Data Threat Protection Steps into the Spotlight with the Security Service Edge
In this article
The latest Security Services Edge offerings by Zscaler can help you guard against emerging data threats in ways that may surprise you.
But first, to best protect against data loss, you have to understand the difference between SASE and SSE.
SASE is the convergence of network as a service (think of the WAN routing architecture, typically viewed as SD-WAN) and security as a service (also noted as security Service Edge, or SSE). The intent was to develop a path for organizations struggling to bridge the gap between their cloud security design and WAN service edge design, providing a strategy for connecting consumers to services. Goals of SASE include delivering threat protection, data security/protection, centralized security policy and visibility, and a secure user experience regardless of location.
The security component of SASE is now known as the Security Service Edge (SSE). In short, SSE is how you secure your connectivity. According to Gartner, SSE is a convergence of network security services delivered from a purpose-built cloud platform. Although not all SSE platforms are alike, an SSE has three core services: a secure web gateway (SWG), a cloud access security broker (CASB), and ZTNA.
Zscaler's Zero Trust ExchangeTM is the largest and most widely deployed SSE platform in the world. As a true zero trust architecture purpose-built for cloud and mobility, it empowers companies to leave legacy network security behind. In Gartner's Security Services Edge Magic Quadrant for 2023, Zscaler is rated squarely as a leader.
Although cyber threat protection and data protection are the yin and yang of SSE, cyber threat protection gets all the press. Given the extreme focus on ransomware in the last few years, people are locked and loaded when it comes to cyber threats like ransomware.. Data threat protection, on the other hand, is often an afterthought. Yet, in some ways, data threat protection is equally as important as cyber threat protection—if not more important.
The first generation of ransomware encrypted data and blackmailed organizations for the key to unencrypt it. Subsequently, backup software got so fast that the original threat of ransomware became less impactful. As ransomware technologies become more advanced, they are increasingly moving away from encryption and simply stealing data, blackmailing organizations with the threat of releasing harmful or embarrassing information. To even address today's next generation of ransomware, you need to have a strategy for cyber threat protection because if you can prevent that loss of data, you will be far better off.
Data Loss Prevention (DLP) tools scan content and ensure it is shared in ways that follow your data risk policies. Zscaler DLP classifies data and can be programmed to lock up more vital data to be kept safe. It does this by analyzing and informing you of how your people are sharing sensitive data and then actually blocking them from sending anything that breaks your policies.
How big of an issue is protecting data? Zscaler DLP solutions block an average of 10,000 potential violations every day for each of their customers.
To ensure your SSE and DLP strategy is effective, it has to be built out as part of your overall security strategy. WWT can help you build a holistic security strategy that works for you to lower your risk and meet compliance standards. WWT offers workshop sessions for your key stakeholders to work with WWT subject matter experts, engineers, program/process management and sales teams to evaluate or compare how specific strategies and technologies could be deployed in your organization for best effect. WWT can also help ensure that your overall strategy reflects new changes, such as the recent addition by the National Institute for Standards and Technology (NIST) of "Govern" to their framework, which has far-reaching implications.
One of the major drivers for adopting SSE is tool rationalization. Many companies are paying for technical debt. They often have numerous DLP and SSE tools in multiple places, many of which overlap.
Multiple sources of truth can slow down response time and visibility when different DLP engines classify information differently, leaving the organization open to more damage from data threats. Companies need help understanding what they really need or what is best, as well as what they can retire. They want to know if they should integrate those with a SSE vendor or displace some of those tools.
For example, a company might have a VPN, a web proxy, and a DLP tool. This has happened in an understandable way. Traditionally, DLP was on-prem. When organizations went to the cloud, they often added another DLP engine to classify data to determine which data is safe to move to the cloud and which should stay locked up on-premises. Then many organizations added a CASB to assess data traversing to Cloud Apps such as OneDrive or GoogleDrive. Ultimately, they had three sources of truth for DLP policies and enforcement.
With SSE, you have only one source of truth. Response time is critical, and with only one source—a single security policy engine—you can respond more quickly. SSE is a solution, not a product, with a chain of integration built within it, leading to a streamlined approach to data security. And with Zscaler, you also have access to a superior, less complex, consumption model. In short, it is simpler and better in many ways than traditional approaches, offering one solution to do more things better and faster.
As threat actors become more sophisticated and new risks proliferate, organizations must also be more decisive and intentional in their actions to block these threat actors. Zscaler can help you solve issues and protect against risks that you may not have visibility into without it. This is especially true with three growing risk areas.
1. AI/ML is creating a significant need to gain visibility into what data is leaving the organization.
Zscaler's new ML-powered dashboard can rapidly classify data that is leaving your environment, which streamlines and accelerates your ability to see what kind of data is leaving, where it's going, when it's leaving, and who are the most dangerous users. This can help you gain insights that you previously would not see until their implications were obvious.
For example, if a new CEO is hired and there's a rise in resumes being sent out, it could signify that your company has a retention problem. Or perhaps a healthcare company realizes that suddenly tax forms and legal docs are being removed from the company, which could present a problem that needs to be blocked.
Today, ML can find many more opportunities like these—and more capabilities are on the way, such as optical character recognition (OCR), which can translate image video files such as screenshots. Often, as new features are developed, they will be added to your Zscaler subscription so you always have the latest and greatest capabilities.
In the past, IT had to go around to different business units and ask everyone what kinds of data to look for. Today, ML can find out for you by leveraging extensive analytics of over 4 million transactions sent through the Zscaler Trust Exchange each second.
You can also use Zscaler to do a health check on your existing DLP tools or other technologies to find out if those tools are doing what you expected.
2. Third-party apps create huge data gaps that you need to close to keep your data secure.
When your people sign up for third-party apps, they often give access to their data without realizing it. For example, Calendly accesses your calendar, Grammarly connects to Office 365 documents, etc. When users install apps and approve the terms and conditions, they allow their data to be accessed, even after the app is no longer used (and often never closed down by users). Some of these third-party apps may be open source or have known vulnerabilities.
Zscaler's AppTotal can scan these app connections and tell you how many you have so you can easily shut them down, making your attack surface much smaller. These apps are really becoming an issue, and many organizations aren't even considering this yet.
3. Chat GPT has major data security implications for sensitive information.
It's powerful, which makes it even more dangerous if users don't know what they're doing. For example, an engineer may input source codes and ask ChatGPT to optimize them. A PR person may ask ChatGPT to take their acquisition notes and turn them into a press release. A finance person may input pipeline analysis to be formatted. They may not realize that all this information becomes part of ChatGPT's Intelligence and can be pulled the next time someone, or even your competitor, seeks valuable info about your company.
Zscaler can prevent this and act as a DLP inspection policy by inspecting the content going into ChatGPT, blocking specific (or all) information from entering ChatGPT, and putting your organization's data in a browser to use in a safe, isolated environment. With Zscaler, you can now choose your response strategically, whether you decide to act proactively and stop the data from leaving, allow the flow of data to see and fix later (depending on your risk tolerance and your strategy), or fix it before the content is passed on inappropriately.
Clients can build an SSE with just one vendor, including Rubrik and Microsoft. Zscaler has strong partnerships with both of these companies. As a result of these relationships, Rubrik can share data that has been classified as sensitive with Zscaler, so you can use those classifiers seamlessly and bidirectionally between these two companies. And if a Word document is tagged by Microsoft, then Zscaler can immediately block it, or it can go in and tag something that was missed by the user in Microsoft. This strengthens your ability to manage and secure your data and gives you a more seamless experience.
Lucas Skipper, Technical Solutions Architect at WWT
Steve Grossenbacher, Director of Product marketing at Zscaler