Today, insider threats can be eliminated by adopting data-centric data protection. Legacy data protection solutions focused on networks, endpoints, files and disks. Those solutions did not protect information as it moved from one device or medium to another. As a byproduct of this paradigm, data protection would attempt to block users from using “Save As” or copying a file to a USB drive. Legacy solutions attempted to jail data for the sake of security. Employees couldn’t do their work effectively, leading to a new threat — Shadow IT. This meant corporate IT didn’t even have visibility to how information was moving through the organization.
From what I’ve seen in my experience as a leader in enterprise software development, a new data-centric approach is required for today’s dynamic environment. Whether you refer to the world as Forrester’s Zero Trust, Google’s BeyondCorp or cloud-first, data protection, in general, must follow the data as it moves from one file to another, from one file type to another and be read and modified by applications and while being stored locally, centrally or in the cloud.
To ensure your company’s data protection is up to par, here are four things to consider:
Transparent Data Protection
Users and applications work with protected data in the same way they would unprotected data, to both data protection is transparent. Users should not struggle with changing file names or extensions. When any security solution imposes additional steps, users start to opt-out of security.
End insider threats such as malicious insiders, accidental sharing and Shadow IT by making data protection invisible to end-users. When other processes affect end-users, users look for workarounds to improve their productivity. Organizations are asking employees to opt-in to data protection. Users have to take on the extra burden of additional tasks or even the difficulty of making security decisions such as deciding what data is important or sensitive.
A transparent data-centric data protection solution would not impact end-users and require no changes to the business process or workflow.
Automatic Derivative Works
Data-centric solutions enable new paradigm protection without impacting users or business workflow. Legacy protection solutions try to block copy and paste or “Save As” functions from users. A data-centric approach encourages users to adopt all the productivity tools available, including “Save As” and copy and paste. For users to be efficient in their role, they need to be able to perform routine tasks on any data. A data-centric solution tracks protected data from a spreadsheet and continues to protect the data as it is copied into a presentation.
Protection For Everything All the Time
Protected data should always be protected at rest, in transit and in use. Protection should include securing temporary files and in-use data. Data-centric solutions are platform-independent and support all file types, all applications, all operating systems (Windows, Mac, iOS, Android, and Linux). Data is protected as it is transferred or stored in cloud applications.
Tracking For Auditing and Reporting
Each time data is accessed, or an attempt to access data is made, the process is logged. Rich log data is captured for real-time monitoring as well as compliance reporting and auditing. Log data should include users, device, application, geolocation, file, time, success and other data to ensure proper reporting as well as inputs for automated orchestration tools.
Here are three tips to kickstart your data-centric journey and end insider threats:
1. The traditional paradigm for security has been discovery, classify and protect. Skip the first two steps. What organizations really need to stop insider threats is protection. Protection has come last historically because solutions were cumbersome and intrusive to end-users, so organizations want to protect as little as possible. With transparent solutions, organizations can protect all their data easily.
2. Get as much visibility as possible. There are so many cost-effective SIEM (Security Information and Event Management) solutions that can provide deep insight into data security. Data-centric data protection solutions provide not only user-based access information but also application information including the application signing signature. Consider a solution that enables early detection of rogue applications and users.
3. Beware of the wolf in sheep’s clothing. Many solutions will claim to be data-centric. Ask a few questions to confirm if they really are. Does the solution work with any file type? Any application? Any file size? Solutions that don’t meet those requirements are just application-level security solutions and would never protect data as it moves from format to format.
Taking a modern data-centric approach to data protection will allow organizations to end insider threats.