Blog

Attended Gartner Security & Risk Management Summit? So did we!
Cybersecurity Data breach Data security Insider threat Print security Privacy Secure collaboration

GartnerI have to say, being on the other side of the Gartner Security and Risk Management Summit was a combination of exciting, fun, and educational. The cool thing is that I still got to get up on stage and the bonus was to see all the hard work that goes into exhibiting. I think the Fasoo team did a fantastic job setting up and manning the booth.

At our booth at the Summit, we highlighted new features of our Data Radar and Wrapsody eCo products that deliver a unique life-cycle approach to enterprise content challenges plaguing organizations globally.

Overall our booth attracted hundreds of visitors seeking products that can help them regain control over their unstructured data with particular interests in discovery, encryption and access control.

Privacy regulations such as GDPR and CCPA is the driving factor as visitors clearly indicated the need to adapt quickly to the changing environments. Also, new data security related projects have been planned or launched based on recognizing the impact from IT changes within the organization including the adoption of cloud infrastructure and applications.

Our visitors at the Gartner Security and Risk Management Summit ranged from CISOs, business unit owners, and cyber security professionals to Chief Data Officers and Chief Privacy Officers across multiple verticals. I hope I got a chance to meet you!

I was super excited to moderate our solution provider session at the Summit featuring 3 of our customers which included the regional CISO from a global financial institution, a business unit leader in the automotive industry and a consultant who is leading global digital transformation projects in the public sector globally. Each have projects that involve the challenges of unstructured data security and privacy with distinct use cases. They shared with the audience how they successfully “fast tracked” their way through the challenges often associated with these projects and accelerated their organizations’ paths to data centric security and privacy.

They shared how Fasoo helped them in their plight to gain control of and secure their unstructured data, their intellectual property and meet privacy regulations.

Deborah’s Final Thought:
As trends toward cloud and content collaboration continue – as growth in unstructured data increases and the perimeter fades, it is clear now, more than ever, that the market must adopt a file-centric approach to data security. I believe that this approach will minimize the risks associated with sensitive data exposure and help meet regulatory requirements.

By Deborah Kish – EVP Research & Marketing

Another day, another… $853K?
Cybersecurity Data breach Data security Insider threat Privacy

HIPAAThis has been on my mind. A lot. Every day, I open my email to find news about how a company needs to pay a fine or a fee to either an individual or a regulator because data was leaked or stolen. This one in particular caught my eye because it is a classic example of data being accessed by likely the wrong individual and shared with someone who should definitely not have been able to see it. This one seems to be an access control and encryption play.  If they were in place, this healthcare entity wouldn’t have to shell out $853K and violate HIPAA regulations in the process.

And this one! It dates back to 2015, but it is still one of the largest hack attacks to date, and the settlement (which was just reached) is nearly $1 million dollars!  All because a sophisticated attack allowed the hackers to steal user credentials and 3.5 million patient records.   As a result (besides the $900K) MIE has a laundry list of technologies they will be required to invest in as well as implementing “controls during the creation of accounts that allow access to ePHI”.

This tells me something.  It tells me that there are still so many companies that do not have strong sensitive data security and privacy controls in place.

And, it leads me to feel even more strongly about the “file centric” approach. A file centric approach means that you are focusing on the actual data, (in both of these cases, PII) rather than the location of the data. Encryption and access control in these cases could have made a significant impact and saved; the victims of the breaches from potential harm like ID theft AND the entities themselves a lot of money.  I’ll be talking more in detail about this in my upcoming webinar “Overcoming Unstructured Data Security and Privacy Choke Points” this Thursday, June 6th at 1:30 pm. I’ve embedded the link so you can go ahead and register.

See you then!

By Deborah Kish – EVP Research & Marketing

Still Thinking About Regulatory Compliance?
Cybersecurity Data breach Data security Insider threat Privacy

regulatory complianceI sure hope so!  Well, the one year anniversary of GDPR is upon us and the challenge of effective, easily managed data security and regulatory compliance is palpable.  So, what did Fasoo do? We developed Data Radar (well, it has been around for a long time now) to deliver a unified unstructured data security and privacy approach that addresses the challenge of the evolving, complex compliance regulations like GDPR and CCPA across verticals ranging from healthcare to finance to manufacturing.

Data Radar is worth investigating if you want a solution that can automate unstructured data discovery, classification, protection, tracking, and compliance reporting. It’s got some cool unique features like:

It’s file-centric, meaning it doesn’t matter where it is because it isn’t chasing locations!

It encrypts and can apply access control, meaning the data itself is secure and only those with a valid need can see what it is.  So if it gets lost, stolen, sent to someone who does not have access, it is both private and secure!

It “Tags” the file by embedding a unique identifier which provides visibility, tracking and audit reporting capability.  You can see who, what, when and where that file has been!

It gives you easy automated expiration power!  You set the date for expiring the data and it’s gone!  No need for manual tracking and destruction of data.  You decide when it is no longer part of your unstructured sensitive data footprint.   Now you can concentrate on other important things.

You’ll hear more about it in the first of 3 webinars on Thursday June 6th at 1:30 pm.  Register by clicking here !

What’s Next from Deborah’s Desk
Cybersecurity Data security Insider threat Print security Privacy

unstructured dataSo, in my last post, I mentioned a series of webinars and thought this would be a good opportunity to provide a little preview into some of the topics we’re planning on discussing.

Unstructured data, of course!  But what about it?  I’ll be discussing the challenges… kind of a “What I heard from you as a Gartner data security analyst” in a “How to navigate through the maze of methodologies, governance and technologies” sort of way.

Unstructured data is a live and growing thing that often gets overlooked.  Remember the “Wild Wild West” comment from my last post?  So I’m here and excited to help you discover new simpler approaches to gaining visibility and control over the growing unstructured data all organizations are facing.   How to discover, classify and encrypt unstructured data and prepare for and adhere to privacy regulations like GDPR and CCPA.

If you are a CISO, DPO or CDO, or even a business unit lead within your organization, you should join these sessions.  If you struggle with what functions to automate or are trying to get out from under or improve the traditional rules based approach, you should join  Would you rather have your staff spend less time fielding false positives and more time on the things that really matter? Please, join and learn how Fasoo’s extensive product capabilities can help.

Here’s the thing… maybe I didn’t hear EVERYTHING, so I’d like to shout out to the readers… I would love to get your thoughts, suggestions, and field any questions.  I want to hear from you and keep the conversation alive.  In the meantime, stay tuned… I’ll be back.

What’s New at Fasoo?
Cybersecurity Data breach Data security Insider threat Privacy

Data security Deborah Kish expert joins Fasoo

Me! After over 20 years with leading IT consultancy, Gartner, I am excited to announce that I have recently joined data security vendor Fasoo. At Gartner, my focus on enterprise data security and compliance challenges, products and technologies led me to really understand the significance of the “Wild Wild West” nature of unstructured data. On average, I advised 30 CISOs and CIOs and other security professionals every month on the challenges they face with respect to data security and privacy.

At Fasoo, I will lead marketing and product strategies in the unstructured data security and privacy space and will do this through a series of webinars, white papers and blog posts. My mission is to provide end user organizations insights into how Fasoo’s extensive suite of product capabilities can help meet data security and privacy goals because arming your organization with the right tools is an important step toward protecting unstructured data. I will also help guide organizations through the file and people centric approach that will foster stronger unstructured data security and privacy controls.

I’ve often said in my previous role at Gartner, “It has never been a more important time to be a data security analyst” and that translates to my passion to wanting to help organizations get this problem under control. I hope you will join me in the journey. Stay tuned.

By Deborah Kish – EVP Research & Marketing

Stop Wealth Management Data Breaches
Cybersecurity Data breach Data security Insider threat

Encrypt and control sensitive wealth management data

The financial services industry is a frequent target of hackers, but a larger threat may be trusted insiders since they have access to a lot of sensitive customer data.  Advisers within wealth management practices regularly share data with other advisers, staff members, a counterparty or a trusted third-party service provider. They may inadvertently or deliberately share that data with unauthorized people and pose a risk to their firms and customers. Once shared, most firms have no control over that data. The Ponemon Institute illustrates this risk by reporting that 65% of cyber breaches originated with third parties.

Insiders regularly share customer or other sensitive information with colleagues and third-parties by generating and downloading reports from a database. Typically the reports are spreadsheets which make it easy to analyze the data. Access to the database may be restricted, but once in a spreadsheet, the sensitive data is easy to share with anyone.

Fasoo Presents Incident Response Solution
Cybersecurity Data breach Data security Insider threat

Bill Blake shows how Wrapsody helps manage an incident response plan Fasoo sponsored and presented at an event in Columbus, OH on November 13, 2018 entitled “Incident Detection, Response and Recovery” highlighting how to prepare and manage an incident response plan for cybersecurity and data protection.  Presented and cosponsored by Catalyst Solutions, IBM and Huntington Insurance, the event brought together experts in legal, insurance, law enforcement, government, accounting and security disciplines to discuss the legal, technical and business issues of preparing for and responding to a data breach.

Bill Blake, Senior Vice President and CCO of Fasoo, presented Incident Response & Recovery: Secure Collaboration for Critical Information which highlighted the Wrapsody platform as a solution to help manage the development, access and control of an incident response plan (IRP).  Bill showed an example of a CISO, Legal Counsel and an external Advisory firm securely collaborating on an IRP and how to control who could access the plan and any supporting documents involved in a response.  The example showed how easy it is to securely collaborate on developing and managing the plan, but also on limiting access prior to, during and after a breach occurs.  Since Wrapsody encrypts documents and controls their access, it guarantees only authorized users can access them.  This is critical because if an incident response plan got into the wrong hands, malicious insiders or external parties could compromise an organization’s data security.

Fasoo Helps Customers Control Unstructured Data at Gartner Security and Risk Management Summit 2018
Cybersecurity Data breach Insider threat News
Fasoo shows unstructured data security at Gartner SRM 2018

This year at the Gartner Security & Risk Management Summit in National Harbor, MD there was a lot of focus on reducing business risk through improved cybersecurity that focuses on protecting data as users create and share it.  One area of concern to many organizations is how to find and protect sensitive data without impacting how employees and customers work.  Data protection regulations, like GDPR, are making things more complicated, but companies need to balance security with productivity.

At the Fasoo booth, a lot of people talked about issues with combining different technologies that still focus more on protecting the location of data rather than the data itself.  One executive from a manufacturing company talked about how her DLP system can tell them that sensitive documents were shared with external parties, but can’t really control their access or stop them from going out.  This is a common concern as companies use DLP, CASB and other technologies that can’t control access everywhere.

Fasoo Highlights NYDFS Path to Compliance at Rochester Security Summit 2017
Cybersecurity Data breach Insider threat News

Ron Arden presenting on NYDFS compliance at RSS 2017Ron Arden, Executive Vice President & COO, Fasoo, Inc. spoke to security professionals and executives on how to meet the data-centric requirements of the NYDFS 23 NYCRR 500 cybersecurity regulations for financial services organizations at the 2017 Rochester Security Summit at the Rochester Hyatt in Rochester, NY.

Ron delivered a presentation entitled “Do You Have a Pathway to Data Security and Compliance?” as part of the risk and compliance track during the October 19 – 20, 2017 event.  With deadlines approaching for some of the more challenging components of the NYDFS cybersecurity regulations, timing was right as Ron reviewed results from the recent Ponemon Institute survey on NYDFS readiness and Fasoo’s approach to help meet the technical challenges of protecting unstructured data or data stored in files.  This is an area that most organizations are struggling with, since about 80 percent of their information is not in databases, but is in office documents.

Is Encryption Really That Hard?
Cybersecurity Data breach Data security Insider threat

Is Encryption Really That Hard?The problem today is sensitive information is leaking from organizations like a dripping faucet.  The recent Equifax data breach is just the latest example of a constant barrage of leaks in the news.  All the experts say the best way to stop data leaks is by encrypting sensitive data.

So why isn’t everyone doing it?   What’s the problem?  New regulations are now in place that mandate encrypting sensitive data, NYDFS part 500 and GDPR being two of the most visible.

It’s not like using an Enigma machine to manually encrypt a message.  Today’s encryption mechanisms are easy to use and fit into the daily work of employees everywhere.