How solutions have evolved and why you should too
Forward
Rudra Mitra
CVP, Microsoft data security and privacy
As work has become increasingly digital, data landscapes have naturally grown more complex.
With this comes an increased need to help organizations secure their data across both cloud
and applications while at the same time quickly adapting their data security practices
At Microsoft, we take a similar approach – evolve our security practices with the ever-changing
landscape. As the Corporate Vice President for Microsoft data security and privacy, I work handin-hand with other leaders across the company to make sure that we are addressing our data security
needs while also continuing to build employee trust, which is our first line of defense. My team
works hard to create solutions that empower our customers to do the same. Given our unique
position, we are committed to sharing our learning with customers and providing solutions that allow
them to take a holistic approach to protecting their most important asset – their data.
We recognize that it is a challenge to prevent data from getting into the wrong hands in this growing
digital landscape, and in my conversations with customers, I have learned that based on where organizations are in their journey, they need different things from Microsoft. Some are looking
to us to provide guidance, others ask for tools that can help them get started easily, and some
need sophisticated solutions that can meet the complexity.
Research shows that among the organizations that use traditional data loss prevention solutions,
(DLP) 73% are concerned with data transformation difficulties, and more than half cite enabling
productivity is a challenge. At Microsoft we continue to empower organizations through their
digital transformations so they can face the data security challenges of this modern workplace head
on while maintaining productivity.
For this report, we spoke to hundreds of security leaders around the United States to learn the very
real needs and very real risks they face and how they can best be supported. This report discusses
a continuum for the evolution of DLP solutions – from on-premises to the cloud. We learned that
organizations who do use cloud DLP solutions are twice as likely to say – that cloud DLP solutions –
are not only easier to scale, but more importantly help balance data protection and employee
productivity. And we also discuss the challenges that organizations face and why despite these
challenges, adopting a cloud-based DLP solution can bring cost savings, scalability, and empower
employees to be productive.
00 Executive summary
Today working together means working in the cloud across the globe with flexible work
arrangements that include hybrid and remote work. No longer being restricted to four walls of
an organization provides employees flexibility to collaborate and uphold productivity across the
digital estate. With this adaptability comes an even greater need for data security and the right data
loss prevention (DLP) solution.
The purpose of this Microsoft-commissioned study was to delve into the data security landscape to find
out how companies are managing and perceiving success of their DLP solutions. The goal of the study
was to 1) uncover the top priorities and challenges facing organizations, 2) understand the evolution of
firms’ DLP solutions as they address today’s shifting digital landscape, and 3) discover what barriers
stand in the way of firms’ adopting cloud DLP solutions.
This paper details the survey results of 307 DLP professionals and compliance decision makers from
US-based companies to understand their current approach to DLP, perceptions of solution benefits
and limitations, and barriers to cloud migration of DLP solutions.
How do firms evolve their DLP solutions?
What respondents revealed surprised us. Our research found that perceptions of success and confidence don’t always align with reality.
Respondents progress on a continuum—from onpremises DLP solutions toward the cloud—in states
as they face (and address) barriers like uncertainty, cost, perceived complexity, impact to productivity, and employee education. We identified the role history plays in movement through this continuum
and we created profiles about companies at each of the DLP states, landing on the ideal solution state.
We found that companies who are more proactive in their approach to DLP are better prepared to
mitigate the impact on productivity. Companies in more evolved DLP states have strong focus on
employee education and processes that better aligns with a holistic approach to DLP and data
security.
The report tackles how organizations consider challenges as they adapt DLP solutions to meet
their evolving needs. We feature recommended best practices for security leaders regardless of
where they are in their own DLP journey and explain why leveraging a cloud-native DLP solution—
delivered and managed in the cloud and already integrated as part of the cloud providers services
and productivity suite offering—is beneficial to achieve the ideal state.
“Data is not confined in a certain area. In today’s environment, it’s everywhere; someone’s else’s
phone, tablet, data center, or SaaS application—because of that, you definitely see a lot more breaches
happening.” VP, ISO, Financial Services.
