Blog

Tag: Data Loss Prevention

Data security platforms are the way forwardGartner projects that by 2024, 30% of enterprises will have adopted Data Security Platforms, up from less than 5% in 2019.

The move to a hybrid workplace left security teams scrambling to deploy new point solutions, adding to an existing array of data protection tools.

Today, the number of separate tools in your arsenal may span data discovery, classification, DLP, EDRM, EPP, and CASB.

This patchwork approach and silo-specific security controls add operational complexity that you need to get under control.  What’s the best way to address this challenge?

Map out a strategy that consolidates data-centric tools into a Data Security Platform (DSP). Here’s Fasoo’s take on why this should be one of your top priorities in 2023 and how to move forward.

Data Security Isn’t Getting Easier

The variety and volume of sensitive data in your organization are growing and the need to process and share information is accelerating. The pace is disrupting traditional business and security processes leaving digital assets exposed to new threats more than ever.

With this unrelenting pace and complexity, there’s never enough time for you to evaluate new tools. Analysts report that implementing a new data security product takes one year or longer and eventually delivers only part of what you envisioned.

Inevitably, gaps and overlapping capabilities are fielded that complicate daily operations like:

  • Managing rule sets in disparate tools independently fosters inconsistent policies leaving gaps that expose data to breaches.
  • Multiple consoles and alert tools create operational complexity and often overwhelm the team’s ability to administer and respond in a timely fashion.
  • Implementing vendor upgrades to multiple point solutions disrupts operations and increases the overall total cost of ownership.

 

Data Security Platforms

Your peers are looking to DSPs to overcome these challenges. Within the next 18 months, Gartner predicts over 30% of enterprises are expected to adopt DSPs.

Gartner defines DSPs “as products and services characterized by data security offerings that target the integration of the unique protection requirements of data across data types, storage silos, and ecosystems.” In addition to making data security easier, they point to better utilization and increased data value.

Gartner recommends you start by building a multi-year migration plan from siloed data security offerings to DSPs enabling simpler, consistent end-to-end data security. In doing so:

  • Start consolidation where it makes sense in an area that’s already in need of an upgrade to address security gaps. Make consolidation part of that upgrade.
  • Take steps to consolidate. Select a subset of already adjacent technologies to form purpose-built DSPs that solve today’s immediate issues.

 

Consolidate Data-Centric Tools Now

You’ve likely deployed data loss prevention tools and are experiencing the challenges mentioned previously. And now the hybrid workplace creates new challenges to secure sensitive content including insider threats, third-party collaboration, multi-cloud environments, and BYOD endpoints.

This all makes data-centric tools a prime candidate for DSP consolidation.

  • Modern DSPs have evolved to address the challenges of today’s hybrid workplace, overcoming traditional solution shortfalls.
  • A confluence of adjacent technologies, like data classification and insider risk management, may either be in place or on your list for evaluation.

 

Don’t be left behind. Start your migration planning to DSPs now and move forward in 2023.  Consider these five key DSP data-centric capabilities as a start.  And learn more about Fasoo’s purpose-built, Zero Trust Data Security Platform that delivers these capabilities and much more.

 

What is a data security platform?

 

 

RELATED READING

Learn more about Data Security Platforms.

Learn more about Fasoo’s Zero Trust Data Security Platform.

 

Protect Trade Secrets against Insider ThreatsInsider threat has been an issue for many years, but the consequences of these events have a strong and long-term impact on your business.

If competitive advantage isn’t enough reason to protect sensitive data, how about the legal costs?

The risk posed by insiders is again, in the spotlight as Anthony Levandowski, a founding engineer at Google’s autonomous vehicle project, now known as Waymo after it was spun off in 2016, is convicted and sentenced to 18 months in prison. After 3 long years of legal proceedings where Levandowski was charged with stealing trade secrets by downloading 9.7 GB of confidential files, he was sentenced to 18 months in prison and ordered to pay over $178 million in fines to Google.

Justice Served for Trade Secret Laws, But Levandowski’s Actions Have Significant Collateral Damage

Levandowski founded Otto, another autonomous vehicle technology company, after leaving Google, which was acquired shortly thereafter by Uber. A year-long legal battle ensued with Waymo claiming damages of $1.9 billion. A guilty verdict against Uber could have delayed its own self-driving initiatives for years.

Surprisingly, five days into the high-profile trial, the companies settled for relatively small payment by Uber to Google of $245 million. The back story for the small settlement is that Google is an early investor in Uber, both recognized the damage to their brand reputation, and the cost of an extended trial was not appealing.

And It’s Not Over Yet

In an article by TechCrunch the apology by Levandowski is noted, but a lawsuit by Levandowski against Uber for $4 billion to cover his legal fees has now been filed.   Uber allegedly promised indemnity to Mr. Levandowski in anticipation that Google would sue him for entering a relationship with a competitor. The trickle-down effect means potentially more payout and certainly more litigation fees affecting an additional company, Uber.

Insider Threats Come In Many Forms

Insider threats don’t all have the high profile of Levandowski nor the same origins. In his case, it was malicious and seemingly not for any real personal gain. Insider threat often involves documents emailed to private email accounts, using USB and other storage devices and copied onto personal devices.

According to InfoSecurity Magazine, employee errors represent over 60% of the insider incidents, and in today’s climate with remote workforces, innocent errors are more likely to occur.

Most Breaches Involve Documents In The Form of Unstructured Data

The information Levandowski had taken was in unstructured document format; blueprints, design files, and testing documentation. He did not steal information from structured databases where most businesses emphasize security.

Stop Insider Threat with Strong Protection and Behavior Analytics

IP that you just can’t afford to lose needs strong protection. It’s not good enough to simply prevent it from leaking through data loss prevention, because it can still get out. You need granular access control over the files, where they are encrypted and access is controlled. This is best done with enterprise digital rights management tools.

And you will generally want to have behavior monitoring in place as well so that you can identify any anomalies and identify someone who may be attempting to take information for malicious use or as a career move.

Data Loss Prevention, Classification and Persistent Data SecurityTechnology advancements and rapid digitization of corporate information has made it easier for modern companies to conduct everyday business transactions. Today, business data is easier to access and share, giving companies the opportunity to reach more customers and conduct business quicker. At the same time, the unprecedented volumes of data created, accessed, shared, stored and the variety of sources is forcing companies to re-evaluate their cyber-security approach.  The collaborative nature of how business is done has extended the corporate perimeter. As a result, companies are seeing an ever increasing need for higher visibility into data, how their users access and use it and the secure it using encryption.

Users at a typical company today have 10 times the applications they had 10 years ago and they use multiple devices to create and use data and documents.  Data is proliferating – users are localizing data that is kept in company repositories, copies of data is everywhere, users are converting files to other formats, sharing them via file shares and virtual printers, copying them to portable devices, and emailing them.

Many companies that have turned to Data Loss Prevention (DLP) and encryption technologies in recent years have come quickly to the realization that some things are missing once the implementations and deployments of these technologies are completed. They realize that the DLP solution is missing the mark. They realize they don’t have a handle on where their “unstructured” data is, and worst yet if this data contains sensitive information. They realize they need to understand their data, who creates it, who uses it, its correct format, who the owner of it is and who its steward is. They realize that sensitive data must be protected end-to-end through its entire life-cycle, not just at rest, and in motion but in use to ensure there are no security gaps.

Data classification is a technology many are turning to in hopes of optimizing their DLP investments. This is a very effective complementary technology if it is deployed correctly. However, it quickly becomes a real challenge when too many classifications are put in place. Furthermore, as users are given the ability to make a determination as to what classification to apply, the door is opened to the good old “user mistakes”. It is a wiser approach to have the data classification defined at the “administrator” level rather than getting into a mess by giving users this type of control.

Another technology that is popular these days is software that crawls around to help companies get insight on where their unstructured sensitive data is. When asked, most companies say they know where their sensitive data is, but lately this has been changing and many companies are admitting that unstructured data and copy data are a big security problem. The effort for sensitive data discovery goes hand in hand with most data projects in most companies that are realigning their security posture.

Lastly, most companies implementing data classification will have limited deployments and tangible benefits without bringing into the picture persistent data-centric security as well. Persistent data-centric security brings security to the data itself at creation time rather than the security of networks, servers, devices, or applications. With this type of a security approach, access policy for authorized users travels with the data itself regardless of where the data is and what network or device it is on.

With implementing technologies for data discovery, data classification and persistent security, companies are empowered to better protect their data without  costly and painful headaches.

Categories
Book a meeting