Blog de Zscaler

Reciba en su bandeja de entrada las últimas actualizaciones del blog de Zscaler

Suscribirse
Products & Solutions

Data Protection Predictions for 2024

image

As IT teams reflect on 2023 and look forward to 2024, we can all agree that data is the lifeblood of an organization. To that end, every organization’s goal should be to have visibility and control of data, wherever it’s created, shared, and accessed. New cloud apps, GenAI, remote work, and advanced collaboration approaches are driving a greater need to centralize protection controls and analytics as well as increase efficiency.

Without further ado, here are five predictions on how this will come together in 2024.

1. SaaS data gets a new protector

While CASB has been a staple of SaaS data protection for quite some time, a new kid on the block is getting popular: SaaS security posture management (SSPM). SSPM comes at the problem of cloud data protection from a different angle. Where CASB focuses on securing collaboration risks attached to data (like sharing data with open links), SSPM focuses on securing the cloud itself.

Shared responsibility models put the onus on your organization to ensure your SaaS apps have airtight configuration and integration posture. Since many of the largest breaches have stemmed from cloud misconfigurations, this is a growing concern. SSPM was built to address this very issue. Via API and a shadow IT catalog, SSPM scans your SaaS apps and platforms (e.g., Microsoft 365, Google) and reveals misconfigurations or integrations that put you at risk of a breach.

As SSPM begins to show up on radars worldwide, it’s important to not fall into point product land. Adding yet another point product to your environment is how many organizations end up with a frankenstein security stack. As such, security service edge (SSE) becomes a logical final resting place for this core technology.

Why? Complete SaaS security needs to be more than just controlling misconfigurations and integrations—you also need to think about SaaS identity (least-privileged access and permissions) and context visibility (who, what, where, and why). SSE excels in both these areas since it is becoming the de facto cloud security stack, which has all this information in spades.

Additionally, SSE was built with extensibility for new features in mind. Pairing SSPM with the CASB, DLP, and data protection aspects of SSE delivers a fantastic platform from which to launch your SaaS security efforts. You get a unified approach to all four areas you need for airtight, holistic SaaS security: secure identity, secure data, shadow IT governance, and cloud posture.

2. Managed or unmanaged device? Who cares!

In 2024, challenges with unmanaged (BYOD) endpoints used by your employees and partners will start to become a thing of the past. These cast-offs of the IT community have been a thorn in the side of security for some time since, to keep BYOD users productive, you still need to give them access to good stuff—like sensitive data.

Since you don’t own or manage BYOD endpoints, you don’t have control over that data once it lands on the device. With managed devices, you have lots of control levers to keep data secure. You can ensure patch level and device posture are up to snuff, or even remotely wipe the machine if need be. Not so much with BYOD.

With newer approaches like browser isolation, handling BYOD becomes a snap. Just throw those devices into an isolated browser before you send them off to access all that sensitive data. This way, the data remains in the isolated browser and never lands on the unmanaged device. Data is streamed to the device and appears on the screen, but you can’t cut, paste, print, or download it.

Look for vendors who can deliver this game-changing functionality without the need for a software agent, and with easy-to-configure BYOD portals that make getting app access as easy as logging in and clicking on the app of choice.

3. Secure the life cycle, not just the data

Another approach to posture that is gaining traction is data security posture management. While SSPM focuses on SaaS apps, DSPM focuses on the life cycle of your data to ensure it always has the right security posture. It’s about who, what, where, and why, much like SSPM in our first prediction. However, in this case, the hero of the story is your data.

Why are organizations focusing on this? Pick the most sensitive, crown-jewel piece of information in your organization. Naturally, you’d like to know where it is, where it moves to, who has access to it, if there are risky behaviors attached to it, and guidance on how to close those risks. In essence, you want to protect and follow that data anywhere. DSPM helps you do that, at scale, across all your sensitive data, with in-depth context to make the right protection decisions. The result is a consistent safe data posture that is inherently stronger and more airtight than before.

Much like SSPM, look for DSPM to become a core part of SSE. Paired with other key data protection technologies like DLP, CASB, and centralized policy control, DSPM will be an invaluable addition to data protection programs that need to up their game around control of sensitive data.

4. The lines between threat and data protection continue to blur

At 2023's Black Hat conference, it was astounding how many people wanted to talk about data protection. For a conference traditionally focused on stopping cyberattacks, this was profound, and it alluded to a shift happening across the industry. After all, it’s true what they say: it’s all about data.

Today’s cyberthreats are as much about stealing data as hurting company productivity. Adversaries have realized data is a gold mine, and they will continue to exploit it. So, as security architects think about building out defenses against today’s threats, data protection will become an integral part of the equation.   

As we blast through 2024, watch out for new data protection offerings that give you more choices on the surface—but that also risk a fragmented approach. The moral of the story is keep your eye on the prize. There’s a reason data protection is part of SSE, one of the fastest-growing security architectures in the last decade. When data protection is centralized in a high-performance inspection cloud with a single agent, things become super streamlined and unified across all channels you need for great protection.

Remember that DLP is the core building block of data protection. With a centralized DLP engine, all data across endpoint, network, and at rest in clouds triggers the same way. This leads to a single point of truth for protection, investigations, and incident management, which is what every IT team wants.

5. Every prediction blog will have something about GenAI 

Our other predictions will have varying hit rates, but this one is 100% guaranteed. No 2024 prediction blog will be complete without GenAI. It’s going to revolutionize the world right before it destroys it, right? Like all new technology crazes, there will be an equilibrium process. Sure, GenAI will enable us to move faster and smarter, but there will be a learning curve around what it does well, and what it doesn’t. Companies will try to integrate it across their business stack to varying degrees of success.

But one thing is for sure: data will be headed to GenAI at an alarming rate, so data protection will need to focus on controlling what data goes into GenAI while leveraging GenAI’s power to find risks faster. (I realize I just said, in essence, “using GenAI to catch GenAI leaking data to GenAI,” so apologies for that.)

Basically, GenAI is just another productivity tool we need to protect against misuse. Treat GenAI like a shadow IT app. To control it, you need a platform that delivers complete visibility and the proper levers to enable it safely within your organization while ensuring sensitive data doesn’t leak to it.

The other half of this is using GenAI to make security smarter. AI will continue to find its way into the ubiquity of computing. We will take for granted its power to help us deliver more powerful correlation, context, analysis, and response times. That’s the relentless pursuit of better security, which is what we’re all about.

But let's avoid calling anything in the future “NexGenAI,” because as a marketer, that’s just not cool, man.

Putting it all together

If you’ve made it this far, you’ve probably picked up on a few themes. Great data protection requires context, integration, posture, and a platform to bring it all together.  There’s no telling how far security service edge will take us, but it’s set up for a great year as its architecture expertly enables new features, improves on existing ones, and delivers all-around unified, high-performance data protection.   

If you’re looking to up your data security game in 2024, we’ve got you covered. Jump on over to read about the Zscaler Data Protection platform or get in touch with us to book a demo

Interested in reading more about Zscaler's predictions in 2024? Read our previous blog in the series about cyber predictions

 

 

Forward-Looking Statements 
This blog contains forward-looking statements that are based on our management's beliefs and assumptions and on information currently available to our management. The words "believe," "may," "will," "potentially," "estimate," "continue," "anticipate," "intend," "could," "would," "project," "plan," "expect," and similar expressions that convey uncertainty of future events or outcomes are intended to identify forward-looking statements. These forward-looking statements include, but are not limited to, statements concerning: predictions about the state of the cyber security industry in calendar year 2024 and our ability to capitalize on such market opportunities; anticipated benefits and increased market adoption of “as-a-service models” and Zero Trust architecture to combat cyberthreats; and beliefs about the ability of AI and machine learning to reduce detection and remediation response times as well as proactively identify and stop cyberthreats. These forward-looking statements are subject to the safe harbor provisions created by the Private Securities Litigation Reform Act of 1995. These forward-looking statements are subject to a number of risks, uncertainties and assumptions, and a significant number of factors could cause actual results to differ materially from statements made in this blog, including, but not limited to, security risks and developments unknown to Zscaler at the time of this blog and the assumptions underlying our predictions regarding the cyber security industry in calendar year 2024.
Risks and uncertainties specific to the Zscaler business are set forth in our most recent Quarterly Report on Form 10-Q filed with the Securities and Exchange Commission (“SEC”) on December 7, 2022, which is available on our website at ir.zscaler.com and on the SEC's website at www.sec.gov. Any forward-looking statements in this release are based on the limited information currently available to Zscaler as of the date hereof, which is subject to change, and Zscaler does not undertake to update any forward-looking statements made in this blog, even if new information becomes available in the future, except as required by law.
form submtited
Gracias por leer

¿Este post ha sido útil?

Reciba las últimas actualizaciones del blog de Zscaler en su bandeja de entrada

Al enviar el formulario, acepta nuestra política de privacidad.