Go back

Protecting data at rest: A guide for security teams

Data loss prevention is a monumental task, and today’s outdated tools make it worse. We’ve written before about the limits of the “outside-in” approach to email security. (See our post: Email is too important to protect like a TSA checkpoint). Unfortunately, that analogy extends to most DLP solutions. They offer the equivalent of a TSA checkpoint as if it was part of a well-defined, “impenetrable” perimeter.

Product
August 31, 2022
7m read
7m read
7m listen
7m watch
7m watch
circles in a purple background
speakers
speakers
speakers
authors
John Hrvatin
participants
No items found.
share

Data loss prevention is a monumental task, and today’s outdated tools make it worse. We’ve written before about the limits of the “outside-in” approach to email security. (See our post: Email is too important to protect like a TSA checkpoint). Unfortunately, that analogy extends to most DLP solutions. They offer the equivalent of a TSA checkpoint as if it was part of a well-defined, “impenetrable” perimeter.

This approach doesn’t account for changes in how organizations and individuals use technology. We have countless ways to share information (we all carry network-connected cameras 24/7), we require access to data from anywhere, and how we use email resembles a filing cabinet more than a mailbox.

Preventing data loss by monitoring checkpoints is outdated. A better approach is to protect data at rest where it lives using solutions that don’t create alert spam for Security and headaches for users.

What is Data at Rest?

Data at rest is when data is stored in a particular location—whether locally on a device or in the cloud—rather than moving between locations. A PDF on your laptop is data at rest and becomes data in transit while syncing to a file-sharing service. An email in your inbox is data at rest and becomes data in transit while moving to another mailbox or being downloaded.

Why should organizations focus on Data at Rest?

While traditional DLP tools are primarily focused on data in transit, data at rest presents a much larger attack surface for modern organizations.

First, the volume of data at rest massively outweighs data in transit. The vast majority of data generated by customers, employees and tools sits at rest within content repositories like email, cloud file storage, CRM, and more. Unlike data in transit that only risks the data being shared, an attack on data at rest exposes everything. If someone gains unauthorized access to an email account, for example, they would gain unchecked access to the thousands of messages archived in the mailbox. For IT and security teams, this is a significantly worse incident than a single user sharing a subset of messages externally.

And second, data at rest is accessible via countless access points, a consequence of SaaS and remote work. Users can store data locally on a laptop, phone, or tablet or in one of the dozens of SaaS products. Each access point represents a potential attack vector, with the bad guys finding a way through by acquiring the credentials for an account, frequently via phishing or spear phishing, or connecting to a service via API or other open protocol. For example, attackers will use IMAP to access a mailbox and bypass MFA.

Protecting Data at Rest vs Data in Transit

Protecting data in transit made sense when it was part of solid perimeter defense. Attackers had few ways of reaching data at rest without compromising the perimeter, mainly because users also had few ways of getting that data. Tight network security, sometimes even tied to restricted physical access, hampered attackers. But it also hampered users.

The approach to user access to data has shifted (begrudgingly, in some places) after recognizing the benefits of easy access from anywhere. But our security tools haven’t kept up. The well-defined perimeter is gone, yet many security tools still sell TSA checkpoints. It’s time for that to change.

Security tools need to consider several significant trends:

  • Storage is cheap, and the amount of data in a single individual service (like email) is enough to be an attractive target and severely damage an organization.
  • End users now have access to data anywhere, across devices and physical locations.
  • Data is often stored in cloud applications with powerful APIs that allow accessing and manipulating data at the source.

The best way to address these shifts is by switching focus from protecting data in transit to protecting data at rest. Add controls around access to the content instead of chasing the endless ways users can share content with others. This approach benefits from:

  • Audit logs: keep a record of who accessed what data and when.
  • Rate limiting: limit how much sensitive data a user can access over a given time to reduce the severity of a data loss event.
  • Protection across channels: protect sensitive data no matter how it’s shared by controlling access at the source.

Protecting data at rest isn’t a new idea, but past solutions usually relied on encryption, and anyone interacting with email IRM/DRM knows the headache it created for both administrators and users. The prevalence of Identity Providers and just-in-time authentication now enables a new approach that achieves the right balance between security and IT/user experience.

How to Secure Data at Rest

Securing data at rest can’t limit user access to data in ways that damage productivity. Instead, the right solution must apply the appropriate access restriction for the content, meaning it:

  1. Identifies sensitive content
  2. Adds a strong authentication layer for any access to that content
  3. Makes authorized access seamless

By automatically restricting access based on the content, you gain control over who is accessing that content and when. You can vary access based on sensitivity, and sensitive content is still protected even in the event of a breached account or service.

Protect Data at Rest with Material

Material’s Leak Prevention helps protect data at rest by finding sensitive content in email archives, redacting messages within mailboxes based on fine-grained policies, and prompting users to complete step-up authentication in order to access the message on demand.

The solution balances security and end-user productivity:

  • Only sensitive messages are protected, and product settings allow further adjustments to protect only the right content.
  • Users leverage familiar multi-factor authentication apps and flows.
  • Users can still access everything directly within their existing email clients—there is no special “secure” mailbox.

Instead of chasing after every sharing mechanism, use a tool like Material’s Leak Prevention to find and protect sensitive content at its source automatically.

Request a demo to learn more about how Material can upgrade your email DLP toolset and protect data at rest.

Related posts

Our blog is your destination for expert insights, practical tips, and the latest news in technology. Stay informed with our regular updates and in-depth articles. Join the conversation and enhance your understanding of the tech landscape.

blog post

Hack Week 2024 Recap

Hack Week at Material Security is our annual week-long Hackathon where everyone works with whomever they want on whatever they want—without any predefined processes, meetings, or team structures.

Material Team
2
m read
Read post
Podcast

Hack Week 2024 Recap

Hack Week at Material Security is our annual week-long Hackathon where everyone works with whomever they want on whatever they want—without any predefined processes, meetings, or team structures.

2
m listen
Listen to episode
Video

Hack Week 2024 Recap

Hack Week at Material Security is our annual week-long Hackathon where everyone works with whomever they want on whatever they want—without any predefined processes, meetings, or team structures.

2
m watch
Watch video
Downloads

Hack Week 2024 Recap

Hack Week at Material Security is our annual week-long Hackathon where everyone works with whomever they want on whatever they want—without any predefined processes, meetings, or team structures.

2
m listen
Watch video
Webinar

Hack Week 2024 Recap

Hack Week at Material Security is our annual week-long Hackathon where everyone works with whomever they want on whatever they want—without any predefined processes, meetings, or team structures.

2
m listen
Listen episode
blog post

CISO Series Interview with David Spark

“Sky’s the limit with how you can transform your email”

Material Team
4
m read
Read post
Podcast

CISO Series Interview with David Spark

“Sky’s the limit with how you can transform your email”

Chris Long
4
m listen
Listen to episode
Video

CISO Series Interview with David Spark

“Sky’s the limit with how you can transform your email”

Chris Long
4
m watch
Watch video
Downloads

CISO Series Interview with David Spark

“Sky’s the limit with how you can transform your email”

Chris Long
4
m listen
Watch video
Webinar

CISO Series Interview with David Spark

“Sky’s the limit with how you can transform your email”

Chris Long
4
m listen
Listen episode
blog post

TLDR Sec Demo Video Deep Dive with Clint Gibler

Watch a deep dive Material demo with Clint Gibler from TLDR Sec.

45
m read
Read post
Podcast

TLDR Sec Demo Video Deep Dive with Clint Gibler

Watch a deep dive Material demo with Clint Gibler from TLDR Sec.

Max Pollard
45
m listen
Listen to episode
Video

TLDR Sec Demo Video Deep Dive with Clint Gibler

Watch a deep dive Material demo with Clint Gibler from TLDR Sec.

Max Pollard
45
m watch
Watch video
Downloads

TLDR Sec Demo Video Deep Dive with Clint Gibler

Watch a deep dive Material demo with Clint Gibler from TLDR Sec.

Max Pollard
45
m listen
Watch video
Webinar

TLDR Sec Demo Video Deep Dive with Clint Gibler

Watch a deep dive Material demo with Clint Gibler from TLDR Sec.

Max Pollard
45
m listen
Listen episode
blog post

New in Material: Enhanced Structured Email Search for More Powerful & Precise Results

We're thrilled to announce a significant upgrade to our email search functionality featuring a more powerful query experience and faster results.

Logan Carmody
3
m read
Read post
Podcast

New in Material: Enhanced Structured Email Search for More Powerful & Precise Results

We're thrilled to announce a significant upgrade to our email search functionality featuring a more powerful query experience and faster results.

3
m listen
Listen to episode
Video

New in Material: Enhanced Structured Email Search for More Powerful & Precise Results

We're thrilled to announce a significant upgrade to our email search functionality featuring a more powerful query experience and faster results.

3
m watch
Watch video
Downloads

New in Material: Enhanced Structured Email Search for More Powerful & Precise Results

We're thrilled to announce a significant upgrade to our email search functionality featuring a more powerful query experience and faster results.

3
m listen
Watch video
Webinar

New in Material: Enhanced Structured Email Search for More Powerful & Precise Results

We're thrilled to announce a significant upgrade to our email search functionality featuring a more powerful query experience and faster results.

3
m listen
Listen episode
Privacy Preference Center

By clicking “Accept”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.