Leading organizations are discovering how a protect first, file centric approach fortifies data security and enhances data visibility to comply with privacy regulations like GDPR and CCPA. Now, learn how this approach simplifies implementation and operations to fast track your security and privacy initiatives.
Today’s Data Loss Prevention (DLP) and data security analytics solutions are challenging to deploy and manage. These solutions repetitively apply complicated rules and analytics at each location where data travels to identify misuse.
Common shortfalls include:
- Rule-sets and analytics only monitor but don’t protect the data itself.
- Responding to alerts, including false-positives, overwhelms security staff.
- Inappropriately applied rules block user workflows.
- Implementation is required at each email, network, endpoint and cloud location.
A protect first approach takes a more direct path to safeguarding files that contain sensitive data. At its core is a file-centric technology. A file with sensitive data is discovered, classified and secured the moment it’s created.At its core is a file-centric technology. A file with sensitive data is discovered, classified and secured the moment it’s created. This one time detect and secure method:
- Encrypts and binds identity and access to the file itself for strong protection
- Eliminates continuous monitoring and alert administration
- Uses transparent and seamless protection that doesn’t disrupt workflows
- Protects file independent of server, storage or device
By working at the file level, this approach creates a sequence of efficiencies that simplify and streamline data discovery, classification, protection, audit and policy management. When deployed as an integrated platform, the approach delivers a high degree of automation with centralized controls.
Self-reporting files use an embedded ID technology to trace and record all interactions
Keep initial discovery simple to gain a first-pass understanding of your data inventory and where security gaps exist
Searching for common file extensions will provide valuable insights into the kind of sensitive information you have and where it is located. The discovery tool searches file shares, desktops, laptops, other endpoints and mapped drives. This snapshot will give you the location of all files,
volume of file types you have, who the file owner is, which department it belongs to, and the last date it was accessed.
Use basic insights to formulate priorities
By focusing on the primary goal – to safeguard sensitive unstructured data – you might quickly find that files owned by Human Resources (HR), Research and Development (R&D) or Finance have spread outside their designated file storage locations. If these sensitive files are on employees’ laptops, on removable drives or are shared with third parties, the data is at high risk of exposure and should be assessed as an early priority target.
KEY INSIGHT: Too often projects lose momentum as governance, legal, compliance, IT and security work across multiple departments to gather requirements and develop policies. Overcome inertia and engage with your data inventory to help drive informed policies.
Divide and Conquer
Focus on data that your organization currently generates, accesses and shares. Set older, dated inventory on a separate remediation path. Finally, assess all data for its value, especially “dark” and redundant, obsolete or trivial (ROT) data.
As a general rule, data less than one year old often represents less than 25% of corporate data
Current and active data is typically what matters to your business today and likely the most valuable to threat actors. Target this subset of data first and use the experience to fine tune your policies. Move this current data onto downstream classification and protection processes first to get sensitive data protected and under control as quickly as possible