes into detail about the challenges faced by Kirkland, which highlights why legacy approaches to DLP won’t work for his security program. Like all law firms, Kirkland’s partners and clients expect complete confidentiality when it comes to the nature of the documents and information shared with the firm. However, given Kirkland’s size, the sheer volume of content to maintain and protect is massive.

Arlan talks about how in some more traditional compliance environments, it’s more acceptable to unilaterally block or “lock down” egress by veering on the side of aggressively applying DLP or data security policies. Arlan stresses, however, that this approach does not work for a service oriented organization where collaboration and sharing are essential to productivity. This requires building Kirkland’s data security program around solutions that can more accurately and effectively manage data exposure risk without hampering productivity. 

“You know, just by saying something is critical in our environment does not necessarily mean that you can wrap all of these super locked down controls. You have to have controls which are elastic and flexible and reflect the needs of our attorneys as well as protecting it at a very high bar.”

– Arlan McMillan, CSO, Kirkland and Ellis

Why rethinking DLP means rethinking the role of data classification

In speaking on the frustrations with legacy DLP solutions, Arlan highlights user-driven data classification ultimately is the bottleneck for organizations relying on these more traditional approaches. While he thinks that data classification is necessary, he thinks that what’s more reliable is identifying the lineage of the data within your environments. This is because data lineage provides more useful contextual information besides the category or type of data, which includes things like where the data is from, who interacted with it, etc. Data classification is better used to augment this for a more complete understanding of your data security risk.

“We have a data classification process, but they’re difficult to do well because the end users are creating documents and you're essentially asking them to do all the classification. But let's just be real about it. They're not gonna do it, right? Which means you have a policy which isn't being implemented and you don't have data to inform your tools or to react off. That's one of the reasons why data lineage works and DLP doesn't.”

– Arlan McMillan, CSO, Kirkland and Ellis

‍

{{ promo }}

When seeing is believing: The value of data lineage

Arlan recounts the first time he saw Cyberhaven’s data lineage functionality in action and how he understood it would instantly save his team hundreds of hours. He highlights how the ability to trace file events and leverage them as context means a tool can identify patterns without admins having to manually calibrate anything.

“In testing Cyberhaven, my architect found a document. But he didn't set up rules to catch this document. He just saw it because the system saw it and it jumped out at him. That was my aha moment. When you can have that visibility without setting up the alerts, without doing all of this identification groundwork. That's pretty cool.”

– Arlan McMillan, CSO, Kirkland and Ellis

What the future of security could look like with data lineage

In this final clip, Arlan speaks to his genuine excitement about the possibilities that data lineage presents for building a strong DLP program informed by data security best practices. He believes that this technology will help security professionals practice data lifecycle management, a foundational aspect of information security that realistically has been a challenge for even the most security-conscious organizations to practice.

“Being able to understand behaviors from a security standpoint to improve response and understanding behaviors to improve business processes is huge. That's been this holy grail that we've been talking about for years: Understanding the business and being an enabler for the business.”

– Arlan McMillan, CSO, Kirkland and Ellis

Learn from the industry’s top-notch security innovators

If you enjoyed this recap, make sure you join us for our next installment of the Data Security Innovator series by subscribing to our blog.