DLP traditionally comes in three forms – data at rest, data in motion and data in use. I’ve been watching client interest in the ‘data at rest’ version fall by the wayside over the last four years. However there now seems to be a resurgent interest as people become concerned about data sitting in SaaS environments. Cloud Native DLP and CASB DLP both act on data at rest.
On the other hand though, the concept of Data Access Governance is becoming of more interest. Using tools that work on the same basis as DLP, but instead of quarantining, encrypting or deleting data instead provide large amounts of information about the data structures, access and use – as well as sensitivity and therefore some idea of risk.
DLP is an active control, as is DAG. But DAG seems to provide some real advantages in the area of Data Governance – especially Data Security Governance. The idea of understanding your data, and controlling it as well as you can further upstream in the data lifecycle has implications for the required complexity of tools such as DLP.
As DAG can also work in many SaaS environments, the question has to be, therefore, whether DLP for Data at Rest is no longer needed. This is something I’m actively working on now.