Artificial Intelligence Enables Next-Gen Data Loss Prevention

May 4, 2022 Zeus Kerravala

This syndicated post originally appeared at Zeus Kerravala – eWEEK.

Zscaler discusses how AI is evolving its DLP strategy, which is particularly challenging with today’s distributed data.

Data management and security practices are changing rapidly as data becomes fully distributed and fully situated in the cloud today.

Every organization is using hundreds of software-as-a-service (SaaS) apps—many that aren’t company approved. SaaS apps allow users to access them from anywhere at any time, boosting productivity and collaboration, which is why “shadow IT” has become one of the biggest headaches for corporate IT.

Distributed Data Creates Data Loss Prevention Challenges

While the cloud has enabled businesses to not skip a beat during and post pandemic, this shift is creating the new IT challenge of managing fully distributed data, which is no longer on-prem. Data is everywhere. The traditional hub and spoke security model is not sufficient for securing data in the cloud. Every organization should be thinking about implementing modern data loss prevention (DLP) practices.

I recently did a ZKast with Moinul Khan, VP of Product Management for Zscaler, discussing the importance of data protection in the cloud. Khan explained why DLP doesn’t have to be a long, laborious process that consumes the security team’s time and resources. Highlights of the ZKast interview, done in conjunction with eWEEK eSPEAKS, are below.

  • Zscaler is a pioneer in leveraging the cloud to deliver security. Now it’s leveraging the cloud to deliver data protection. Zscaler believes a platform strategy is key, where data protection, secure web gateway (SWG), cloud access security brokers (CASB), and zero trust network access (ZTNA) are integrated into one platform.
  • All these elements come together in security service edge (SSE), a concept introduced by Gartner in 2021. SSE secures access to the web, cloud services, and private apps. Conceptually, Zscaler has been doing SSE from the start with its cloud-native Zero Trust Exchange platform, which securely connects users, apps, and devices over any network.
  • Zscaler later raised the bar for app monitoring with the Zscaler Digital Exchange (ZDX), a subscription-based service delivered on the Zero Trust Exchange platform. ZDX focuses both on improving the user experience and providing robust security by identifying various bottlenecks. The two go hand-in-hand. If the user experience suffers as a result of security, the end users won’t be happy.
  • In the cloud era, organizations must have a strong security play focused on external and internal threats, as well as accidental data loss. Insider threats are a big problem for organizations. They can come from anywhere, such as when employees leave a company and take sensitive data with them. Zscaler is different from other vendors in this space since it doesn’t simply provide an overlay proxy like traditional DLP.
  • The traditional DLP approach isn’t effective in inspecting structured and unstructured data. It requires continual policy tweaking, ongoing management by large teams, and a great deal of overhead. That’s why Zscaler focuses on contextual DLP and the different types of files that are leaving the premises. If users upload encrypted documents, Zscaler can pinpoint where the data is coming from, where it’s going, and the activity of cloud-based apps.
  • Organizations should be paying attention to the type of data being shared. Therefore, Zscaler has automated data classification using machine learning (ML) and artificial intelligence (AI) to cut down on the false positives. It has also introduced advanced data classification techniques like exact data match (EDM), indexed document matching (IDM), and optical character recognition (OCR).
  • OCR is important for DLP to inspect screenshots that contain sensitive information. There are instances where a disgruntled employee may take a screenshot of a company file with their phone and steal the data. OCR can extract data from an image file, while DLP protects the data and/or the company’s intellectual property. Zscaler can detect and block these types of transactions.
  • Zscaler uses ML/AI algorithms to build predefined dictionaries and to classify data, as noted above in the OCR example. Additionally, ML/AI helps identify user behavior. For instance, if an employee starts downloading an excessive number of files, it’s a deviation from their normal behavior and an indication that they may be stealing company data. AI/ML identifies such anomalies and triggers alerts.
  • Data protection is a gradual journey. The first step is to have full visibility, that is, being able to view all Internet-bound traffic. Step two is to block any risky apps that aren’t company-approved. Step three is to focus on zip files that users may be sending out since the leading exfiltration points for organizations are personal cloud storage and email apps. Lastly, the data that’s already in the cloud should be secured and not exposed to the outside world.

Author: Zeus Kerravala

Zeus Kerravala is the founder and principal analyst with ZK Research. Kerravala provides a mix of tactical advice to help his clients in the current business climate and long term strategic advice.