Notifications
Clear all
Topic starter
12/06/2026 9:19 pm
TL;DR: Legacy DLP models are breaking as data now moves across SaaS, cloud, and AI workflows that endpoint, network, and email controls cannot fully see, according to Cyera. The architectural shift is from fragmented inspection to discovery-led data control, because perimeter-era assumptions no longer match how modern information is created, shared, and governed.
NHIMG editorial — based on content published by Cyera: The Great DLP Reset: Securing Data in the Age of SaaS, Cloud, and AI Report
Questions worth separating out
Q: What breaks when DLP is still built around endpoints and email gateways?
A: It misses the way data now moves through SaaS, cloud, and AI workflows that do not pass through a small set of inspection points.
Q: Why do cloud and AI environments make DLP harder to govern?
A: Because data is copied, transformed, shared, and reused across systems faster than legacy controls can reliably inspect.
Q: How can security teams tell whether DLP is actually reducing risk?
A: Look for better prioritisation of high-value data, fewer noisy alerts, and clearer visibility into which identities can reach sensitive content.
Practitioner guidance
- Map sensitive data before tightening policy Inventory where sensitive data exists across SaaS, cloud storage, collaboration tools, and AI-enabled workflows.
- Join classification to identity context Link data labels with owner, sharing state, and the identities that can reach the content so policy decisions reflect actual exposure.
- Reduce alert noise around low-value content movement Tune DLP rules to prioritise high-sensitivity assets and the workflows most likely to cause real leakage.
What's in the full report
Cyera's full report covers the operational detail this post intentionally leaves for the source:
- Vendor-specific framing of the DLP reset across SaaS, cloud, and AI environments
- The report's broader discussion of signal quality, triage workload, and data-context-driven prioritisation
- Additional context on how Cyera positions DLP architecture for CISOs and security teams
- Related research links that expand the article's viewpoint into adjacent data security topics
👉 Read Cyera's report on the great DLP reset for SaaS, cloud and AI →
Data loss prevention in SaaS and AI environments: what changed?
Explore further
12/06/2026 11:18 pm
Legacy DLP broke because it was designed for a world of fixed inspection points. That assumption made sense when data moved through endpoints, networks, and email gateways in predictable ways. It fails in SaaS and AI environments because data now migrates across services, is copied into new contexts, and is regenerated by systems that never existed when classic DLP was designed. The implication is that DLP can no longer be treated as a perimeter problem, because the perimeter is no longer the governing unit.
A few things that frame the scale:
- 67% of organisations still rely heavily on static credentials despite the risks they pose to agentic AI deployments, according to The 2026 Infrastructure Identity Survey.
- Only 13% of organisations feel extremely prepared for the reality of agentic AI, which helps explain why legacy control assumptions keep failing as data and identity move together.
A question worth separating out:
Q: Who should own DLP decisions when data, identity, and AI workflows overlap?
A: Ownership should be shared across data security, IAM, and NHI governance, because each discipline sees a different part of the exposure path. The practical test is whether the team can explain not just where data lives, but who or what can move it and why that access still exists.
👉 Read our full editorial: The great DLP reset for SaaS, cloud and AI environments
