Blog

Tag: GDPR

 

DLP (the traffic cop) vs. DRM (the armored truck)Like digital rights management (DRM) for the enterprise, data loss prevention (DLP) solutions have recently seen a resurgence. Both aim to protect sensitive documents against leakage and exfiltration. Those looking to deploy or expand one or the other frequently weigh DRM vs. DLP. But how helpful is this “either/or” perspective really?

For starters, it risks missing one crucial difference between these two approaches to document protection. Other than DRM, DLP isn’t designed to protect information once it makes it outside an organization’s IT perimeter.

By definition, that’s precisely the scenario DLP purports to prevent in the first place. So this wouldn’t be a problem if DLP worked reliably 100 % of the time. But it doesn’t. Why? 

One answer is that DLP still requires a high degree of human intervention or supervision. This fact doesn’t take away from the advantages of document security automation. I’ll get into the details below. But first, let’s back up a moment and look at the definition of DRM vs. DLP.  

 

What’s the main difference between DRM and DLP?

DRM (a.k.a. IRM, for Information Rights Management) automatically encrypts files and controls file access privileges dynamically at rest, in use, and in motion. 

DLP analyzes document content and user behavior patterns and can restrict movement of information based on preset criteria.

I’ve written about DRM vs. DLP on this blog before, in 2014. While little has changed about the definitions, cloud services and remote work have become ubiquitous since – and IT perimeters more blurred.

Add to that the dramatic rise of (AWS) data leaks, insider threats (such as IP theft), and double-extortion ransomware attacks. Taken together, these trends explain why the main difference between DRM and DLP has become more pronounced recently.

In a nutshell, it’s the difference between a traffic cop and an armored truck. As for the cop part, I’m not the first to draw this analogy; DLP has been compared to an officer posted at an exit ramp before.

In this analogy, only traffic identified as legitimate is waved through and allowed to leave the main drag (i.e., your network) and race off into uncontrolled territory. A police officer may check a car’s license plates, ask for ID, and scan the vehicle’s interior before giving someone permission to pass through.

Image for DRM / DLP comparison: DLP works like a police checkpoint

Traditional DLP works in a similar way. It scans files, detects data patterns, and automatically enforces appropriate actions using contextual awareness to avoid data loss. However, the similarities don’t end here.

 

DLP’s biggest weakness

DLP also faces three significant challenges similar to those of a roadblock cop:

 

    • How can you accurately establish which traffic to allow through and handle the task effectively and expediently, before the exit point becomes a bottleneck?
       
    • What about all the exits not covered? With DLP, those would be USB drives, SaaS file sharing applications, such as Google Drive or Dropbox, or enterprise messaging apps, such as Slack or Microsoft Teams.  Think of them as equivalents of the service road turnoff some locals (i.e., insiders) know and use to avoid a roadblock.  
    • And, last but not least, what happens with the traffic that should never have made it past the checkpoint, but somehow did so anyway? Most companies need to share sensitive data with external contacts, like vendors or customers. A common occurrence is that a confidential document is mistakenly sent to the “wrong” person in a company whose email domain is safelisted as a recipient.

     

    “Not my problem anymore,” says the (DLP) cop. What’s gone is gone, even if it ends up in the wrong hands.  With the first two issues on this shortlist, data loss prevention products have been struggling from the beginning. As for the third item, it exposes DLP’s biggest weakness.

    Here’s what I mean: By promoting a solipsistic focus on internal file downloads and sharing, DLP creates a false sense of security. In reality, once sensitive information moves beyond the point of egress, an organization loses all visibility and control over what happens with its sensitive data.

     

    Has DLP been a failure? 

    I wouldn’t go that far. If that were the case, why did Gartner analysts expect about 90 % of organizations to have “at least one form of integrated DLP” in place by this year? That’s an increase from 50% in 2017. 

    While DLP wasn’t the panacea that marketers made it out to be, it still has its place. In the enterprise, DLP has helped establish a baseline for document protection. One example is tagging documents that contain personally identifiable information (PII) to ensure compliance with GDPR [PDF], the General Data Protection Regulation of the European Union.

    DLP deployments require IT and other stakeholders (compliance teams, data owners) to take stock of sensitive information across the board and categorize it. The downside is that it also demands constant tweaking and fine-tuning of filters and policies. 

    If your business deploys DLP, you learned the hard way that most of this burden falls on IT. DLP filters are notorious for generating “false positives”. They are known to cause workflow breakdowns because of mistakenly flagged files. The DLP filter may, for example, identify a 16-digit internal reference number in a document as a credit card number and prevent the file from getting shared. 

    In 2021, DLP describes more a mindset than a unified approach or one specific method to stop data leakage or exfiltration. But DLP modules and add-ons have become part of the point solutions mix. They complement particular applications or tools, such as cloud security services or Microsoft AIP

    And like with many point solutions, blindspots and coverage gaps remain* that you can drive a truck through. Which brings us back to the armored truck. 

     

    Armored truck for confidential data

    If we understand DLP as the cop who creates a bottleneck sorting out which traffic can pass, we can think of enterprise DRM as the equivalent of an armored truck.  Tethered to a C3 (command, control, and communication) center, it can only be unlocked by dispatchers at a remote location.

    In other words, whatever neighborhood the vehicle ends up in once it’s past the exit point, the load remains secure. The owner maintains control over the cargo and who can access it. 

    With Fasoo Enterprise DRM, the C3 center would be the Fasoo server. The cargo is your sensitive data locked down with Fasoo encryption. And the dispatcher would be Enterprise DRM’s centrally managed policy settings.

    So what happens to DLP in this picture? My main point here is that you don’t have to bother with interrogating file content once it is encrypted by Enterprise DRM. That doesn’t mean your existing DLP deployment becomes irrelevant. 

     

    DRM + DLP for the win

    Case in point: sensitive emails. DRM doesn’t automatically encrypt any outgoing email, for example. DLP, on the other hand, can flag content inside of emails for extra protection, or to prevent a message from leaving the organization altogether. 

    Another advantage of DLP is that it helps IT teams gain and maintain a baseline understanding of how sensitive data moves through their network. With adequate calibration, it serves as a low-investment, yet efficient tool for data risk discovery.

    From a pure document security perspective, DRM fills in the remaining blanks. It gives us peace of mind that confidentiality and compliance remain ensured for any file that finds its way past the egress point. Or, to put it differently – if you ran a bank, would you feel comfortable having a bicycle courier handle the money transports?

    Nope, you’d leave it to the pros with proper equipment.

    So, the armored van it is. In summary, deploying an enterprise-scale DRM solution enables your organization to protect its existing DLP investments. It helps you tie up loose ends in a global, multi-cloud, work-from-anywhere IT environment.  

    By combining both methods, you can play to DLP’s actual strengths. Examples include spotting suspicious activities and patterns that indicate possible insider threats, or flagging files – including emails – for DRM protection before they can leave the organization. 

    That way, you don’t have to rely exclusively on the overwhelmed cop at the exit ramp anymore. 

    Would you like to learn more about how Fasoo Enterprise DRM and DLP work together for maximum protection of unstructured data? Connect with our experts!  

    ###

    *For a comprehensive overview, I recommend the post Insider Threat Management: Part 1 – 7 Reasons Not to Settle for DLP on the blog of cybersecurity company Proofpoint.

     

Complying with CCPA - What are some of the landminesThe potential landmines for compliance with CCPA is pretty high.

One of the first things is that a lot of companies don’t know how to interpret the law. We saw that with GDPR for the year prior to it going into effect. CCPA is a lot like it, but there are likely still questions.

Secondly, is the DSRs (Data Subject Requests) or the right to be forgotten. People are very in tune with their privacy these days and will want to act on it, not only for the reduction of spam, but for the identity theft potential. The requests will likely come too fast and companies with a lot of data containing personally identifiable information (PII) – the very thing those DSs will be after them for – will find themselves in a position where they don’t know where to start.

Thirdly, most have also not started tackling unstructured data that may contain that PII. Most companies are working on dated data governance policies to begin with and haven’t updated systems, process, procedures, included unstructured data, and don’t have the tools in place to properly protect data. So they will need to first, find what data they have (whether it is dark or otherwise), and get rid of it based on its age and usefulness.

On a separate, yet related note, as with most research organizations, a recent webinar by AITE Group,  touched on the privacy regulation subject.  Since California has set their privacy regulations wheels in motion, and there are 11 other states that are making changes for the stricter, the U.S. is seemingly having problems with standardizing privacy laws across the nation.  Arguments around who will enforce (which, by the way, was  a common question with respect to GDPR), and how can’t be decided on.  And this makes sense.  For Europe, there are 27 member states, so they will enforce their own vs. the U.S. – we are one country.  So while there does need to be a national data privacy law, let’s not hold our breath.

The best way to comply with CCPA and similar privacy regulations is to classify sensitive data as confidential and immediately encrypt it.  This protects the data, controls user access and tracks the file wherever it travels.  Rather than relying on complex classification processes to control what users can or cannot do, this approach optimizes classification and streamlines a path to protect and control your most sensitive data.  You also don’t have to worry about location anymore, since the file is always encrypted and access controlled.

Photo credit R. Miller

 

Define a Practical Data Governance Plan for Unstructured DataThe phrase “It takes a Village to raise a child” is true.  But it is also true that it takes a team to develop a data governance and policy management strategy!

Teamwork is important when developing a data security strategy. As part of that process, data governance and policy management needs to be part of the equation. It’s becoming more and more clear that organizations struggle with policy management – particularly with unstructured data. The very nature of unstructured data leaves it vulnerable to exposure and loss. Insider threat is of particular concern because while hackers typically attack structured databases, your employees and other valued insiders are accessing those databases on a regular basis. The insiders can download sensitive information into spreadsheets and reports. They are accessing your intellectual property, such as product designs and roadmaps. It’s the insiders that will walk off with those designs and sell them to your competition or bring it to a competitor to jumpstart the next phase of their career. The loss of this information will not only cost you revenue, but can also result in a regulatory fine. Who can afford that?

It’s really important to work as a team to:

  • Define a Practical Data Governance Plan for Unstructured Data
  • Identify Use Cases & Conduct Workflow Reviews
  • Turn Use Cases Into Unified and Centralized Policies
  • Develop a Change Management Plan

In Fasoo’s next webinar, Why Leadership and Data Governance is Critical to Policy Management, Ron Arden and Deborah Kish will call out these steps and provide insights to what the best practices around the teamwork that will help you get to a better data governance and policy management strategy.  The last of our 3 part webinar will be September 18th at 2 pm.  You won’t want to miss it.

Photo credit Anna Samoylova

Work as a team for unstructured data securityLast week, Fasoo sponsored and participated in the ISMG Cybersecurity Summit in New York City.   It was a great event, well attended and in the Theater District and the ISMG folks were awesome to work with!

As part of our sponsorship, Fasoo had a 10 minute Tech Spotlight where, rather than providing a “death by powerpoint” tech dump, we thought it would be good to get everyone thinking about working together as a team with respect to their data security initiatives by following the example of geese. Below is the recap for the greater audience.

When geese fly south for the winter or are moving from one pond or lake to another, they do so in a V formation.  There is a bunch of science around this, but to make a long story short they:

  • Flap their wings to ensure better lift and a more efficient flight
  • They take turns leading the way to ensure each have had a break
  • They stick with each other in times of trouble

Geese are sensible in that they share the responsibility of working together as a “team” to help them get to their destination efficiently and meet the goal of the journey!  For the purposes of this post, we equate the journey to better data security across all businesses.

Many organizations’ stakeholders (C-Level, business unit leaders etc.) don’t talk to one another with respect to how they need to handle data security. Each has their own agenda, process, budget, ideas and such, but much more can be accomplished when working together.  Understanding each others’ goals and coming up with a plan on which to execute.  And so, think about the flock of geese and their relocation journey (to the south, from body of water to body of water) the way you should think about your data security projects and initiatives.  Work as a team.  Talk to one another and get on the same page. Talk about your data and make a plan with the goal toward protecting it and creating a stronger data security strategy that, as a company, you can achieve.  Understand each other’s goals and ensure that you reach them.

Now, some geese –  you may or may not know – get what is called “angel wings” – they are little tufts of feathers sticking out of the side of the wings.  It is usually caused by a poor diet (i.e. bread – please don’t feed geese bread – it is no good for them) – so for the purpose of this blog, an incomplete or non existent data security strategy – but it leaves them unable to fly and vulnerable to attack from a predator (much like data to a hacker or thief without a good strategy), and ultimately –  left behind.

Like the geese, work together and make sure that your journey toward stronger data security is attained. And keep in mind, things don’t happen overnight. There will be disagreements and things might feel as if they are going nowhere.  But don’t give up!

The upside?  There are many, but great things can come of working together as a team because, you will find that by talking to one another, you’ll discover commonalities across the organization about how data is collected, handled, and used making the journey simpler than you think.   And if you feel that your organization is NOT talking?  Be the thought leader or pioneer for your company or business unit.  Start the conversation.  I’ll help you!

Bring your ideas to the table and don’t let your business be the goose that wound up with angel wings, left behind and vulnerable to attack.

Photo credit Vivek Kumar

Granular access controls are important to protect unstructured dataIn our last post, we said “Without granular access controls, you can’t prevent a user from copying data from a file and pasting it into an email, for example. If you only encrypt a file and do not prevent copy and paste or printing, a user can easily compromise security.” And we meant it.

Now,  you might be asking yourself “What does it mean… granular access controls?” And the answer is simple.

Granular permissions or access controls means you grant specific permissions or enable actions when a user opens a file.  This means you can either allow or prevent a person from doing things in a file when it is open – or “in use” – and since data in use is really difficult to protect, wouldn’t it make sense to add this layer of protection?  By applying granular access controls, you can prevent someone from copying and pasting, taking a screen shot, or printing based on the classification of the file and security policy applied to it.  Users can be either granted or denied specific actions when a document is open.

Intellectual property is extremely valuable to your business, but it is really vulnerable to theft.  Think about your product design plans or maybe your trade secrets or product roadmaps.  Anyone could copy and paste that information into an email and send it to anyone, take a screen shot and text it to a friend or print it and walk out the door with a piece of paper.  If you’ve followed our first webinar “Overcoming Unstructured Data Security and Privacy Choke Points“, you will hopefully be thinking about getting your first line of defense, or your foundation built.  In our next webinar,  “How Granular Access Controls and User Behavior Analytics Close the Gap on Insider Threat” on Wednesday, August 7, 2019 at 11:30 am EST, we “get granular” about granular access controls.

 

Photo credit Kelli McClintock

Protect against insider threatsPicture it.  Your employees access sensitive and confidential customer information every day so they can do their jobs. Once the data leaves the protected confines of an information repository, file share or cloud-based service, your authorized users can share it with anyone, do anything with it and compromise your customer’s confidential information or your intellectual property.  As a result, you may be subject to regulatory fines, not to mention losing customers because they can’t trust you to maintain their confidentiality. And as for IP?  It could get in the hands of your competition, threatening your business.

What do you need to do?  You need to persistently protect confidential data so that customer information and your IP is protected regardless of where it goes and who has it.  Through a file-centric approach, you need to close the security gap that allows you to share sensitive data with unauthorized users by applying granular access controls to sensitive data.  Without granular access controls, you can’t prevent a user from copying data from a file and pasting it into an email, for example.  If you only encrypt a file and do not prevent copy and paste or printing, a user can easily compromise security. 

Picture it.  When you hire an employee, you are trusting them to always have the best interest of the company at heart. The employee trusts that the company will help them reach their goals in terms of career and advancement. Trust should be a two way street.  But in the former, it isn’t always black and white, because we know two things:

  1.  No one is infallible
  2.  Malice exists

To elaborate further… not so much on “No one is infallible” because we all know, mistakes happen.  Information can be accidentally sent to the wrong person through email either internal or external to the organization.   But for the sake of statistics and surveys, IBM recently published a study and cites that “…inadvertent breaches from human error and system glitches were still the cause for nearly half  (49%) of the data breaches in the report, costing companies over $3 million. 

But maliciousness, unfortunately is a reality.  Clear examples of why data may fall victim to exposure include:

  • The employee who gets let go   
  • The employee who leaves the organization because they feel they are being treated unfairly
  • The employee who decides they can advance their career by taking intellectual property or trade secrets to the competition 

As an organization, you can mitigate these risks by applying granular access controls and utilizing user behavior analytics.  This is the topic of my next webinar, “How Granular Access Controls and User Behavior Analytics Close the Gap on Insider Threat” on Wednesday, August 7, 2019 at 11:30 am EST.   If you have an interest in protecting your sensitive and private data, you should.

Photo credit Arlington Research 

PrivacyTo think about stronger data security and privacy protection! But first, I want you to think about the millions of heroes who have served our country.

As we approach the 4th of July, I wanted to take a moment to recognize the heroes in the many branches of the U.S. Military.  From myself, and on behalf of the entire team at Fasoo, THANK YOU for your service!

And while thinking about those who have put themselves at the first line of defense, defending our country and fighting for our freedom, we are still fighting for privacy and stronger data security.  As individuals, we are required to provide tons of personally identifiable information to our doctors, lawyers, employers and financial institutions – trusting that they will safeguard our information.  But data leaks still happen!  So we know we need to take data security and privacy seriously.

Now, I don’t want this discussion to turn political, but it was brought to my attention (thanks, Rick), in an article published by ZDNet that “The US State Department will now require new visitors to the United States to hand over their social media account names as well as email addresses and phone numbers used over the past five years.”

I remember when I was a kid, the USA was referred to as “The Great American Melting Pot” where people were welcomed from all over the world to come here and live their dream!  Freedom.  In fact, my own family migrated from Hungary and settled in Pennsylvania in the early 1900s.  Of course, this was long before the digital age.  Back then, the information collected, while personally identifiable in nature, was not nearly as much in terms of “volume”.  So while people are still coming to this country to live their dreams, the data requirement to do so is a magnitude far above what it used to be, exacerbating the amount of data that needs to be protected.   So what I am saying here is that these visitors’ dreams should NOT include the fear of identity theft and/or exposure of personal data.

In the digital age, our thirst for knowledge and expression has us willing to give information in exchange for merchandise, a whitepaper, maybe even recognition.   And we should be able, with trust and the freedom to do so, without fear.  So at the risk of misquoting one of our Founding Fathers, those who would give up personal data for essential freedom, deserve both privacy and security.

So fire up the grill, add another hot dog or hamburger, tofu for my vegan friends, crack open a beer or have some wine.  Enjoy your friends, family and freedom and by all means, please have a safe holiday!

By Deborah Kish – EVP Research & Marketing

GartnerI have to say, being on the other side of the Gartner Security and Risk Management Summit was a combination of exciting, fun, and educational. The cool thing is that I still got to get up on stage and the bonus was to see all the hard work that goes into exhibiting. I think the Fasoo team did a fantastic job setting up and manning the booth.

At our booth at the Summit, we highlighted new features of our Data Radar and Wrapsody eCo products that deliver a unique life-cycle approach to enterprise content challenges plaguing organizations globally.

Overall our booth attracted hundreds of visitors seeking products that can help them regain control over their unstructured data with particular interests in discovery, encryption and access control.

Privacy regulations such as GDPR and CCPA is the driving factor as visitors clearly indicated the need to adapt quickly to the changing environments. Also, new data security related projects have been planned or launched based on recognizing the impact from IT changes within the organization including the adoption of cloud infrastructure and applications.

Our visitors at the Gartner Security and Risk Management Summit ranged from CISOs, business unit owners, and cyber security professionals to Chief Data Officers and Chief Privacy Officers across multiple verticals. I hope I got a chance to meet you!

I was super excited to moderate our solution provider session at the Summit featuring 3 of our customers which included the regional CISO from a global financial institution, a business unit leader in the automotive industry and a consultant who is leading global digital transformation projects in the public sector globally. Each have projects that involve the challenges of unstructured data security and privacy with distinct use cases. They shared with the audience how they successfully “fast tracked” their way through the challenges often associated with these projects and accelerated their organizations’ paths to data centric security and privacy.

They shared how Fasoo helped them in their plight to gain control of and secure their unstructured data, their intellectual property and meet privacy regulations.

Deborah’s Final Thought:
As trends toward cloud and content collaboration continue – as growth in unstructured data increases and the perimeter fades, it is clear now, more than ever, that the market must adopt a file-centric approach to data security. I believe that this approach will minimize the risks associated with sensitive data exposure and help meet regulatory requirements.

By Deborah Kish – EVP Research & Marketing

HIPAAThis has been on my mind. A lot. Every day, I open my email to find news about how a company needs to pay a fine or a fee to either an individual or a regulator because data was leaked or stolen. This one in particular caught my eye because it is a classic example of data being accessed by likely the wrong individual and shared with someone who should definitely not have been able to see it. This one seems to be an access control and encryption play.  If they were in place, this healthcare entity wouldn’t have to shell out $853K and violate HIPAA regulations in the process.

And this one! It dates back to 2015, but it is still one of the largest hack attacks to date, and the settlement (which was just reached) is nearly $1 million dollars!  All because a sophisticated attack allowed the hackers to steal user credentials and 3.5 million patient records.   As a result (besides the $900K) MIE has a laundry list of technologies they will be required to invest in as well as implementing “controls during the creation of accounts that allow access to ePHI”.

This tells me something.  It tells me that there are still so many companies that do not have strong sensitive data security and privacy controls in place.

And, it leads me to feel even more strongly about the “file centric” approach. A file centric approach means that you are focusing on the actual data, (in both of these cases, PII) rather than the location of the data. Encryption and access control in these cases could have made a significant impact and saved; the victims of the breaches from potential harm like ID theft AND the entities themselves a lot of money.  I’ll be talking more in detail about this in my upcoming webinar “Overcoming Unstructured Data Security and Privacy Choke Points” this Thursday, June 6th at 1:30 pm. I’ve embedded the link so you can go ahead and register.

See you then!

By Deborah Kish – EVP Research & Marketing

regulatory complianceI sure hope so!  Well, the one year anniversary of GDPR is upon us and the challenge of effective, easily managed data security and regulatory compliance is palpable.  So, what did Fasoo do? We developed Data Radar (well, it has been around for a long time now) to deliver a unified unstructured data security and privacy approach that addresses the challenge of the evolving, complex compliance regulations like GDPR and CCPA across verticals ranging from healthcare to finance to manufacturing.

Data Radar is worth investigating if you want a solution that can automate unstructured data discovery, classification, protection, tracking, and compliance reporting. It’s got some cool unique features like:

It’s file-centric, meaning it doesn’t matter where it is because it isn’t chasing locations!

It encrypts and can apply access control, meaning the data itself is secure and only those with a valid need can see what it is.  So if it gets lost, stolen, sent to someone who does not have access, it is both private and secure!

It “Tags” the file by embedding a unique identifier which provides visibility, tracking and audit reporting capability.  You can see who, what, when and where that file has been!

It gives you easy automated expiration power!  You set the date for expiring the data and it’s gone!  No need for manual tracking and destruction of data.  You decide when it is no longer part of your unstructured sensitive data footprint.   Now you can concentrate on other important things.

You’ll hear more about it in the first of 3 webinars on Thursday June 6th at 1:30 pm.  Register by clicking here !

unstructured data securityThanks to all of you who responded to my last blog post regarding unstructured data security and privacy topics you’d like to hear more about. Here’s a sampling:

Why do so many data loss prevention projects either stall or de-scope? Why with significant industry expenditures in the space do we continue to experience record-breaking instances of data breaches and exfiltration? What are the latest methodologies and technologies security and privacy executives should consider implementing to protect their sensitive data and comply with stricter and pervasive privacy regulations such as GDPR and CCPA?

Whew, that’s a lot of ground to cover – but, it confirms the complexities that surround unstructured data challenges and the uncertainties security and risk professionals face as they consider ways to attack the problem.

So, here’s what I am going to try and do over the next 90 days – between this blog, our upcoming webinars and my session (Tuesday the 18th @ 10:45 am, Potomac A, Ballroom level) at Gartner’s Security and Risk Management conference next month (oh, and come visit our booth #563)  – essentially, offer an insider’s playbook to implementing an unstructured data security program while enabling privacy controls.  Whether migrating from existing DLP point solutions or wondering where your unstructured data lives today, my goal is to provide a life-cycle perspective as to the best methodologies and how to avoid the pitfalls that have plagued enterprise projects.  Learn ways to streamline, simplify and fast-track your unstructured data project to protect it and comply with privacy regulations.

Fasten your seat belts and stay tuned!

Fasoo shows unstructured data security at Gartner SRM 2018

This year at the Gartner Security & Risk Management Summit in National Harbor, MD there was a lot of focus on reducing business risk through improved cybersecurity that focuses on protecting data as users create and share it.  One area of concern to many organizations is how to find and protect sensitive data without impacting how employees and customers work.  Data protection regulations, like GDPR, are making things more complicated, but companies need to balance security with productivity.

At the Fasoo booth, a lot of people talked about issues with combining different technologies that still focus more on protecting the location of data rather than the data itself.  One executive from a manufacturing company talked about how her DLP system can tell them that sensitive documents were shared with external parties, but can’t really control their access or stop them from going out.  This is a common concern as companies use DLP, CASB and other technologies that can’t control access everywhere.

On Tuesday, June 5, 2018, John Herring, President & CEO of Fasoo, Inc. and Ron Arden, Executive Vice President and COO of Fasoo, Inc., presented “Unstructured Data Solutions Journey”.  John talked about the challenges of balancing data security and productivity and how many of the traditional approaches of securing the data perimeter haven’t met the hype.  By securing the data itself, you don’t need to worry about where it goes, since it’s always protected and tracked.  He presented how some of Fasoo’s customers have overcome the challenges with a holistic approach to discover, classify, protect and track sensitive manufacturing data and information subject to regulatory control using Fasoo Data Radar and Wrapsody.

Fasoo presentation on protecting unstructured data at GSRM 2018

Ron showed how in three quick steps with Wrapsody an organization can securely collaborate when creating a product quote while limiting access to specific people and making it easy to ensure they each have the latest version.  With a few clicks of a mouse a sales manager encrypted a spreadsheet, applied access control to it, provided an audit trail and automatically synchronized the latest version to a central location.  As the operations manager updates the quote and shares it with a customer, the process is easy for all parties to get the latest information and ensure the entire process is secure regardless of who has the document and where they open it.

During the course of the summit, a lot of attendees and analysts came to the Fasoo booth to understand the best ways to comply with new regulations and how to protect sensitive data from both internal and external threats.  Visitors were very impressed by how the Fasoo Data Security Framework can help them achieve those goals by discovering, encrypting and controlling their sensitive data.

Attendees at the session and at the booth were excited to see that Fasoo technology is very robust, balances security with usability and integrates with an organization’s existing infrastructure.  A common strategy is to make the technology almost invisible to users unless they try to violate a security policy.  I remember one person saying, “I was a little skeptical during your presentation, but convinced once I saw it in action.”

Categories
Book a meeting