yesterday’s solutions won’t solve tomorrow’s data security ......to better manage the movement...

1

Yesterday’s Solutions Won’t Solve Tomorrow’s Data Security Issues

Get started

Understanding Shortcomings With Current DLP/CASB Security Solutions And How To Fill The Gaps

FORRESTER OPPORTUNITY SNAPSHOT: A CUSTOM STUDY COMMISSIONED BY CODE42 | JUNE 2020

2

Companies Need Better Security To Meet The Evolving Challenges Of Insider Threats

As businesses push to digitally transform and empower employees, collaboration technologies and cloud applications have become more advanced. While these improvements allow users to be more mobile and make data increasingly portable, they also move data far beyond the traditional security boundaries. Many companies struggle to keep up with effective data security and protection amid such advances.

Traditional data classification-based policies and blocking approaches are protecting less data than ever before, especially user data (which includes many files that employees are working with on a daily basis on their computers, in cloud applications, and in collaboration tools). Security products employed in the past are no longer sufficient and/or must be more efficiently utilized to meet modern data security challenges.

Key Findings

DLP/CASB solutions do not fully support evolving security needs and requirements.

Current DLP/CASB solutions are underutilized, partially because data security pros find the capabilities difficult to manage.

Companies are investing in improvements to help with threat intelligence and improve incident detection, investigation, and response.

Companies are taking a mix of user- and data-centric approaches to new solutions.

Overview

Current State

Implications

Opportunity

Conclusion


YESTERDAY’S SOLUTIONS WON’T SOLVE TOMORROW’S DATA SECURITY ISSUES

Overview

3

Companies Want To Improve On Existing DLP/CASB Solutions

Companies’ initial goals when adopting data loss protection (DLP) or cloud access security broker (CASB) solutions had been to better control user access to data and satisfy compliance requirements. However, as time has passed and the variety and complexity of data security requirements expand, companies now want to do more with their DLP/CASB solutions.

Outcomes are no longer about just satisfying compliance or allowing only certain people to access specific data that doesn’t move or change. Instead, companies are working toward more comprehensive data protection by enabling better threat visibility and monitoring; improving detection and prevention of attacks on data; and improving mitigation time for when data loss occurs.

“What outcomes were the primary drivers of your company’s initial adoption of data loss protection (DLP) or cloud access security broker (CASB) technology?”

Base: 316 US IT and security decision makersSource: A commissioned study conducted by Forrester Consulting on behalf of Code42, March 2020

INITIAL TOP 3 DRIVERS WHEN ADOPTING THE TECHNOLOGY

CURRENT TOP 3 DRIVERS WITH THE TECHNOLOGY

53% Better control user access to data

53% Better security threat visibility and monitoring

49% Satisfy legal and compliance requirements

50% Improve detection and prevention of attacks

48% Reduce risk of insider threats

43% Improve mitigation time

Overview

Current State

Implications

Opportunity

Conclusion



Current State

4

Current Solutions Are Underutilized And Difficult To Manage

Many organizations find it difficult to fully utilize DLP/CASB tool capabilities beyond their initial priorities of controlling user access and satisfying compliance requirements. The primary reasons for these challenges include: 1) difficulty using tools (77% of respondents report not using the tools’ full capabilities because they are too difficult to implement, maintain, and administer); 2) belief among security leaders that current business systems offer the security solutions they need in a different format (57% of respondents use business systems that provide adequate data protection capabilities built in); and 3) difficulty hiring people with the specialized knowledge required to optimize usage of these tools (55% of respondents lack personnel with proper training to manage DLP/CASB solutions).

“What are the primary reasons your company is not making full use of the capabilities of its DLP/CASB solutions?” (Select all that apply)


Capabilities are too difficult to implement, maintain, and administer.

Our business systems have adequate data protection capabilities built in.

We lack personnel with proper security skills to manage DLP/CASB solutions.

77%

57% 55%

Overview

Current State

Implications

Opportunity

Conclusion



Current State

5

Limited Usage Of Tools Creates Security Blind Spots

Data security pros find themselves in a more reactive security state with current DLP/CASB tools, focused mostly on classifying and monitoring data types and associated threats that they are aware of. Only 25% report they are heavily using DLP/CASB solutions to block exfiltration attempts. This passive approach can lead to gaps in security coverage, especially around detection, investigation, and response to threats related to new data types.

Most decision makers surveyed face significant challenges classifying and identifying data where end users are using, modifying, and moving it. Traditional policy-driven approaches to data security don’t work well in these situations because they are limited by classification and assigning a policy to tagged data, which is ineffective, especially when left to employees who are constantly modifying and sharing data.

“To what extent does your company face the following challenges with its current DLP/CASB solutions?”


Difficulty with classifying/identifying data in collaboration/file-sharing software

Difficulty with classifying/identifying data in the cloud

Difficulty with classifying/identifying data on endpoints

Frequent updates required by current security policies to maintain effectiveness

Rules that are too complicated to create

Significant challenge

64%

55%

55%

50%

49%

Overview

Current State

Implications

Opportunity

Conclusion



Implications

6

Most Security Tech Stacks Are Not Fully Optimized Or Integrated

Organizations are constantly looking for the right balance of security tools and capabilities with strong integration and visibility across solutions. However, just over one-third of respondents say their companies have achieved this balance. Remaining firms find themselves in one of two situations: 1) they have multiple solutions with a significant degree of overlap, which drives inefficiency and underutilization of tools, or 2) they use very specialized security solutions that are laser-focused on one specific threat or use case with little integration with other solutions, which prevents firms from gaining a comprehensive understanding of their security posture.

SPECIALIZED SOLUTIONS WITH POOR INTEGRATION

INTEGRATED SOLUTIONS WITH OVERLAPPING FUNCTIONS

Task-specific solutions with strong integration

SWEET SPOT Base: 316 US IT and security decision makers

Source: A commissioned study conducted by Forrester Consulting on behalf of Code42, March 2020

Overview

Current State

Implications

Opportunity

Conclusion



Implications

7

Improve Data Security Capabilities To Increase Visibility Of Data And Responsiveness To Threats

Data security pros need a more complete approach to and visibility into data security that covers all types of data and internal threats, whether those threats are malicious or, more likely, just a byproduct of the way teams work and collaborate. Especially in today’s world of remote work and increasing collaboration, data security pros need a way to see data vulnerabilities across the organization so they can identify threats to data. Companies are pursuing this type of visibility in many ways, starting with looking for partners to help keep ahead of the latest threats and to acquire new technology to improve incident detection, investigation, and response because they are not getting comprehensive coverage from policy-driven security tools like DLP/CASB.

“What steps is your company taking to address current gaps in insider threat capabilities?” (Select all that apply)


61% Improving advanced threat intelligence capabilities

54% Improving incident detection, investigation, and response capabilities

52% Improving identity and access management tools and policies

49% Implementing AI technology for threat intelligence

41% Implementing AI technology for breach investigation

Overview

Current State

Implications

Opportunity

Conclusion



Opportunity

8

There Are Two Ways To Fill Data Security Technology Gaps

Traditionally, security leaders have taken two approaches to data security for software systems beyond creating new policies: monitoring users or monitoring data.

“Aside from DLP/CASB solutions, what additional data security solutions does your company leverage to protect against insider threats?”


Security event information management (SIM/SIEM)

Data-centric audit and protection

User activity monitoring solutions (e.g., UAM, NAV)

Detection, investigation, and response solutions (e.g., EDR, endpoint detection)

File integrity monitoring

User behavioral analytics/user and entity behavioral analytics solutions (UBA/UEBA)

Currently using In the process of implementingPlanning to use in the next 12 months

38%

33%

32%

27%

18%

10% 24% 30%

15% 12%

18% 8%

18% 11%

30% 10%

22% 13%

Overview

Current State

Implications

Opportunity

Conclusion



Opportunity

Those taking a user-centric approach focus on implementing user activity monitoring (UAM) and user (and entity) behavioral analytics (UBA/UEBA) solutions to track user activity and behavior and thus detect and prevent insider threats. Those taking a data-centric approach explore data-centric audit and protection (DCAP), endpoint detection and response (EDR), and file integrity monitoring (FIM) to better manage the movement and accessibility of data. Both approaches can fill gaps with existing DLP/CASB solutions, but both can also generate alert fatigue and surface false positives. Firms should focus on signals of risk — behavior or data movement paired with information about the user, the data itself, and the vector and destination of change.

9

Conclusion

Protecting data against insider threats and external attackers requires a new approach. Current approaches requiring data classification and complicated rule creation are underutilized and ineffective. Modern data protection that surfaces real risk by analyzing the signals in data activity, movement, and use can give security teams continuous visibility into data exposure, no matter where they are — computers, web, email, USB, printers, and cloud storage. This visibility, combined with user and event signals, allows security teams to prioritize data risks and quickly investigate and respond to threats.

Project Director:

Chris Taylor, Senior Market Impact Consultant

Contributing Research:

Forrester’s Security and Risk research group

Overview

Current State

Implications

Opportunity

Conclusion



Conclusion

10

MethodologyThis Opportunity Snapshot was commissioned by Code42. To create this profile, Forrester Consulting supplemented this research with custom survey questions asked of 316 IT and security decision makers in the US. The custom survey began and was completed in March 2020.

ABOUT FORRESTER CONSULTING

Forrester Consulting provides independent and objective research-based consulting to help leaders succeed in their organizations. Ranging in scope from a short strategy session to custom projects, Forrester’s Consulting services connect you directly with research analysts who apply expert insight to your specific business challenges. For more information, visit forrester.com/consulting.

© 2020, Forrester Research, Inc. All rights reserved. Unauthorized reproduction is strictly prohibited. Information is based on best available resources. Opinions reflect judgment at the time and are subject to change. Forrester®, Technographics®, Forrester Wave, RoleView, TechRadar, and Total Economic Impact are trademarks of Forrester Research, Inc. All other trademarks are the property of their respective companies. For additional information, go to forrester.com. [E-47063]

Demographics

12% C-level executive

15% Vice president

28% Director

45% Manager

65% Security

35% Enterprise architecture

50% 1,000 to 4,999 employees

34% 5,000 to 19,999 employees

16% 20,000 or more employees

62% IT

38% Security

COMPANY SIZE

CURRENT POSITION/DEPARTMENT

RESPONDENT JOB LEVEL

SPECIFIC IT ROLES

Overview

Current State

Implications

Opportunity

Conclusion



Conclusion

11

http://www.forrester.com

yesterday’s solutions won’t solve tomorrow’s data security ......to better manage the movement...

Documents