From intellectual property to customer details, sensitive information is the lifeblood of any organization. Where data breaches occur, revenue, brand reputation, and stakeholder wellbeing suffer. As a result, enterprise data protection is a critical requirement for organizations to succeed. Naturally, this gives rise to a question: How well are organizations actually securing their data? As the leader in zero trust, Zscaler set out to find the answer.

Data@Risk

In its 2021 global survey report, Data@Risk, Zscaler polled hundreds of IT and security professionals across industries and around the world to uncover the state of enterprise data protection. By asking questions about user habits, existing and needed technologies, key challenges, and more, Zscaler was able to pinpoint key trends.

One such trend is the fact that 95 percent of organizations claimed that they have seen remote work increase due to the global pandemic. While it may be self-evident enough that organizations have had to alter their operations drastically over the last year and a half, this change brought with it one particularly adverse ramification. Specifically, 74 percent of organizations have suffered an increased number of data breaches due to the rise in remote work. But why would remote work lead to more breaches for so many organizations?

Security from yesteryear

Historically, companies have relied upon a hub-and-spoke network architecture whereby offices were connected to the enterprise data center that housed IT resources. For users to access the corporate applications within the data center and do their jobs, they had to be on the network by means of a connected office. To defend data, organizations used a castle-and-moat style of security that made the corporate network the focus of data protection. This was accomplished through a myriad of on-premises hardware appliances (the moat) that defended access to the network (the castle).

The above approach was effective in times past; however, enterprises operate far differently today. With the rise of the cloud and remote work, users, data, and apps have all moved off-premises, away from the office, and beyond the reach of the legacy security stack in the data center. In fact, 76 percent of survey respondents stated that more data now resides outside the network perimeter than within it. In other words, the castle’s inhabitants and treasures have all moved far away from the moat.

Despite the above, in an attempt to maintain a traditional security architecture, some organizations try to use VPN and backhaul remote user traffic to the data center for policy enforcement before allowing it to go to its final destination in the cloud. However, legacy tools are not designed for cloud security use cases, and backhauling traffic in this way leads to significant performance and user productivity challenges—not to mention that users will often work around frustrating security measures, causing IT to lose visibility over where data is going. In other words, when organizations attempt to embrace cloud and remote work but neglect to adopt the appropriate security architecture, data breaches will inevitably increase (as they did for 74 percent of organizations in the Data@Risk survey report).

Where to go from here

Backhauling to a legacy security stack is no longer an option when the cloud is the new data center and the internet is the new network. Organizations today need data protection that is able to follow users and protect sensitive data, regardless of location. This requirement is duly noted by Gartner, which recently coined the term “security service edge,” or SSE. SSE is the security side of secure access service edge (SASE) and refers to consolidated platforms boasting secure web gateway (SWG), cloud access security broker (CASB), zero trust network access (ZTNA), data loss prevention (DLP), and cloud browser isolation functionality, delivering comprehensive security from as close to the end user as possible (the edge of SSE vendors’ global security clouds). When security is enforced as a service at a local point of presence belonging to a vendor specialized in cloud security—instead of in an enterprise’s distant, ill-suited security stack—data protection is drastically increased (and the user experience is improved, as well). With SSE, organizations can embrace digital transformation and remote work without enabling data breaches.