Like digital rights management (DRM) for the enterprise, data loss prevention (DLP) solutions have recently seen a resurgence. Both aim to protect sensitive documents against leakage and exfiltration. Those looking to deploy or expand one or the other frequently weigh DRM vs. DLP. But how helpful is this “either/or” perspective really?
Organizations need better visibility into the use and movement of their sensitive data to meet privacy regulations and safeguard content.
The best approach is a self-reporting file method, one that automatically traces, gathers and records all document interactions without reliance on disparate network, application, and device logs.
The same technology that enables self-reporting files is the foundation of a powerful data security approach – a file-centric method. Bridge both privacy and security gaps with a file-centric method that delivers deep data visibility and a strong front line defense for your sensitive data.
Traditional security and network tools create a patchwork approach to data visibility that is inadequate, impractical, and unsustainable.
You need visibility to know where your data is, who is using it, and how it changes throughout its lifecycle. Discovery and classification tools are a good start to find data and tag it for downstream controls. However, to maintain control, you need deep visibility to track data as it travels, is accessed and transforms into other file types throughout its lifecycle.
Cybersecurity and privacy teams are challenged to keep track of sensitive files. A file will be accessed by multiple systems, applications and devices as users share it internally and with external parties. With over 40 different security and IT operations tools used in a typical business, organizations struggle as they work to accumulate, correlate, and report file interactions.
This challenge grows as data visibility is often obscured when documents travel within the organization or shared externally to the organization and change either through duplication or revisions. Without proper data visibility, you can miss the moment sensitive information is shared, moved to a different location, changed, or deleted.
You must also have visibility into sensitive file interactions for data breach investigations and to comply with privacy regulations. Details must be readily available to support incident response teams; and privacy regulations like GDPR and CCPA compel businesses to report on all data they hold regarding an individual within a specified period or be subject to fine.
KEY INSIGHT:
Faced with millions of files and countless interactions across global networks with thousands of end points, organizations need a new way to track data use and movement.
Visibility gaps widen as three trends stress legacy infrastructure
IT, security and privacy professionals are working to address widening visibility gaps and overcome the risk posed by:
Data proliferation is staggering, and unstructured data is rapidly growing, estimated to be 80% of a business’s data inventory. Unstructured data is routinely undermanaged and is hard to control and track as users take sensitive files from controlled repositories, store them on laptops, endpoints, and cloud services and share them in collaboration applications both internally and with external parties.
COVID-19 rapidly expanded the remote workforce and dissolved corporate perimeters. Sensitive data now resides on more unmanaged and shared devices. It travels on insecure networks and is used in unauthorized or non-compliant apps. All this is obscured from corporate oversight.
Privacy regulations have vaulted individual rights to the forefront. Right to be informed; right to be forgotten; and data residency all impose new demands on data visibility, tracing, control and reporting.
KEY INSIGHT:
Regulatory agencies and corporate Governance, Risk and Compliance (GRC) teams increasingly focus on the visibility gap of sensitive unstructured data and the actions of security, compliance and IT professionals to close these gaps.
Self-reporting files use an embedded ID technology to trace and record all interactions
Legacy security and privacy data architecture lack the deep data visibility and persistent tracking needed to meet today’s requirements.
Data loss prevention (DLP) and identity and access management (IAM) solutions designed for perimeter security lose track of data migrated to the cloud and when downloaded by remote workers. Privacy and legal e-discovery applications may have file mapping features, but they are siloed, don’t track all interactions, and the multiple datasets are disconnected and incomplete.
A unique ID that’s embedded and travels with the file enables persistent tracing and self-reporting of interactions throughout the file’s lifecycle. By using this method, it:
An organization’s existing data-centric tools perform better with an embedded ID approach. Discovery scans lack the intelligence to relate file derivatives that are copied or duplicated.
With an embedded ID, derivatives of an original file, whether duplicated or renamed, inherit the parent ID tag and all its security and governance policies.
An embedded ID reduces tool sprawl by negating the need for tracking tools fielded with each security, privacy and legal e-discovery application. All applications benefit from a single source of truth for file tracing and interactions.
KEY INSIGHT:
Using an embedded ID for deeper visibility, tracking and reporting at the file level is the best way to achieve sustainable and auditable processes and better safeguard sensitive data.
File Derivatives
Data changes throughout its lifecycle: As the original file copied and renamed or saved in a different format.
Discovery scans find sensitive unstructured data but lack: The means in subsequent scans to relate derivatives to a previously scanned file.
Missing derivative traceability compromises: Privacy compliance and increases the organization's threat surface as redundant sensitive data is unnecessarily retained across multiple locations.
With an embedded ID: Derivative files inherit the same file ID as the original, making visibility, security classifications and handling controls consistent across your IT infrastructure.
Individual Data Rights
Tracing of individual information: Requires persistent visibility and reporting in order to comply with modern day privacy regulations.
Responding to Data Subject Access Request ("DSAR") requires: Organizations to find all customer information and report in a specific period of time (e.g., 30 days).
Any file associated with an individual: Must be accounted for throughout its lifecycle.
An embedded ID: Eliminates the time-consuming task of file forensics. It provides a single source of truth that offers current deep data visibility, letting organizations meet today’s demanding individual information rights regulations.
Control at 3rd Parties
Businesses lose data visibility: When they share files outside the corporate network with supply-chain vendors, external legal and financial professionals.
Regulators make you responsible to ensure data is appropriately safeguarded: Breaches of your data while in custody of a third-party requires you to report the breach.
Secure and compliant sharing means: You extend the same visibility and controls that exist within your managed networks to any third parties.
An embedded ID provides the same activity tracking as if the files were internal: Enabling additional controls to set a file expiration date and revoke access at any time to third party locations. This feature is a key compliance component to the individual regulatory "rights to be informed and forgotten".
User Behavior Monitoring
Who is accessing your data, how it is being used, and where it is being moved: Are critical inputs for monitoring solutions focusing on detecting data misuse and policy violations.
Data transfers to removable drives and large uploads to cloud services outside of your organization: May be an early warning sign of malicious insider threat intent.
User behavior (UB) analytics are most effective when: Data visibility tools provide a full perspective of user activities across all applications and storage locations.
An embedded ID: Provides the highest granularity of data activity to drive UB analytics leading to earlier detection of insider threats. These data insights cue security methods, such as restricting the copy of data to removable drives.
A file-centric method with embedded ID is the best choice for data visibility. The same method enables a protect-first security approach that protects the data itself with encryption and access controls and eliminates redundant and overlapping tools implemented at multiple network and end-points.
Bridge both worlds and close privacy and security gaps with a file-centric method that delivers deep data visibility and a strong front-line defense for your sensitive data.
Sign up for emails on new Sensitive Unstructured Data articles
Never miss an insight. We’ll email you when new articles are published on this topic.
I read a Tweet recently from “Accidental CISO” about collecting laptops from terminated employees during the pandemic that I deemed retweetable (if that is a word). Some comments focused more on the hardware – how to get it back – but this got me thinking more about what is actually on the hardware. What sensitive information, like intellectual property, might reside on them? It also made me think, in a situation like this, how the potential for insider theft is far greater.
Files containing IP can be either printed on home printers, sent over email to personal accounts, saved on a USB stick, screen captured and so on. These are not necessarily actions of malice, but obvious desperation to assist with the basic need for employment.
The financial services industry is a frequent target of hackers, but a larger threat may be trusted insiders since they have access to a lot of sensitive customer data. Advisers within wealth management practices regularly share data with other advisers, staff members, a counterparty or a trusted third-party service provider. They may inadvertently or deliberately share that data with unauthorized people and pose a risk to their firms and customers. Once shared, most firms have no control over that data. The Ponemon Institute illustrates this risk by reporting that 65% of cyber breaches originated with third parties.
Insiders regularly share customer or other sensitive information with colleagues and third-parties by generating and downloading reports from a database. Typically the reports are spreadsheets which make it easy to analyze the data. Access to the database may be restricted, but once in a spreadsheet, the sensitive data is easy to share with anyone.
Fasoo sponsored and presented at an event in Columbus, OH on November 13, 2018 entitled “Incident Detection, Response and Recovery” highlighting how to prepare and manage an incident response plan for cybersecurity and data protection. Presented and cosponsored by Catalyst Solutions, IBM and Huntington Insurance, the event brought together experts in legal, insurance, law enforcement, government, accounting and security disciplines to discuss the legal, technical and business issues of preparing for and responding to a data breach.
Bill Blake, Senior Vice President and CCO of Fasoo, presented Incident Response & Recovery: Secure Collaboration for Critical Information which highlighted the Wrapsody platform as a solution to help manage the development, access and control of an incident response plan (IRP). Bill showed an example of a CISO, Legal Counsel and an external Advisory firm securely collaborating on an IRP and how to control who could access the plan and any supporting documents involved in a response. The example showed how easy it is to securely collaborate on developing and managing the plan, but also on limiting access prior to, during and after a breach occurs. Since Wrapsody encrypts documents and controls their access, it guarantees only authorized users can access them. This is critical because if an incident response plan got into the wrong hands, malicious insiders or external parties could compromise an organization’s data security.
Fasoo’s message of finding, protecting and controlling unstructured data definitely made an impact on attendees at the 2018 RSA Conference in San Francisco. With new regulations like the General Data Protection Regulation (GDPR) coming on quickly and the general feeling that businesses need to do more than just track file access, companies are looking for a more comprehensive and practical approach to providing secure ways to conduct business.
Over 45,000 senior executives and IT security professionals attended this year’s conference with about 2,000 visiting Fasoo’s booth. Visitors saw hourly presentations and demonstrations on how to manage and control their unstructured data which is by far the largest problem of data security. While someone hacking a database and stealing credit cards seems to make the headlines, the reality is that the majority of an organization’s intellectual property and sensitive information is stored in documents. Fasoo staff showed how Fasoo Data Radar, Fasoo Enterprise DRM, Fasoo RiskView and Wrapsody helps manage and protect the critical business information inside documents.
The barrage of data breach news on the front page should come as little surprise to any of us. The more data stored and sent digitally, the more we expose ourselves and more breaches occur. With all the resources and money spent on preventing a breach, we might think it is reasonable to expect that the number of reported incidents decline. But yet, on the contrary, this is not what we see.
According to the Identity Theft Resource Center (ITRC), just this year to date, there have been 725 reported breaches. The traditional security model to guard the perimeter is not adequate. Today’s challenges require a layered Data Security Framework. So, what should this framework contain to take the right preventative or restorative actions?
Reports emerged yesterday that UK media regulator Ofcom suffered a massive data breach when a former employee stole sensitive information on television companies and gave it to a major broadcaster, which incidentally is his or her new employer. The person who stole the information was not identified in reports. The former employee downloaded as much as six years worth of data before leaving the company. The intent of the action was to gain a competitive advantage in the market.
Even though Ofcom says it takes data security very seriously, it is most likely missing some of the blind spots that companies ignore. Most organizations focus their security on the perimeter, trying to protect networks and systems from outside hackers. They rarely look inward, assuming that an employee is a trusted person who will always have the company’s best interests in mind.
Gone are the days when everyone came into the office everyday for work. Changes in work habits have brought substantial growth in mobility adoption within the workforce and security challenges have followed.
Today’s employees increasingly work from outside the office and they use a number of mobile (often personal) devices to complete their daily business tasks. Gallup’s Work and Education Poll from August 2015 points out that telecommuting for work has climbed up to 37 percent in the United States.
A June 2014 survey by Gartner points out that approximately 40 percent of U.S. consumers who work for large organizations said they use their personally owned smartphone, tablet, desktop or laptop daily for some form of work. Mingling business and personal data can and does cause major security problems, since all of us may inadvertently share sensitive company information with the wrong person.
Bill Blake, President of Fasoo, Inc., presented “Closing the Threat Gap: A 21st Century Approach to Minimizing Risk” at the Rochester Institute of Internal Auditors 2015 Fraud Event at Mario’s Restaurant in Rochester, NY on November 20, 2015.
The conference focused on how to detect and prevent fraudulent activities in companies regardless of size. In today’s high-risk environment members of finance departments need to be vigilant to detect suspicious activities from both inside the company and external sources. Bill highlighted how Fasoo’s data-centric security can offer the best level of protection for confidential information from insider threats and hackers.
