Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

Symantec’s Latest DLP Offering Aids GDPR Compliance

Symantec DLP 15 Helps Protect Sensitive Data in Managed and Unmanaged Environments and Aids in GDPR Compliance

In unpublished research, seen by SecurityWeek, 96% of U.S. CISO respondents agreed that “ensuring that our cloud applications adhere to compliance regulations is one of the most stressful aspects of my job.” 

Symantec DLP 15 Helps Protect Sensitive Data in Managed and Unmanaged Environments and Aids in GDPR Compliance

In unpublished research, seen by SecurityWeek, 96% of U.S. CISO respondents agreed that “ensuring that our cloud applications adhere to compliance regulations is one of the most stressful aspects of my job.” 

The biggest compliance concerns all revolve around loss of control/visibility into the cloud. Twenty-six percent fear the inability to track activities in sanctioned cloud applications; 41% are concerned about employee use of unsanctioned cloud applications (when 24% of all enterprise cloud apps are unsanctioned); and 14% are concerned about the broad sharing of compliance-controlled data in cloud applications.

Symantec LogoThe research was commissioned by Symantec. Without specifying Europe’s General Data Protection Regulation (GDPR), due to come into force next year, the responses are entirely relevant to growing concern over GDPR. Many of these concerns can be alleviated by adequate data loss prevention controls, provided they include loss prevention from the cloud.

In August 2017, Gartner predicted that data loss prevention (DLP) would see fairly dramatic growth over the next two years. “The EU General Data Protection Regulation (GDPR) has created renewed interest, and will drive 65 percent of data loss prevention buying decisions today through 2018,” it predicted.

Symantec this week announced a new version of its own DLP product — version 15. It focuses on helping customers achieve and maintain GDPR compliance. “The upcoming General Data Protection Regulation (GDPR) introduces new obligations for organizations and the information they handle, and comes with increased penalties and heightened scrutiny for compliance,” it announced. “Analysts believe that visibility and protection, which can follow data, will become the new imperative.”

Two features are key to this: it protects sensitive data in managed and unmanaged environments; and helps to ensure that sensitive data doesn’t get leaked through unsanctioned cloud applications. It does this by maintaing visibility into the cloud, and by protecting the data that is stored in the cloud.

It achieves this by integrating DLP and CASB products. “DLP v15 integrates with our CASB (CloudSOC),” said Sri Sundaralingam, head of product marketing for enterprise security products, “where a single set of data protection policies on our DLP system is automatically mapped to CASB to provide visibility into 3rd party cloud apps. We support 100+ SaaS applications (including Office 365, Salesforce, Box, Dropbox, and many other popular 3rd party cloud apps). Note that in addition to visibility, all reporting and incident management is done via a single console (DLP) as well.”

Visibility is defined as understanding where your data resides; and it applies to both cloud and on-premise servers. “This is the most important aspect of data protection — is having visibility to all the content that has data you want to protect (sensitive and regulated data),” he continued.

Advertisement. Scroll to continue reading.

In GDPR terms, the Equifax breach demonstrates the danger of lost visibility. 400,000 UK citizens had personal data compromised. “This was due to a process failure, corrected in 2016, which led to a limited amount of UK data being stored in the US between 2011 and 2016,” said Equifax UK. In short, Equifax, both in the UK and in the US, lost visibility into 400,000 UK records. Had GDPR already been in force, Equifax could add European sanctions to the US sanctions it already faces.

“This is where a system like DLP helps,” Sundaralingam told SecurityWeek. “A DLP system’s core capabilities to scan all communication channels (email, web, cloud applications) as well as data storage locations (desktop/laptops, storage servers, USB) using advanced technology like machine learning (ML) and looking for specific patterns to discover sensitive/regulated data is critical. In DLP v15, Symantec has now also added user-driven tagging where end-users themselves can identify sensitive/regulated data and the system will learn from that as well. Without automation and advanced capabilities like ML it is difficult to manually identify where sensitive/regulated data is stored.”

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

Compliance

The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Data Protection

While quantum-based attacks are still in the future, organizations must think about how to defend data in transit when encryption no longer works.

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...