[On-demand webinar] CISO Series: Decoding Cybersecurity Language with Adam Shostack

Watch now
March 16, 2021

Why DLP Is as Outdated as the DVR, and How to Start Binge-Watching Your Data

In the same way that the leap from DVR to VOD freed viewers to watch anything, the leap to continuous data tracing frees organizations to protect all their data.

Anthony Wood, the incredibly successful CEO of Roku, knows a thing or two about how people watch TV. If you’ll indulge me in an analogy, he can probably teach us something about data security as well.

Long before founding Roku, Wood invented the DVR. The DVR was a massive improvement over VCRs, but it was far from Wood’s ultimate vision of building a platform where virtually any video could be seen at any time. Oddly enough, this evolution from the DVR to today’s video-on-demand (VOD) streaming through devices like the Roku offers a great analogy for the state of data security today.

DLP technologies are in the midst of their own major phase of evolution. The old-school DLP approach based on point-in-time content scanning is giving way to continuous data tracing that understands multiple contexts of data, including its full historical lineage. Instead of requiring security teams to pick and choose which data to protect, all data can be traced automatically. Instead of having to predict and build policies for every possible way data might be lost or stolen, organizations can monitor all apps and channels automatically and apply policies on demand.

In the same way that the leap from DVR to VOD freed viewers to watch anything, the leap to continuous data tracing frees organizations to protect all their data. Let’s take a deeper dive to see what your old DVR can tell you about the need to transform your data security strategy.

Predicting the future is hard

It is always a lot harder to predict the future than to read the past. While the DVR was a major improvement over the VCR, users still needed to predict what they wanted to watch in the future. If you forgot to set up the recording or if it was a new show that you didn’t even know about until your friend recommended it, then you missed it. 

Traditional DLP tools operate very much the same way. Security teams must predict what data will be considered sensitive and how that data will move in the future. Security staff must create classification and detection rules for the content and then establish detailed policies for when, where, and how controls will be enforced. If the security team doesn’t perfectly account for every scenario, policies aren’t applied and potential data breaches are missed.

Cyberhaven solves this problem in much the same way that streaming solves the problem of recording content. You don’t have to predict what you will be interested in watching at some point in the future. That show your friend recommended that you didn’t know about when it first broadcast? Just go find it on a streaming service.

Similarly, with Cyberhaven all data is tracked all the time. Need to find company financial documents in locations that you didn’t even know about? No problem. Need to classify engineering documents as sensitive even if they have already been circulating internally for weeks? No problem. When all content is tracked automatically, then you have the flexibility to adapt your security on demand without missing anything. There’s no complex setup of rules or need to predict the future. All data has been traced, so you can apply appropriate policies to it at any time.

More channels, more problems

The shortcomings of the DVR were somewhat manageable when there was only a handful of shows that you wanted to watch. However, it would be almost impossible to use a DVR today and keep pace with the seemingly endless options of new shows, series, movies, and services that are available.

DLP tools face their own analog of this problem. In the past, the focus was narrowly placed on highly structured and regulated data passed over a limited set of applications. For example, DLP would look for payment card data sent over email. Today, organizations need to protect their intellectual property, which is often highly unstructured. Unstructured data far outweighs structured in almost every modern enterprise; it may include details of an upcoming product launch, business strategy, unreleased financial results, source code, or any number of additional types of sensitive data. There are likewise far more avenues for sensitive data to be shared and exposed Collaboration tools, cloud services and backup, messaging apps, social media, and personal email are just a few examples. With this increase in complexity, the task of predicting the future turns from very difficult to virtually impossible. 

Once again, Cyberhaven tames this complexity. The solution automatically tracks sensitive content across all types of applications, whether local or in the cloud. Content can be tracked even if the sending application is encrypted or a user copy/pastes data from one app into another. 

If we think of a streaming service, more content is a good thing rather than a problem. Likewise for a business, more data and more flexible application usage are good things that help the business. More data is also a good thing for security tools. The fact that the explosion of unstructured data is a hindrance for traditional DLP tools is a glaring sign that something is wrong. Modern data security tools should enable the business and benefit from this new wealth of data, not be flummoxed by it.

Never miss an episode 

While the DVR to streaming evolution provides a useful analogy, there is at least one way in which it breaks down. Let’s say you want to watch The Shawshank Redemption. Well, good news, because that particular movie gets shown a lot, and you’ll have plenty of opportunities to record it. And the beauty of a DVR is that you only need to predict the future once in order to record the show you want.

Security and risk mitigation doesn’t work that way. Instead of needing to be right once, security controls have to be right all the time. In the context of our analogy, that means we need a system that is going to record The Shawshank Redemption every time it is shown…forever. And oh by the way, you can’t simply record everything with “Shawshank” in the title. You’ll miss the Spanish translation, Sueño de Fuga, which doesn’t have “Shawshank” in the name (a false negative). And then you’ll accidentally record a variety of documentaries on the making of the movie that do have “Shawshank” in the name but aren’t the movie itself (a false positive). 

Admittedly, we are somewhat torturing the analogy here, but these problems are exactly like the issues plaguing DLP tools today. Organizations need to protect a much larger and more diverse set of content, shared over a much more diverse set of applications, while making sure that they catch derivative and renamed content without accidentally stopping content that simply looks similar. DLP solutions simply aren’t built for this new reality. Cyberhaven is. With full visibility into the context of data and total recall of where it has been and how it was created, Cyberhaven lets you dial up the security you want, on demand.


See our product in action