Artificial Intelligence, Azure Information Protection, Breach Notification, cloud, Cyber Security, Data Loss Prevention, DLP Exfiltration, Enterprise DLP, Integrated DLP, Intellectual property protection, machine learning, Microsoft Defender ATP, Threat Intelligence
by Irfan

Enterprise can’t protect threats, if they don’t see it.


Enterprise need to build trust and are forced to comply with an increasing number of laws and regulations designed to better safeguard their data. Apart from compliance requirements, data breaches also create huge financial impact on an enterprise reputation. DLP solutions are designed to protect against data exfiltration. Organizations depend almost entirely on DLP implementation, methodology and configuration to protect their valuable data.

But then, enterprise can’t protect threats – if they can’t see it.

Enterprise today choose to deploy data loss prevention for any or all of the below use cases

  • Regulatory compliance
  • Intellectual property protection
  • Data visibility and monitoring

DLP strategies should follow the data and content.

Most enterprise still believes that DLP is technical solution managed by IT security operations and business units have less scope of responsibility. But, do you think IT security operations have visibility of identifying sensitive content and managing risk of any violation and exfiltration? Hence it’s important to have involvement of business units or business risk management teams. DLP strategies should follow data and content; and its continuous process enablement.

  • Identify the data & content – and – determine detection & fingerprint techniques
  • Define policies and measure risks
  • Enforce DLP breach response procedure and reporting mechanism

Gartner’s strategic planning assumption is ‘by 2022, 60% of organizations will involve line-of-business owners when crafting their DLP strategy, up from 15% today’

Does other security technologies conflicts with DLP solutions

Business always need to trade-off between security risks and IT security budgets. Many at times, security leaders will struggle to make informed business decisions – as there are many point security technology components exits in their environment such as anti-virus products, SIEM, secure web gateway, privilege management solutions, and email security. Another confusion is with the terminologies that vendors will use including data in rest, data in use & data in motion.

Hence it require clear guidance and clarifications as listed below

  • Anti-virus and malware defense solution doesn’t replace DLP
  • While large enterprise integrate DLP with their SIEM, they still maintain dedicated security team for DLP operations.
  • UEBA products provide deeper analytics and context awareness to supplement the content awareness
  • Organizations that has SaaS adoption – will need to have CASB solutions
  • End user device encryption solution doesn’t replace DLP
  • Email security solution doesn’t replace DLP
  • Secure web gateway doesn’t replace DLP
  • Incident response tools need integration with DLP

DLP capabilities with Microsoft

Enterprise has budget constraints and exploring options to mitigate the DLP related risks can carefully choose the Microsoft license options to enable DLP features that includes

  • Microsoft defender ATP (aka Windows information protection) – as endpoint DLP for Windows 10 operating systems
  • Microsoft Office365 DLP – to prevent data loss across Exchange Online, SharePoint Online, OneDrive for Business
  • Microsoft Azure information protection – to classify, label & protect files – beyond Office 365, including on-premise & hybrid
  • Microsoft cloud app security (MCAS) – to gain visibility into 15k+ cloud apps, data access & usage, potential abuse

Microsoft’s current data loss prevention (DLP) capabilities lack unified management and monitoring across both cloud and on-premises products; however, expect it to provide stronger functionality in the future

Integrated DLP solution vs Enterprise DLP solution

Enterprise that are planning to only deploy DLP to a single use case (e.g. regulatory compliance focused DLP for email) can be well-served with an integrated DLP solution. However, if enterprise that believe that the deployment scenarios could be broadened in the long term to include additional use of DLP should consider deploying an enterprise DLP product that will support multiple use cases with a minimum amount of additional effort.

  • Integrated DLP solutions are natively integrated within an application or service (e.g. email or endpoint or internet access). They have limited policy and reporting capabilities and are focused on the management of the DLP offering within its one environment only.
  • Enterprise DLP solutions offer a centralized policy management and reporting service that defines, disseminates and monitors DLP policies across one or more deployment scenarios such as endpoint, network, discovery and cloud

Data residency, compliance issues, and the need for visibility and monitoring of data continue to drive organizations to adopt data loss prevention capabilities