The modern infrastructure of companies is often a heterogeneous environment and is distributed among different components. Network equipment can be localized at the main location of the company, the main components, such as the directory service, DNS servers, can function both in a full-fledged cloud and in Collocation mode. Some services, for example, Intranet portal, HR and accounting systems, may well be delivered as a service.
What can we say about the post-pandemic time: according to preliminary estimates, the number of employees working in the remote format has grown from 30,000 to almost 3 million. A 100-fold increase in the number of remote nodes with access to the root infrastructures of companies complements the current stack of IT\IB specialists with another important challenges. There are more access points, and, accordingly, the number of copies of data increases.
The answer to the question of how to approach the problem of avoiding common data leakage scenarios that are sensitive for the company are DLP solutions (Data Leak Prevention, leak prevention system) and DCAP solutions (data-centric audit and protection, unstructured data control system). But, if DLPs are aimed at controlling leakage channels (mail, messengers, web in principle), then a systematic approach to storing and granting access rights to such data is formed with the help of DCAP. This separation is due to the so-called fundamental difference: in the speed of indexing, classification and handling large amounts of data. Moreover, this option is becoming more and more relevant, taking into account the request from all companies for the transfer of most services to electronic form, accumulation and processing of big data.
At the same time, DCAP often acts as a tool for forming the practice of centralized access to data, simultaneously freeing disk arrays from duplicates, copies and other natural artifacts of workflows. In the light of the current day, this feature is more relevant than ever. Equipment supply chains make adjustments to companies’ plans and lead to a decrease in purchasing power. Simply put, it is impossible to buy quickly and cheaply, as it used to be, and the problem of data placement becomes more critical every month. The way out is simple – start saving! Clean out old, redundant and duplicated files and establish control over their distribution. What’s wrong with you?
Where is the DCAP location?
After 24.02, a lot of things in the standard processes of companies have also changed. Foreign solutions do not work, are not supported, or may make such a decision at any time. And since the problem is common, we were interested to find out what is more important for colleagues inside the Customer to continue supporting the security of the infrastructure. The sample of those colleagues who were ready to share their thoughts consisted of representatives of Enterprise-level companies. According to the survey results, the order of substitution of foreign solutions looks something like this:
SIEM (Security information event Management)
DCAP\DLP (data-centric audit and protection\Data Leak Prevention)
VM (Vulnerability Management)
It is obvious that preference is given to solutions aimed at actively countering threats and those solutions that are tightly tied to the updated content (signatures, correlation rules). In a changed hostile environment, this is a logical and correct conclusion. But not everything is so clear! If you approach the solution in a non-standard, batch-boxed way, then it is quite possible to benefit from the accompanying functions of the DCAP system and somewhere overlap the needs for other solutions.