Pervasive Data Protection: Kick the Quick-Fix Habit and Go for a Unified Defense

The cloud is here to stay—and no one in the enterprise playing field would argue that point. Cloud adoption across nearly every business unit is a reality that CISOs have fully accepted. Now the big uphill battle for security professionals is how to gain visibility to and protect the vast quantity of vital data that flows in, through, and beyond the four walls of their organizations—to and from endpoints, through the network, and into the cloud and back. The question becomes: How do you ensure that data is secured across a controlled environment (the corporate network), where you have pretty high level of visibility, and an uncontrolled environment (the cloud), where you have little or no visibility at all?

When Silver Bullets Misfire

When we look at how most IT organizations are addressing the four essential ingredients of data protection—data loss prevention (DLP), encryption, web technologies, and the latest security buzzword, cloud access security brokers (CASBs)—it probably comes as no surprise that they typically depend on one or two vendors for each area. In an effort to cover all the bases, organizations resort to the silver bullet approach. They purchase the hottest next new thing in data security and bolt it onto their infrastructure in hopes that this collection of solutions will do the job.

Though the best-of-breed path may work in the short term, it has its shortfalls and actually creates even more problems:

  • When you add more and more products, you’ll eventually have a huge—and costly—management burden. With the current scarcity of specialized security talent, will you be able to find the resources with the right skill set to manage these products? And even if you do, the cost of staffing up will mount quickly.
  • Unintegrated products from multiple vendors can’t communicate with one another, so visibility and threat intelligence sharing is limited or non-existent. Sure, you can engage consultants to brute-force integrations, but that’s an expensive proposition.
  • Policy modification and management becomes inconsistent and unwieldy. Some CASB solutions, for example, do a great job of analyzing data about security events gleaned from log files (which may live on a separate server) pushed out from web gateways. But they often have no way of sharing the information they’ve gleaned. Typically, they lack the ability to automatically go back and modify web access policies to define what data can be shared, who can share it, and where it can be shared.

A Simpler Solution

Most organizations have had little choice but to go down this path, as they’ve had few viable alternatives. But, as we’ve seen, silver bullet solutions are only a temporary fix.

The best way to overcome the issues we’ve mentioned is an open framework that allows technologies to communicate with one another and unified single pane-of-glass management capabilities that allow for complete visibility—from the internal network to the cloud and back.

In the near future, you’ll see new advancements in more automated pervasive data protection through a unified architecture that brings together the four pillars of data protection across endpoints, the network, the cloud, and mobile. There are two key components of this simplified approach to pervasive data protection:

Centralized management:

  • Instead of disparate, non-compatible management consoles for web gateways, CASB, encryption, and DLP, centralized management unifies all data security technologies using a common platform, a common user interface, and common policies. You can synchronize data control policies in the cloud with those on premises for increased consistency. And, you actually need fewer policies. You can easily apply these to the network, endpoints, and the cloud—all from a single console. Maintenance is also easier. One administrator can do it all, so there’s no need to invest in additional staff.

Threat intelligence sharing:

  • This model also includes a communications fabric that enables information sharing with your endpoint protection suite, endpoint DLP, encryption and cloud Data Protection for faster and more accurate detection, protection, and correction.

It will become obvious soon enough that a best-of-breed approach to data protection is really more tactical than strategic, as it’s really only a stopgap measure. Security professionals can take heart now that they know there’s another choice on the horizon that provides them with greater visibility, ease of management, and simplified policy creation. Are you ready to take the leap?

 

For additional information about our product solutions, please visit our site: www.mcafee.com/pervasivedataprotection

Leave a Comment

19 − seventeen =