Blog

Category: Data Security Platform

Many organizations have moved to a hybrid workplace and found there are new ways for employees and contractors to compromise their secure information.  How do you ask?

Computer screens.

The screen is drawing attention again as a new blind spot as many people work from home, use virtualized desktops and access a lot of applications in a browser.

There are two ways to protect sensitive data viewed on screens.

  1. Add a dynamic visible watermark that discourages taking screenshots with a phone or computer and sharing them with unauthorized people.
  2. Block computer screen capture tools from taking a screenshot.

 

Dynamic Watermarks

Adding a watermark to your sensitive data is a simple way to protect it.  It can show company and user information that deters leaking or misusing the data since it’s easily traced back to the data owner or company.  You can show your company logo, the user’s name, and email, a timestamp, and other information that meets company security requirements.

If you collaborate with partners and customers, it helps maintain the security of your intellectual property and other sensitive data.  It is critical to keep that data secure when accessing it in different applications or browsers.

While adding a watermark to increase security, you don’t want to prevent someone from reading the information.  If the watermark is too intrusive and hides the critical details in a document or on the screen, it’s not useable.

Of course, the perfect security is to make it unreadable, but that will stop your business in its tracks.

 

Block Screen Capture Attempts

If someone works with sensitive data in an application, what’s to stop them from using a screen capture tool on the computer to grab an image of the data and send it anywhere?

Not much.

Sometimes a watermark may not be enough to protect your sensitive data.  You may want to block the Print Screen key, snipping tools, remote control, or any other screen capture applications that let users take an image of your data and share it.  This gives you more control to prevent a user from maliciously or accidentally sharing this data with the wrong person.

 

Screen Security in Action

The finance department in a large company has a lot of employees working from home.  Each person uses a number of applications to manage customer and vendor orders, payments, and contracts.

Mary needs to update some payment terms and banking information for one of her vendors.  She opens a browser and logs into the vendor finance portal.  Stan in vendor management sent her a document with the details to update.  She copies the details from the document and updates the information in the portal.  While updating, she is reminded to change some contact information, so she clicks into the CRM application to complete that.

While Mary is working on these applications, a faint watermark appears in the background with her name, the time, and a company logo.  It doesn’t prevent her from working and after a while she barely notices it.

When Mary goes downstairs to grab a bite for lunch, her son comes into her office to use his computer.  He sees some vendor information on Mary’s screen and is curious, so he picks up his phone and takes a picture of the screen.  Opening the image, he notices there is some writing on it and sees his mom’s name and the time.  He doesn’t want to get his mom in trouble by keeping the picture, so he deletes it from his phone.

Mary comes into her office after lunch and goes back to work.  She opens a customer portal that shows orders for their largest customer.  She runs a report showing orders for the last year because she needs to let the sales reps know the most popular items.  They want to give major customers year-end incentives to boost revenue.

It’s late in the day and she decides to send a screenshot of the report to the account executive so he can see it on his phone.  Mary uses an image capture tool to take a picture of the screen but sees a mask over the image.  She remembers she can’t do that since this is very sensitive data and the company prevents users from taking screenshots of these pages.  She decides to send the rep the link to the report, so he can access it in the portal.

 

How Does It Help?

The dynamic watermark on the screen is a deterrent to data leaks using a phone or camera.  When Mary’s son took a picture of the screen with his phone, he noticed his mom’s name and other identifying information in the image.  If he sent that anywhere, he not only could compromise company security but cause his mom a lot of problems.

When Mary tried to share a screenshot of customer data with her sales reps, she couldn’t because any attempts at screen capture are blocked.  This not only reminds Mary of the sensitivity of the data but also protects it in case she forgets or if she or someone else decides to be malicious and share it with unauthorized people.

As a result, your sensitive data is secure throughout its lifecycle, and there is no compromise on its usability.  The dynamic watermarks do not disrupt business processes and you prevent people from taking screenshots and sharing them with unauthorized people.

 

Learn more about Fasoo’s Screen Security solution

 

Enhance your data security with the Fasoo Zero Trust Data Security platformAre you struggling to implement Zero Trust across siloed data-centric tool sets?  You’re not alone.  Analysts say this is one of the major roadblocks to Zero Trust uptake.

The hybrid workplace left security teams scrambling to deploy new point solutions, adding to an existing array of data protection tools. These disparate solutions sit at ingress/egress points (DLP/CASB/EPP) applying rules and analytics where sensitive data intersects with users, applications, and devices.

It’s where data intersects and crosses these siloed solutions that cause real problems for Zero Trust. This interrupts the continuity of data flow, visibility is lost, and policy misconfigurations occur.

 

Zero Trust relies on context about users, applications, data, and devices everywhere, always available

Vital to Zero Trust is continuous monitoring of context to detect anomalous events. It’s the basis for adaptive risk assessments that decide if, and how much access a user merits. It won’t work if you lose sight of sensitive files and their use.

But that’s the world of the hybrid workplace. Users extract data from corporate databases, insert it into ad-hoc documents on endpoints anywhere, move it to the cloud, and share it with external partners. Sensitive files easily find their way to unmanaged devices and unsanctioned cloud services, out of the purview of corporate control.

It’s clear security and operations teams need new approaches and methods to move forward with Zero Trust initiatives.

 

Consolidate siloed data-centric processes in conjunction with implementing Zero Trust principles

Consolidation of data-centric processes into Data Security Platforms (DSP) is underway and teams can leverage this trend to accelerate Zero Trust initiatives. Gartner projects that by 2024, 30% of enterprises will adopt Data Security Platforms, up from less than 5% in 2019.

A platform better implements control and security policies using a centralized policy engine that spans all data-centric processes. The integration and continuity of processes remove siloes to enhance data visibility and make tracking more consistent. This allows you to leverage automation across the platform to make security transparent to users and operations less complex.

Forrester Research recommends a platform first establish a data control foundation with core processes. One that includes unifying data discovery, classification, control, and some form of data loss prevention and obfuscation, like encryption, as a start. The deployment of this initial core provides your team key insights into where sensitive data originates, travels, and is accessed.

A DSP delivers an infrastructure that makes it easier for security teams to implement Zero Trust across your organization’s hybrid workplace.

 

Recognize Zero Trust principles set higher standards for sensitive data control and protection

Many modern DSPs emerged during the move to a hybrid workplace, formed by traditional vendors adding adjacent technologies. Examples include DLP vendors integrating classification and alternatively classification vendors adding protection. While all are steps forward, today’s DSP capabilities vary widely and can leave Zero Trust initiatives at risk.

Zero Trust principles set a higher bar for sensitive data. It requires enhanced control, visibility, and monitoring of data that today’s traditional solutions struggle to deliver.

It’s no longer enough to keep layering MFA techniques onto user access. It’s just as critical to control how the data is used once users gain authorized access. With today’s solutions, the user has a free pass to copy, cut, paste, share, and store sensitive files as they wish.

Explicit trust requires data never be unprotected. DLP and behavior analytics query and assess files to make sure you follow rules or check for anomalous events, but don’t usually protect the data itself. Exposed data is exfiltrated and goes undetected for weeks if not months.

Security teams need to pull back the covers on DSP and understand the underlying technology. While all deliver platform advantages from tool consolidation, capabilities to achieve Zero Trust standards can be limited.

 

A true Zero Trust Data Security Platform to make security stronger and easier

For over 20 years, Fasoo developed and consolidated data-centric capabilities as we continually work to meet our customer demands for lifecycle management of sensitive data. Fasoo now leads the industry to converge Zero Trust with an advanced Data Security Platform.

Fasoo consolidates core data-centric processes to deliver the benefits of a DSP. Centralized policies, deeper data visibility, and automation all contribute to more effective and less complex operations. And within this infrastructure, Fasoo has built the most advanced control and security methods to comprehensively implement Zero Trust standards.

Our advanced methods differ from traditional solutions. We push controls and security closest to what you need to protect, the file itself, so safeguards travel with the sensitive data. Binding controls and protection to the file provide deep visibility, data is never out of sight, and policies are consistent across the hybrid workplace.

The file is the new micro perimeter where we not only control access but control how you use the data. If I simply need to view a document, why let me extract or share the data? Granular rights enforce document controls that explicitly protect data and enable least privilege Zero Trust principles.

Protection of the data itself needs to be present always. Encryption is an obvious need for an explicit-based model. It automatically encrypts a sensitive file when a user creates or modifies it – that’s true adherence to never trust, always verify principles. Don’t ask the new hire to decide.

Fasoo’s Platform delivers this and a complete suite of advanced methods that implement Zero Trust standards. Fasoo’s approach is superior and it’s why security teams select our Platform as their path to Zero Trust.

 

Learn more about Fasoo’s Zero Trust Data Security Platform

Learn more about the full suite of advanced data-centric methods Fasoo employs to truly achieve Zero Trust for data security.

Understand the core data-centric processes Fasoo’s Platform consolidates and the benefits of a Data Security Platform.

Read how one CISO used a quick-take playbook to prioritize and down-select 2023 Zero Trust Initiatives and accelerate the security team’s journey to Zero Trust.

Data security platforms are the way forwardGartner projects that by 2024, 30% of enterprises will have adopted Data Security Platforms, up from less than 5% in 2019.

The move to a hybrid workplace left security teams scrambling to deploy new point solutions, adding to an existing array of data protection tools.

Today, the number of separate tools in your arsenal may span data discovery, classification, DLP, EDRM, EPP, and CASB.

This patchwork approach and silo-specific security controls add operational complexity that you need to get under control.  What’s the best way to address this challenge?

Map out a strategy that consolidates data-centric tools into a Data Security Platform (DSP). Here’s Fasoo’s take on why this should be one of your top priorities in 2023 and how to move forward.

Data Security Isn’t Getting Easier

The variety and volume of sensitive data in your organization are growing and the need to process and share information is accelerating. The pace is disrupting traditional business and security processes leaving digital assets exposed to new threats more than ever.

With this unrelenting pace and complexity, there’s never enough time for you to evaluate new tools. Analysts report that implementing a new data security product takes one year or longer and eventually delivers only part of what you envisioned.

Inevitably, gaps and overlapping capabilities are fielded that complicate daily operations like:

  • Managing rule sets in disparate tools independently fosters inconsistent policies leaving gaps that expose data to breaches.
  • Multiple consoles and alert tools create operational complexity and often overwhelm the team’s ability to administer and respond in a timely fashion.
  • Implementing vendor upgrades to multiple point solutions disrupts operations and increases the overall total cost of ownership.

 

Data Security Platforms

Your peers are looking to DSPs to overcome these challenges. Within the next 18 months, Gartner predicts over 30% of enterprises are expected to adopt DSPs.

Gartner defines DSPs “as products and services characterized by data security offerings that target the integration of the unique protection requirements of data across data types, storage silos, and ecosystems.” In addition to making data security easier, they point to better utilization and increased data value.

Gartner recommends you start by building a multi-year migration plan from siloed data security offerings to DSPs enabling simpler, consistent end-to-end data security. In doing so:

  • Start consolidation where it makes sense in an area that’s already in need of an upgrade to address security gaps. Make consolidation part of that upgrade.
  • Take steps to consolidate. Select a subset of already adjacent technologies to form purpose-built DSPs that solve today’s immediate issues.

 

Consolidate Data-Centric Tools Now

You’ve likely deployed data loss prevention tools and are experiencing the challenges mentioned previously. And now the hybrid workplace creates new challenges to secure sensitive content including insider threats, third-party collaboration, multi-cloud environments, and BYOD endpoints.

This all makes data-centric tools a prime candidate for DSP consolidation.

  • Modern DSPs have evolved to address the challenges of today’s hybrid workplace, overcoming traditional solution shortfalls.
  • A confluence of adjacent technologies, like data classification and insider risk management, may either be in place or on your list for evaluation.

 

Don’t be left behind. Start your migration planning to DSPs now and move forward in 2023.  Consider these five key DSP data-centric capabilities as a start.  And learn more about Fasoo’s purpose-built, Zero Trust Data Security Platform that delivers these capabilities and much more.

 

What is a data security platform?

 

 

RELATED READING

Learn more about Data Security Platforms.

Learn more about Fasoo’s Zero Trust Data Security Platform.

 

Categories
Book a meeting