How SSE providers are Tackling Data Protection

Why Are You Reading This?

If you're a security analyst or leader, it's likely because you understand the paramount importance of safeguarding data in today’s interconnected world. The rise in cyber-attacks and data breaches has made the securing of sensitive data more critical than ever. High-profile cases, such as the Marriott International data breach in 2018 and the Capital One breach in 2019, have spotlighted the urgent need for robust data protection measures. These incidents not only resulted in massive fines ($124 million for Marriott, and Capital One reserving $150 million for legal costs), but also caused significant reputational damage. This article will dive into the challenges of applying Data Protection Policies within Secure Service Edge (SSE) technologies, such as Zscaler, Netskope, and Palo Alto Networks, and how these technologies can be leveraged to monitor, report, and block data from being leaked, misused, or stolen by attackers.

Challenges of Data Protection

While working with a large financial organization on a Secure Service Edge (SSE) Data Protection Package solution, I was reminded of the true complexity of data protection. Compliance requirements mandated the organization to implement data protection measures everywhere - from endpoints to the cloud, and for data both in motion and at rest. During our conversation, the customer remarked, "endpoint, at rest, and cloud are easier to manage, but where it gets hard is when the data is in motion. There is no better toolset to use than an SSE due to the visibility provided by the SSL inspection. This is the hard part."

Indeed, developing a comprehensive data protection strategy is no small feat. One of the most significant challenges is the lack of expertise. Specialized knowledge and skills are required to navigate the intricacies of various data protection tools and regulations. Unfortunately, many organizations struggle to find qualified professionals, leaving them ill-equipped to develop and implement robust data protection measures.

The market saturation of data protection tools presents another hurdle. With a multitude of options, each with its features and capabilities, organizations often find themselves overwhelmed. Selecting the appropriate tools that align with specific needs and integrating them seamlessly into existing infrastructure is a daunting task.

Moreover, the vast amount of data generated daily complicates the process of identifying and classifying the data that requires protection. With data scattered across on-premises servers, cloud services, and mobile devices, applying consistent data protection measures across the board becomes an arduous task. This dispersion of data, coupled with a lack of complete visibility into data flows, makes it difficult to monitor and control data access and transfer effectively.

Additionally, the constantly evolving threat landscape means that cybercriminals are continually developing new techniques and methods to bypass security measures and gain unauthorized access to sensitive data. Organizations need to stay one step ahead by continuously updating and enhancing their data protection measures.

Compliance requirements add another layer of complexity. Different regions and industries have varying data protection regulations and compliance requirements. Ensuring that data protection measures comply with all relevant laws and standards is particularly challenging for multinational corporations operating across multiple jurisdictions.

Lastly, despite implementing robust technical measures, human error remains a significant risk. Employees may unintentionally expose sensitive data by sending it to the wrong recipient, using weak passwords, or failing to follow security protocols.

Addressing these challenges requires a comprehensive and well-thought-out approach. It involves selecting the right tools, training employees, continuously monitoring data flows, and regularly updating data protection measures to address emerging threats. As a security expert residing in Pittsburgh, PA, I have witnessed firsthand the struggles that organizations face in developing and maintaining a robust data protection program. It is a journey that requires commitment, expertise, and a proactive approach to stay ahead of the curve.

How SSE vendors are tackling Data Protection

You may find it easier to believe in your favorite sports team winning the championship than to believe that Secure Service Edge (SSE) vendors can offer a genuine data protection platform. But jokes aside, the reality is that SSE vendors are making significant strides in bringing true data protection capabilities into their services.

Today, SSE vendors are not only providing Endpoint Data Protection but are also utilizing advanced capabilities such as Optical Character Recognition (OCR), Index Document Matching (IDM), and Exact Data Matching (EDM) to identify sensitive data in-motion, at rest in the cloud, or leaving the endpoint. These technologies enable organizations to protect their data more comprehensively and efficiently than ever before. For instance, OCR allows the system to read and interpret text in images and documents, making it possible to identify sensitive information embedded in graphics or scanned documents. IDM and EDM, on the other hand, enable the system to match data against predefined patterns or exact data elements, helping to identify and protect sensitive information with high precision.

The Importance of SSL Inspection

One of the critical capabilities of SSE is SSL inspection, which is vital for protecting data in motion. SSL/TLS encryption is commonly used to secure data transmitted over the internet. While this encryption is crucial for maintaining privacy and security, it also creates a blind spot for security appliances because malicious content can be hidden within encrypted traffic. SSL inspection involves decrypting SSL/TLS traffic, inspecting it for threats or sensitive data, and then re-encrypting it before it continues to its destination. This process ensures that malicious content or sensitive data is not hidden within the encrypted traffic.

SSL inspection is crucial for implementing in-line data protection because it enables the SSE solution to inspect the content of the traffic and apply data protection policies in real-time. For example, if an employee tries to send sensitive information outside the organization, the SSE solution can identify the sensitive data within the SSL/TLS encrypted traffic, block the transfer, and notify the administrator. This capability is particularly important for protecting against data exfiltration, where attackers may try to steal sensitive data by hiding it within encrypted traffic. With the inclusion of DNS Protection most SSE’s will be able to stop exfiltration through DNS over HTTPS (DoH).?

Integrating Data Protection into SSE

By integrating multiple security services into a single cloud-native platform, SSE vendors are simplifying the management of security policies, reducing complexity, and enabling organizations to apply consistent data protection measures across all locations and devices. So, while it's always fun to have a little faith in our sports teams, when it comes to protecting sensitive data, it's best to put our trust in the experts.

Implementing Data Protection Policies within SSE

To implement data protection policies within SSE, organizations need to follow these key steps:

1. Identify and Classify Data: Determine the types of data that need to be protected and classify them based on their sensitivity and the level of protection required. This may involve identifying personal data, financial information, intellectual property, or any other sensitive information and use of tagging, automated scanning, and manual classification of data. This is usually the largest challenge for organizations that are diving into a Data Protection Program.?
2. Develop Data Protection Policies: Develop comprehensive data protection policies that outline the measures to be taken to protect the identified data. This may include specifying access controls, encryption standards, and data transfer restrictions.
3. Implement Policies in SSE: Configure the SSE solution to enforce the developed data protection policies. This involves configuring access controls to identify data in-line or at rest, setting up encryption, and defining data transfer restrictions. (For example, uploading and downloading are acceptable for Corporate OneDrive, but not personal OneDrive accounts) Organizations will dig into what is “normal behavior” of their business and what is “abnormal behavior” at which would be deemed inappropriate or suspicious of a typical end user. Consideration of individuals in different BU’s should be accounted for. For example: A user in HR will need to be able to transfer SSN/PII/HIPAA related material to corporate applications, but a user in marketing should not be sending any SSN/PII/HIPAA.?
4. Monitor and Report: Organizations moving into a Data Protection Strategy will start off with a monitor-only policy. This helps stakeholders make informed decisions about enforcement policies that are set to “block.” Monitor only mode will allow the baseline to be built and provide visibility into the actions end-users are performing with sensitive data. Which will over time become tiger enforcement policies. SSE platforms will continuously monitor the data flows and generate reports to ensure that the policies are being enforced and that there are no unauthorized data access or transfers.
5. Regularly Update Policies: Regularly review and update the data protection policies to address new threats and ensure that they remain effective.

Conclusion

Merely procuring a software tool is not a panacea for organizational challenges. While the right technology can certainly aid in addressing issues, it's only one piece of the puzzle. True solutions emerge when there's a harmonious integration of people, processes, and tools. It's essential to understand that the efficacy of a tool is often determined by the skill and adaptability of the individuals using it, combined with the robustness of the processes they follow. Hence, to achieve genuine and lasting improvements, organizations must invest equally in training their teams and optimizing their workflows, alongside choosing the right tooling.