The COVID-19 pandemic has heightened the threat of shadow IT with use of remote access tools growing exponentially. In these challenging times, CISOs need to rethink their approach to insider risk protection. Rob Juncker, Code42’s CTO shares how executives can shore up insider threat management without adding more risk to their data.
Remote workOpens a new window was already growing before the current crisis. Digital transformation, cloud adoption, opportunities to enter emerging markets, and other factors have distributed today’s workforce across regions and the globe. COVID-19Opens a new window greatly accelerated this trend—forcing companies to go from enabling a small population of remote employees to supporting the entire workforce working from home literally overnight. After the shelter-in-place orders are dialed back, we will continue to email, airdrop, message and slack 24×7 from our desktops, laptops, and mobile devices from anywhere business takes us. If anything, this spring has been a proving ground for remote, collaborative work – a trend that will continue long after the pandemic subsides.
However, while technology has made it easy for employees to share files legitimately via email and cloud, it’s also made it easier for them to put data, like product roadmaps, source code and customer information, at-risk either accidentally or maliciously. It’s clear that organizations need a better way to secure their data through insider risk protection programs as we continue to embrace this collaboration culture.
Collaborative Work Exacerbates Insider Risk Problem
The 2020 Data Exposure Report on insider threat validates that shadow IT is all too common. Nearly four out of ten knowledge workers admit to using unauthorized apps daily to share files with colleagues while more than a third state that they believe file-sharing has made them more complacent about data securityOpens a new window . The most common unauthorized platforms for sharing files with colleagues are WhatsApp, GoogleOpens a new window Drive, Facebook, and personal email.
The problem with using unauthorized applications to share data is that security teams have no visibility or control over these processes. Users could be accidentally exposing entire customer databases, and IT would have no idea. Interestingly, the younger the worker, the more likely they are to use unauthorized apps for file sharing and collaboration—pointing to the likelihood that the trend will only get worse. Organizations need to act now to safeguard their most vulnerable data.
A New Approach to Insider Risk Protection
Traditional security solutions prevent data exfiltration by locking down data. Data centers are virtual castles with heavily fortified walls and gateways that identify, monitor, and track all data going in and out of the organization. However, the hub and spoke model was designed before modern collaboration tools radically altered how we access data remotely, typically when off the corporate network, and in the cloud. Data Loss Prevention (DLP), for example, requires data monitoring through carefully crafted policies and classification, but policies can’t be applied to data that resides on cloud infrastructure, which sits outside an organization’s cone of control.
This lack of visibility and control over cloud platformsOpens a new window understandably makes IT teams nervous, but organizations cannot restrict access to these extremely useful tools for fear of stifling collaboration and innovation. Instead, it’s time for organizations to acknowledge that there is an acceptable level of risk and they need to think about data security in a way that embraces—not stifles—collaboration and productivity.
The ability to track data as it moves across and outside the organization plays a critical role in securing dataOpens a new window . Security teams need to have complete visibility over their data stack to understand the true insider risk to data. By focusing on the data rather than the user, the trustworthiness of the employee is no longer a factor. With real-time visibility into all files, security teams can detect and respond to data loss, leak, theft, and sabotage while protecting the most important asset—the organization’s data.
Here are three things organizations can do to reinforce their insider risk protection capabilities without stifling collaboration:
1. Don’t Fight Progress. Ride the Wave of Collaboration
As I said earlier, the growth of remote work is not new—expanding by 159 percentOpens a new window over the past 12 years. We were already heading in this direction before COVID-19. The future of work is only going to continue to get more distributed, more mobile and more collaborative after the virus has been controlled. Smart executives are recognizing the benefits of remote working and embracing the change. In fact, Gartner notes that post the pandemic, nearly three-quarters of CFOs plan to move more employees into permanent remote positions. Giving employees secure, reliable, and seamless access to the tools and information they need anywhere in the world enables fast, accurate decision making—allowing organizations to take advantage of new opportunities to grow the business.
Learn More: 3 Pro Tips for Managing a Remote WorkforceOpens a new window
2. Cover Your Blindside
There’s a reason left tackle is one of the highest-paid positions in the NFL. They are often the only thing standing in the way of a 300-pound linebacker coming at a quarterback from behind and driving him into the ground. The position requires size, strength, speed, agility—and, most of all, the brains and confidence to take on the responsibility of protecting the team’s most valuable asset. Insider risk protection is the left tackle of the enterprise security program and your data is the quarterback. You don’t want someone sneaking up from behind to exfiltrate data while everyone is looking the other way. Insider risk programs are too often overlooked and underfunded—something that needs to change in this new era of collaboration.
Learn More: Embrace Strong Digital Strategy to Thrive, Not Survive Remote WorkOpens a new window
3. Culture Shifts Require a Technology Shift
Enabling a culture of collaboration Opens a new window does not require a compromise on security—as long as organizations are able to shift how they think about and approach data securityOpens a new window . It’s pretty clear that legacy security solutions are ill-equipped to deal with new security threats. Data exfiltration – whether accidental or malicious – is inevitable, and prevention is no longer enough. Organizations need solutions that provide complete visibility into where data lives and a high-fidelity signal for when it moves and leaves the organization. Only then can they take action to recover their lost data.
The COVID-19 pandemic accelerated remote work trends and serves as a grand experiment for organizations to embrace collaborative technologies to improve productivity and innovation. However, a distributed, collaborative workforce opens organizations to insider data risks by exposing data through cloud-based applications that fall outside security’s visibility and control. Organizations need to change their security Opens a new window approaches to protect their data—building a robust insider threat protection program that relies on the ability to quickly detect, investigate and respond to the inevitable risks to data security.
Let us know if you liked this article on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!