Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
1
Yesterday’s Solutions Won’t Solve Tomorrow’s Data Security Issues
Get started
Understanding Shortcomings With Current DLP/CASB Security Solutions And How To Fill The Gaps
FORRESTER OPPORTUNITY SNAPSHOT: A CUSTOM STUDY COMMISSIONED BY CODE42 | JUNE 2020
2
Companies Need Better Security To Meet The Evolving Challenges Of Insider Threats
As businesses push to digitally transform and empower employees, collaboration technologies and cloud applications have become more advanced. While these improvements allow users to be more mobile and make data increasingly portable, they also move data far beyond the traditional security boundaries. Many companies struggle to keep up with effective data security and protection amid such advances.
Traditional data classification-based policies and blocking approaches are protecting less data than ever before, especially user data (which includes many files that employees are working with on a daily basis on their computers, in cloud applications, and in collaboration tools). Security products employed in the past are no longer sufficient and/or must be more efficiently utilized to meet modern data security challenges.
Key Findings
DLP/CASB solutions do not fully support evolving security needs and requirements.
Current DLP/CASB solutions are underutilized, partially because data security pros find the capabilities difficult to manage.
Companies are investing in improvements to help with threat intelligence and improve incident detection, investigation, and response.
Companies are taking a mix of user- and data-centric approaches to new solutions.
Overview
Current State
Implications
Opportunity
Conclusion
FORRESTER OPPORTUNITY SNAPSHOT: A CUSTOM STUDY COMMISSIONED BY CODE42 | JUNE 2020
YESTERDAY’S SOLUTIONS WON’T SOLVE TOMORROW’S DATA SECURITY ISSUES
Overview
3
Companies Want To Improve On Existing DLP/CASB Solutions
Companies’ initial goals when adopting data loss protection (DLP) or cloud access security broker (CASB) solutions had been to better control user access to data and satisfy compliance requirements. However, as time has passed and the variety and complexity of data security requirements expand, companies now want to do more with their DLP/CASB solutions.
Outcomes are no longer about just satisfying compliance or allowing only certain people to access specific data that doesn’t move or change. Instead, companies are working toward more comprehensive data protection by enabling better threat visibility and monitoring; improving detection and prevention of attacks on data; and improving mitigation time for when data loss occurs.
“What outcomes were the primary drivers of your company’s initial adoption of data loss protection (DLP) or cloud access security broker (CASB) technology?”
Base: 316 US IT and security decision makersSource: A commissioned study conducted by Forrester Consulting on behalf of Code42, March 2020
INITIAL TOP 3 DRIVERS WHEN ADOPTING THE TECHNOLOGY
CURRENT TOP 3 DRIVERS WITH THE TECHNOLOGY
53% Better control user access to data
53% Better security threat visibility and monitoring
49% Satisfy legal and compliance requirements
50% Improve detection and prevention of attacks
48% Reduce risk of insider threats
43% Improve mitigation time
Overview
Current State
Implications
Opportunity
Conclusion
FORRESTER OPPORTUNITY SNAPSHOT: A CUSTOM STUDY COMMISSIONED BY CODE42 | JUNE 2020
YESTERDAY’S SOLUTIONS WON’T SOLVE TOMORROW’S DATA SECURITY ISSUES
Current State
4
Current Solutions Are Underutilized And Difficult To Manage
Many organizations find it difficult to fully utilize DLP/CASB tool capabilities beyond their initial priorities of controlling user access and satisfying compliance requirements. The primary reasons for these challenges include: 1) difficulty using tools (77% of respondents report not using the tools’ full capabilities because they are too difficult to implement, maintain, and administer); 2) belief among security leaders that current business systems offer the security solutions they need in a different format (57% of respondents use business systems that provide adequate data protection capabilities built in); and 3) difficulty hiring people with the specialized knowledge required to optimize usage of these tools (55% of respondents lack personnel with proper training to manage DLP/CASB solutions).
“What are the primary reasons your company is not making full use of the capabilities of its DLP/CASB solutions?” (Select all that apply)
Base: 223 US IT and security decision makersSource: A commissioned study conducted by Forrester Consulting on behalf of Code42, March 2020
Capabilities are too difficult to implement, maintain, and administer.
Our business systems have adequate data protection capabilities built in.
We lack personnel with proper security skills to manage DLP/CASB solutions.
77%
57% 55%
Overview
Current State
Implications
Opportunity
Conclusion
FORRESTER OPPORTUNITY SNAPSHOT: A CUSTOM STUDY COMMISSIONED BY CODE42 | JUNE 2020
YESTERDAY’S SOLUTIONS WON’T SOLVE TOMORROW’S DATA SECURITY ISSUES
Current State
5
Limited Usage Of Tools Creates Security Blind Spots
Data security pros find themselves in a more reactive security state with current DLP/CASB tools, focused mostly on classifying and monitoring data types and associated threats that they are aware of. Only 25% report they are heavily using DLP/CASB solutions to block exfiltration attempts. This passive approach can lead to gaps in security coverage, especially around detection, investigation, and response to threats related to new data types.
Most decision makers surveyed face significant challenges classifying and identifying data where end users are using, modifying, and moving it. Traditional policy-driven approaches to data security don’t work well in these situations because they are limited by classification and assigning a policy to tagged data, which is ineffective, especially when left to employees who are constantly modifying and sharing data.
“To what extent does your company face the following challenges with its current DLP/CASB solutions?”
Base: 316 US IT and security decision makersSource: A commissioned study conducted by Forrester Consulting on behalf of Code42, March 2020
Difficulty with classifying/identifying data in collaboration/file-sharing software
Difficulty with classifying/identifying data in the cloud
Difficulty with classifying/identifying data on endpoints
Frequent updates required by current security policies to maintain effectiveness
Rules that are too complicated to create
Significant challenge
64%
55%
55%
50%
49%
Overview
Current State
Implications
Opportunity
Conclusion
FORRESTER OPPORTUNITY SNAPSHOT: A CUSTOM STUDY COMMISSIONED BY CODE42 | JUNE 2020
YESTERDAY’S SOLUTIONS WON’T SOLVE TOMORROW’S DATA SECURITY ISSUES
Implications
6
Most Security Tech Stacks Are Not Fully Optimized Or Integrated
Organizations are constantly looking for the right balance of security tools and capabilities with strong integration and visibility across solutions. However, just over one-third of respondents say their companies have achieved this balance. Remaining firms find themselves in one of two situations: 1) they have multiple solutions with a significant degree of overlap, which drives inefficiency and underutilization of tools, or 2) they use very specialized security solutions that are laser-focused on one specific threat or use case with little integration with other solutions, which prevents firms from gaining a comprehensive understanding of their security posture.
SPECIALIZED SOLUTIONS WITH POOR INTEGRATION
INTEGRATED SOLUTIONS WITH OVERLAPPING FUNCTIONS
Task-specific solutions with strong integration
SWEET SPOT Base: 316 US IT and security decision makers
Source: A commissioned study conducted by Forrester Consulting on behalf of Code42, March 2020
Overview
Current State
Implications
Opportunity
Conclusion
FORRESTER OPPORTUNITY SNAPSHOT: A CUSTOM STUDY COMMISSIONED BY CODE42 | JUNE 2020
YESTERDAY’S SOLUTIONS WON’T SOLVE TOMORROW’S DATA SECURITY ISSUES
Implications
7
Improve Data Security Capabilities To Increase Visibility Of Data And Responsiveness To Threats
Data security pros need a more complete approach to and visibility into data security that covers all types of data and internal threats, whether those threats are malicious or, more likely, just a byproduct of the way teams work and collaborate. Especially in today’s world of remote work and increasing collaboration, data security pros need a way to see data vulnerabilities across the organization so they can identify threats to data. Companies are pursuing this type of visibility in many ways, starting with looking for partners to help keep ahead of the latest threats and to acquire new technology to improve incident detection, investigation, and response because they are not getting comprehensive coverage from policy-driven security tools like DLP/CASB.
“What steps is your company taking to address current gaps in insider threat capabilities?” (Select all that apply)
Base: 316 US IT and security decision makersSource: A commissioned study conducted by Forrester Consulting on behalf of Code42, March 2020
61% Improving advanced threat intelligence capabilities
54% Improving incident detection, investigation, and response capabilities
52% Improving identity and access management tools and policies
49% Implementing AI technology for threat intelligence
41% Implementing AI technology for breach investigation
Overview
Current State
Implications
Opportunity
Conclusion
FORRESTER OPPORTUNITY SNAPSHOT: A CUSTOM STUDY COMMISSIONED BY CODE42 | JUNE 2020
YESTERDAY’S SOLUTIONS WON’T SOLVE TOMORROW’S DATA SECURITY ISSUES
Opportunity
8
There Are Two Ways To Fill Data Security Technology Gaps
Traditionally, security leaders have taken two approaches to data security for software systems beyond creating new policies: monitoring users or monitoring data.
“Aside from DLP/CASB solutions, what additional data security solutions does your company leverage to protect against insider threats?”
Base: 316 US IT and security decision makersSource: A commissioned study conducted by Forrester Consulting on behalf of Code42, March 2020
Security event information management (SIM/SIEM)
Data-centric audit and protection
User activity monitoring solutions (e.g., UAM, NAV)
Detection, investigation, and response solutions (e.g., EDR, endpoint detection)
File integrity monitoring
User behavioral analytics/user and entity behavioral analytics solutions (UBA/UEBA)
Currently using In the process of implementingPlanning to use in the next 12 months
38%
33%
32%
27%
18%
10% 24% 30%
15% 12%
18% 8%
18% 11%
30% 10%
22% 13%
Overview
Current State
Implications
Opportunity
Conclusion
FORRESTER OPPORTUNITY SNAPSHOT: A CUSTOM STUDY COMMISSIONED BY CODE42 | JUNE 2020
YESTERDAY’S SOLUTIONS WON’T SOLVE TOMORROW’S DATA SECURITY ISSUES
Opportunity
Those taking a user-centric approach focus on implementing user activity monitoring (UAM) and user (and entity) behavioral analytics (UBA/UEBA) solutions to track user activity and behavior and thus detect and prevent insider threats. Those taking a data-centric approach explore data-centric audit and protection (DCAP), endpoint detection and response (EDR), and file integrity monitoring (FIM) to better manage the movement and accessibility of data. Both approaches can fill gaps with existing DLP/CASB solutions, but both can also generate alert fatigue and surface false positives. Firms should focus on signals of risk — behavior or data movement paired with information about the user, the data itself, and the vector and destination of change.
9
Conclusion
Protecting data against insider threats and external attackers requires a new approach. Current approaches requiring data classification and complicated rule creation are underutilized and ineffective. Modern data protection that surfaces real risk by analyzing the signals in data activity, movement, and use can give security teams continuous visibility into data exposure, no matter where they are — computers, web, email, USB, printers, and cloud storage. This visibility, combined with user and event signals, allows security teams to prioritize data risks and quickly investigate and respond to threats.
Project Director:
Chris Taylor, Senior Market Impact Consultant
Contributing Research:
Forrester’s Security and Risk research group
Overview
Current State
Implications
Opportunity
Conclusion
FORRESTER OPPORTUNITY SNAPSHOT: A CUSTOM STUDY COMMISSIONED BY CODE42 | JUNE 2020
YESTERDAY’S SOLUTIONS WON’T SOLVE TOMORROW’S DATA SECURITY ISSUES
Conclusion
10
MethodologyThis Opportunity Snapshot was commissioned by Code42. To create this profile, Forrester Consulting supplemented this research with custom survey questions asked of 316 IT and security decision makers in the US. The custom survey began and was completed in March 2020.
ABOUT FORRESTER CONSULTING
Forrester Consulting provides independent and objective research-based consulting to help leaders succeed in their organizations. Ranging in scope from a short strategy session to custom projects, Forrester’s Consulting services connect you directly with research analysts who apply expert insight to your specific business challenges. For more information, visit forrester.com/consulting.
© 2020, Forrester Research, Inc. All rights reserved. Unauthorized reproduction is strictly prohibited. Information is based on best available resources. Opinions reflect judgment at the time and are subject to change. Forrester®, Technographics®, Forrester Wave, RoleView, TechRadar, and Total Economic Impact are trademarks of Forrester Research, Inc. All other trademarks are the property of their respective companies. For additional information, go to forrester.com. [E-47063]
Demographics
12% C-level executive
15% Vice president
28% Director
45% Manager
65% Security
35% Enterprise architecture
50% 1,000 to 4,999 employees
34% 5,000 to 19,999 employees
16% 20,000 or more employees
62% IT
38% Security
COMPANY SIZE
CURRENT POSITION/DEPARTMENT
RESPONDENT JOB LEVEL
SPECIFIC IT ROLES
Overview
Current State
Implications
Opportunity
Conclusion
FORRESTER OPPORTUNITY SNAPSHOT: A CUSTOM STUDY COMMISSIONED BY CODE42 | JUNE 2020
YESTERDAY’S SOLUTIONS WON’T SOLVE TOMORROW’S DATA SECURITY ISSUES
Conclusion