-
Unstructured Data, Unsecured Data: The Data You Overlook Needs Protection Too
Published in the Cyber Defense Magazine September 2020 Edition Sensitive unstructured data is everywhere, it means different things to different businesses and comes in two forms. Unstructured data that: Is used for analytical purposes. Resides in file formats such as Microsoft Office, text files, images and CAD/CAE format. The second form is often overlooked, can cost your business its competitive advantage, and subject you to regulatory fines if stolen or leaked. In a world where a pandemic has wreaked havoc on employers and employment, this sensitive unstructured data is at highest risk mainly because it covers more surface area, continues to grow rapidly, and is quite often invisible to the enterprise. Therefore, it is important to know what and how much of it you have in typical office file formats. More importantly, understand how to and why it is important to protect it. The Organization for the Advancement of Structured Information Standards (OASIS) has published a standard for unstructured information management. The standard indicates that "...unstructured information represents the largest, most current and fastest growing source of knowledge available to businesses and governments worldwide." Therefore, it is believed that more than 90% of an organization's data is unstructured rather than data stored in traditional databases. We know it exists and we know it is growing but we also know that most businesses typically don't take measures to protect it. Most feel it is a "hard to tackle" task to find unstructured data and get it under control and tamed, let alone protected. The reason why it is often overlooked is because the risks associated with unstructured data generally are not taken into consideration. The risks are for: Privacy or Industry Regulatory Compliance Intellectual Property Protection Privacy or Industry Regulatory Compliance When employees create files that contain sensitive information, copies of those files naturally proliferate. There will be multiple version of the files and sharing of those versions between employees via e-mail and network file shares. It's rare that employees will go back and delete these files later and anything sent via e-mail may be archived in .pst files; file shares will be backed up to various media. This not only creates a larger attack surface, but will add significant complexity should an organization face litigation and discovery requests from data subjects. Organizations that are subject to the General Data Protection Regulation (GDPR) or the California Consumer Privacy Act (CCPA) will struggle to satisfy data destruction demands and the "right to be forgotten". If an organization handles cardholder data it's crucial to keep credit card numbers within Payment Card Industry (PCI) controls - something rarely applied to unstructured data due to cost and complexity. The Norwegian Supervisory Authority (Datatilsynet) is an example of non-compliance to GDPR and fee assessments “due to insufficient technical and organizational measures to ensure information security”. In July 2020, the authority found that the Municipality of Rælingen was in violation of articles 32 and 35. The company did not conduct a DPIA and prior to the start of the processing it had not taken adequate technical and organizational measures in accordance with Article 32 of the GDPR, resulting in an increased risk of unauthorized access to the personal data of the pupils. Also, and still under investigation, in the UK, British Airways is potentially facing a fine of £183.39M from an incident that compromised approximately 500,000 customer’s personal data. There are several examples, but not having technical measures in place is very common across violators. Intellectual Property Protection When thinking about how unstructured data is expanding your threat surface, think about who is the threat. Unstructured data in files is an attractive and easy target for internal threat actors with limited protection. Let’s face it, when a data theft story breaks out, it is typically not because a cyber-criminal stole a bunch of Word files from a folder on someone’s laptop. Instead, it is the insider saving information on a USB drive or taking a screenshot of sensitive information in a spreadsheet. This is costly to the business because in most instances, it is information that has been sold to competitors, or used to expose explicit information for political purposes or gain. A couple of examples of insider theft include the Sony hack where an employee in Human Resources had salary information on 30,000 Deloitte employees and publicized it; and the Morgan Stanley employee who stole account information from 350,000 of its wealth management clients and posted some of the information on the internet. GlaxoSmithKline had IP, trade secrets and presentation data compromised in two ways; documents emailed from inside GSK to private email accounts, using USB and other storage devices and copied onto personal devices. This particular incident also led to mounting legal fees and a $500M fine to the victim in all of this, GSK. These examples are just a blip on the map, but should serve as reminders that businesses must know that sensitive information in files exists, is protected appropriately, and that only the right people can access them. Not to mention the responsibility of the business to protect the information if it is subject to industry or privacy regulatory mandates. Put simply, unauthorized access or loss of sensitive data can compromise competitive advantages, damage the brand, and expose the organization to significant regulatory penalties and even litigation. As most businesses are focusing on securing structured databases and identity and access management, they must also include unstructured data in their data security initiatives. But before even thinking about moving forward, you need to assess your own situation and then you can move forward with a plan to first understand what sensitive unstructured data you have. It’s not as hard as you may think. Where Do You Start? Know the Data. Control the Data. Your current governance, risk and compliance (GRC) policies may be a little outdated. Now is the time to take them out, dust them off, and update them to include sensitive unstructured data. With privacy regulations rapidly changing, it is important to not learn privacy through impact and avoid being the victim of a violation. It is difficult under the best of circumstances to respond to a DSR or incident from a structured database, but even more challenging with information that is unstructured. Knowing where your sensitive unstructured data is and what it is will be a critical part of your GRC policy. Getting there is not as daunting as you might think and in just a few steps, you will be on your way to high visibility, control, protection and improved response time to incidents and DSRs. Business unit by business unit, talk to the person in charge and ask: What documents do you create or work with that contain sensitive information? Where do these documents reside? What applications do you use that contain sensitive data that you may download into reports or other documents? Do you upload documents into applications, file shares, content management systems or any other external application or information system? Is this data shared internally, and if so, how and with whom? Is this data shared externally, and if so, how and with whom? This is an important part of the process, because it will give you more insight into the kind of data you have. It will also provide you with an opportunity to implement some best practices of how the data is handled and protected and automate critical functions such as discovering and classifying documents that contain sensitive information. About the Author Deborah Kish is Executive Vice President of Marketing and Research at Fasoo. She is responsible for leading Fasoo’s research and product strategies in the unstructured data security and privacy space. Fasoo provides unstructured data security and enterprise content platforms that enable our customers to protect, control, trace and analyze critical business information while enhancing productivity. Fasoo has successfully retained leadership in the unstructured data security market by deploying enterprise-wide solutions globally, securing millions of users. Deborah can be reached online at (deborahkish@fasoo.com,Twitter: @deborahkish, LinkedIn: @deborahkish) and at our company website: www.fasoo.com. Click here to read the full article: Cyber Defense eMagazine - September 2020 Edition
September 7, 2020 -
Crest’s iDW brings Fasoo’s Automatic Data Classification capabilities to Alfresco platform
Crest Infosolutions, a Digital Transformation Solution Provider today announced integration of its Intelligent Digital Workspace (iDW) solution with Fasoo Data Radar (FDR), an Automatic Data Classification Solution by Fasoo Co., Ltd. Intelligent Digital Workspace(iDW) is a modern, responsive, multi-lingual and secure Digital Workspace Solution to facilitate digital transformation journey of enterprises. Built on robust Alfresco Digital Business platform to support digital operations of an enterprise aiding in enhanced user productivity, operational agility and business continuity. Alfresco Content Services is world’s leading enterprise-class, cloud-native platform that provides open, flexible, highly scalable Enterprise Content Management (ECM) capabilities. Fasoo Data Radar (FDR) discovers sensitive data in databases and files on servers, in the cloud or endpoint devices using patterns, keywords, file types or attributes in pre-defined or custom detection rule templates. Protection rules immediately classify and add a label to files, encrypt with a unique identifier, quarantine or assign adaptive access control to authorized users. FDR’s smart “Pac-n-Tag” technology automatically classifies, encrypts and embeds a unique identifier (Tag) into each file so you don’t need to rescan to determine its sensitivity. Adding access control and traceability through a protection policy (Pac) allows you to efficiently comply with privacy regulations including GDPR, HIPAA, CCPA, NYDFS and PCI. Centralized policy management simplifies discovery and classification by not requiring users to make decisions on data sensitivity. The integrated solution can identify and control sensitive files as soon as they are uploaded into Alfresco ECM repository, without user intervention, ensuring data is always protected and under your control, regardless of location. “We are excited about the possibility to serve Alfresco customers. With the Fasoo Data Radar (FDR) integration, Alfresco customers will be able to gain better insights about sensitive information stored in their Enterprise Content Repository and avoid mishandling of sensitive documents.” stated Kangman Lee, Senior Executive Vice President of Fasoo. “There are several data classification solutions available in the market, however, they lack the ability to automatically classify non-textual documents, such as documents scanned as images or non-searchable PDFs. Seamless integration with Content Repositories is another challenge faced by customers.” added Hemant Prasad, CEO of Crest Infosolutions. “Joint efforts by Crest Infosolutions and Fasoo aim to address this challenge faced by customer and offer a seamless and innovative data classification solution to enterprises” For more information on Fasoo’s products and solutions, please visit fasoo.com. For more information on Crest Infosolutions, visit https://crestsolution.com/. View the release here
August 27, 2020 -
Fasoo Included in Three Gartner Hype Cycles
Fasoo is pleased to announce its inclusion in three of Gartner’s 2020 Hype Cycle reports: Hype Cycle for Data Security Hype Cycle for Identity and Access Management Hype Cycle for Cloud Security “We are excited to receive recognition that highlights the breadth of Fasoo’s data security and privacy solutions across so many key areas” said Deborah Kish, EVP Research and Marketing for Fasoo. “Fasoo’s data discovery, categorization and classification of structured and unstructured data, along with our industry leading enterprise digital rights management (EDRM) were all highlighted.” Gartner publishes Hype Cycle reports each year that look at how emerging technology matures over time and expectations. The Hype Cycles offer security, privacy and IT professionals a resource to distinguish between emerging technology hype, and reality. The Hype Cycles identify vendors that offer the strongest protection from the various threats they face daily. “We were particularly pleased to see Gartner reporting on the steady increase in EDRM interest and its broad contributions across the Hype Cycles, “Ms. Kish stated. “Secure collaboration amongst business partners, managing identity access of sensitive content across hybrid and multi-cloud environments, and ways to mitigate erosion of trust arising from SaaS adoption are all enabled with strong granular controls provided by our EDRM solution.” The reports recognize that EDRM has a high benefit rating because it protects intellectual property from loss, and against inappropriate or unintended disclosure of proprietary or confidential enterprise information allowing data owners to audit and adjust access to specific data wherever it resides. The reports indicate “It is one of the only mechanisms for retaining control of unstructured data transferred to business partners in secure collaboration scenarios.” Fasoo has been featured consistently in the Hype Cycles for Identity and Access Management and Data Security for over 11 years. This year, Gartner included EDRM in the Hype Cycle for Cloud Security as not all Cloud Service Providers include EDRM capabilities with their native DLP capabilities. Also, DLP for mobile devices leverage EDRM to enhance mobile data security and complement DLP capabilities and requirements on mobile platforms. Gartner Disclaimer Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. For more information on Fasoo’s products and solutions, please visit fasoo.com. For more information on Gartner, visit https://www.gartner.com/en. CONTACT: Deborah Kish, deborahkish@fasoo.com View the release on EIN Presswire
August 20, 2020 -
Fasoo Featured for Innovation in KuppingerCole’s Enterprise Information Protection Market Compass Report
Fasoo, Inc. today announced that it is featured in KuppingerCole’s Enterprise Information Protection Market Compass report for Innovation. Fasoo received strong positives in the areas of Security, Rights Management, Policy Framework and Mobile Device Support including: Automated Discovery, Classification and Protection of sensitive data in a single policy Dynamic policy control allows for granular policy change even after encryption and distribution Fasoo Smart Print detects personal information and applies pre-defined policy including masking sensitive data and blocking users from printing Blocking screen-capture, secure copy/paste and trusted clock allow added file protection "I am thrilled that Fasoo is being recognized for its innovation in this area," said Deborah Kish, EVP Research and Marketing at Fasoo. "Customers choose our technology because we provide innovative features and capabilities to help automate their data security and privacy programs.” Kish said. “Our unique way of protecting information, centralized policies and exception management capabilities really simplify how our customers protect their information." Fasoo’s encryption capabilities include a unique identifier that is added to files for tracing, visibility and comprehensive audit logging. These solutions allow for total automation of the data security process without interrupting workflows. Enterprise Information Protection solutions help organizations protect intellectual property to maintain their competitive advantage. They are also instrumental in compliance with changing industry and privacy regulations where personally identifiable information (PII) must be located upon request and persistently protected. These capabilities are particularly critical with the current global environment of remote workforces. Ensuring the information is protected appropriately, access controls are in place, and responding to data subject requests or audits are key to the success of security and compliance initiatives. For more information on Fasoo’s products and solutions, please visit fasoo.com. For more information on KuppingerCole, visit https://www.kuppingercole.com. CONTACT: Deborah Kish, deborahkish@fasoo.com View the release on EIN Presswire
August 4, 2020 -
Free Trial for Remote Workplace Security
Working Remotely? Experiencing Security Challenges? Do not close your eyes. Fasoo has a perfect solution for you!
May 26, 2020 -
Fasoo to Demonstrate Next Generation Data Security and Data Management Solutions at the RSA Conference
Fasoo, a leader in data-centric security, will demonstrate its next generation data security and data management solutions at the 2020 RSA Security Conference being held February 24-28 in San Francisco. The company will showcase how organizations can maintain security and privacy in the workplace without compromising productivity. This includes reducing redundant, obsolete and trivial (ROT) data, minimizing the data threat surface and complying with privacy regulations. New features in Fasoo Data Radar automates discovery of sensitive data across multiple structured and unstructured data sources, quarantine of files in violation of privacy policies with built in remediation, and monitoring and auditing enhancements that provide deeper insight to sensitive file use and access across multiple devices. A file-centric, protect-first approach binds adaptive access control to the file so it's protected across cloud services, networks, applications and devices. Our smart "Pac-n-Tag" technology encrypts and injects a unique identifier into each file allowing users to track, audit and expire sensitive data enabling compliance with strict privacy regulations, such as GDPR, CCPA, HIPAA, and NYDFS. This approach enhances legacy data blocking and prevention mechanisms that are becoming less effective against advanced attacks and struggle to comply with new regulations. "Data Radar provides a unique capability with "Pac-n-Tag" because no one in the market can uncover, classify, secure and track sensitive unstructured data like we do," said Debbie Kish, EVP Marketing and Research at Fasoo. "Our new enhanced monitoring and granular logging simplifies auditing for strict and changing privacy regulations." Wrapsody eCo allows you to securely share and trace sensitive documents with internal and external users to meet regulatory requirements like GDPR and CCPA. Users can specify the security and control for each file, from open sharing to encryption, or share with a group using predefined controls. Granular rights, such as copy, paste, edit and print, can be applied for enhanced security of sensitive information. Users can work across multiple repositories while preserving consistent file security and traceability. Wrapsody eCo helps lower 3rd party risk by always controlling access to shared data, including the ability to remotely expire access at will. "Companies struggle with securely sharing and managing documents with 3rd parties," said Dr. Kyugon Cho, Founder and CEO of Fasoo. "Wrapsody eCo makes it easy to collaborate with workgroups through our content virtualization technology, ensuring users always have the latest version regardless of the file's location. Workgroup members are automatically notified of any changes to shared documents." Visit Fasoo at RSA booth #S949 to learn how next generation data security and data management solutions fast track your path to data-centric security and privacy compliance. CONTACT: Deborah Kish, deborahkish@fasoo.com View the release on PR Newswire
February 25, 2020 -
Launch of a Digital Document Platform in the Southeast Asia Market
The enhanced Wrapsody platform offers automatic back-up and versioning of all business documents upon creation and modification from every corporate PC, centralizing every document and its version on the server.
August 16, 2019 -
Security Magazine: The Truth About Unstructured Data
Eighty percent of data is unstructured, yet the issue of securing unstructured data is still low on the security radar.
July 29, 2019 -
Fasoo Discusses Data-Centric Solutions with Internet and Technology Publication
Fasoo, a data-centric security software vendor that helps organizations protect unstructured data. Fasoo provides software to protect and manage valuable assets in the ever changing digital world. Below is our recent interview with Deborah Kish from Fasoo.
July 28, 2019 -
Fasoo Launches Wrapsody, an Enterprise Digital Document Platform to the Southeast Asian Market
Fasoo, a leader in data-centric security and enterprise document platforms, today announced the availability of Wrapsody to the Southeast Asia and Hong Kong region. Wrapsody, an enterprise digital document platform, is the only solution that provides digital asset management, document collaboration and security in a single platform. Wrapsody is a multi-faceted solution. It is a digital asset management solution that provides automatic versioning and back-up of all corporate documents upon creation and modification from each corporate PC, centralizing all documents and their versions on server. The automatic backup approach mitigates the risk of ransomware attacks, helping organizations to restore the latest working version of documents, instead of losing important information or paying money to hackers to restore data. Various performance enhancement features allow users efficiently share and collaborate on documents without relying on emails, calls and instant messages to obtain, share or verify the correct version, reducing the ROT (redundant, obsolete and trivial) data from systems and devices. Wrapsody’s file-centric approach is completely new to document management. Each Wrapsody document carries a unique document ID and version number. This allows any local copies to be synced on demand to the latest or any version, eliminating the concerns of working on the wrong version of a document, while increasing work efficiency. File encryption and file-based access control also ensures only authorized access is allowed, mitigating the risk of data loss whether intended or inadvertent. The solution provides excellent insights to the management with built-in real-time usage analytics on documents, user behavior analytics and a complete audit trail to analyze the working pattern of employees. Wrapsody is an enterprise platform that manages and integrates all organizational documents no matter where they are, whether in repositories, endpoint PCs or even in the cloud. "We are so pleased to offer Wrapsody to Southeast Asia and Hong Kong region. We believe organizations in this region will benefit from Wrapsody, just as it has with many customers in other parts of the world, including South Korea and the United States," stated Kangman Lee, Senior Executive Vice President of Fasoo. “There are many solutions customers can choose from, Enterprise Document Management, Enterprise Content Management, Enterprise File Sync & Share to name a few,” added Hemant Prasad, CEO of Crest Infosolutions. “However, Wrapsody is the only solution that addresses the document management, collaboration and security issues in a single platform.” Fasoo appointed Crest Infosolutions as its reseller and support partner for the Southeast Asia and Hong Kong region. View the release on PRWeb
July 17, 2019