As much as we may not like to talk about it, half of the major threats to the security of our corporate data come from the inside. That doesn’t mean that our employees are malicious — insider risk can surface in numerous ways: user errors and accidents, lost or stolen devices, even hardware failures — and the list goes on. In fact, a report by International Data Group (IDC) showed that three of the top five most common high-value information incidents involve insiders.
Given this, it’s no surprise that for years, organizations have been using data loss prevention (DLP) solutions to try to prevent data loss from happening. The problem is that the prevention-first approach of DLP solutions no longer meets the needs of today’s IP-rich, culturally progressive organizations, which thrive on mobility, collaboration and speed. The rigid “trust no one” policies of legacy DLP block user productivity and are often riddled with exceptions and loopholes. For IT, legacy DLP solutions can be expensive to deploy and manage — and only protect selected subsets of files.
A fresh start
The prevention focus of traditional DLP forces a productivity trade-off that isn’t right for all companies — and isn’t successfully stopping data breaches. That’s why it’s time for organizations to rethink the very concept of DLP and shift their focus from data loss prevention to data risk detection and response. Data Risk Detection & Response enables security, IT and legal teams to more quickly (and together) to easily protect their organization’s data while fostering and maintaining the open and collaborative culture their employees need to get their work done.
Rather than enforcing strict prevention policies that block the day-to-day work of employees, an approach focused on fast, simple and accurate detection and response clears the way for innovation and collaboration by providing real-time visibility to when data is put at risk.
Security: from Police to Partner
By focusing on all files in an organization, Data Risk Detection & Response (we’ll call it DRDR for simplicity sake) offers additional benefits for Security’s partners in IT, Legal and HR:
- Fosters employee productivity: Data Risk Detection & Response enables employees to work without hindering productivity and collaboration. Workers are not slowed down by “prevention-first” policies that inevitably misdiagnose events and interfere with their ability to access and use data to do their work. This is music to the ears of IT and HR leaders who are empowered by the CEO to build and foster a collaborative, innovative and results oriented culture.
- Simplifies risk investigation and remediation: Unlike DLP solutions, DRDR does not require policies — so there is no complex policy management. Because DRDR continuously watches ALL files and file activity, it can automatically assess risk by correlating metadata based on file type, owner, event, source, destination, and dozens more. While DRDR doesn’t require policies, security and legal teams can still use it to verify data use. For example, administrators can be alerted when an unusually large number of files are transferred to removable media or cloud services. If the files have already left the organization, DRDR can see exactly what was taken and restore those files for rapid investigation and legal response. Long-term file retention helps satisfy legal and compliance requirements too – providing a complete data history for as long a time period as an organization requires.
- Lives in the cloud: As a cloud-native solution, DRDR frees IT from expensive and challenging hardware management, as well as the complex and costly modular architectures that are common with DLP. Because DRDR is a cloud-native solution, IT can rapidly deploy, and since the extensive time and effort required to create and refine policies is not needed – security can rapidly reap the rewards. This is especially important for resource constrained Security teams or IT teams that also wear the security hat.
A new paradigm for Insider Risk
Data Risk Detection & Response is a huge departure from legacy DLP solutions, but it’s a logical and necessary evolution of data protection given the growth of insider threat and changing needs and work preferences of today’s IP-rich and culturally progressive organizations — small, mid-size and large. Companies today are looking for better ways to protect their data while freeing employees to create the ideas that drive the business. Security that enables collaboration – now that’s an idea worth exploring.
Original post appeared on Code42