Code42 security industry awards

Gosh, Well, What Can We Say Except “Thank You?”

Wherever their sensitive data and IP lives or moves, whether on endpoints, Google Drive or portable hard drives, companies trust us to protect their ideas and most valuable data, and we take that trust seriously. Ensuring their success is our number one mission at Code42.

That’s why it is especially gratifying when we are recognized among the industry’s most innovative and progressive companies for finding new ways to help our customers’ speed their detection and response to insider threats and other data loss and exfiltration events. We are thrilled to announce that in the first half of 2019 our Code42®Next-Gen Data Loss Protection solution has earned a number of industry honors:

  • Cybersecurity Insiders named Code42 a Gold Winner for Data Leakage Protection and a Silver Winner for Best Cybersecurity Company in the 2019 Cybersecurity Excellence Awards. These awards are produced in partnership with more than 400,000 cybersecurity professionals on LinkedIn to make award selections. 
  • Code42 was twice named a winner in the Cyber Defense Magazine 2019 InfoSec Awards in the categories of Next-Gen Data Loss Prevention and Next-Gen Insider Threat Detection. The Code42 Next-Gen DLP was selected by a panel of security professionals for the honor, which seeks to recognize industry innovators and those poised to become the next generation of industry leaders. 
  • Code42 Next-Gen DLP won the Bronze Stevie® Award in the Endpoint Security Management Solution category as part of the 17thAnnual American Business Awards®. More than 200 professionals worldwide participate in judging the Stevie® Awards. 

While we’re proud to make a difference in the businesses of our customers, we also take pride in making Code42 a great place to work for employees. 

  • For the fifth time, Code42 was named one of the Top Workplaces in Minnesota by the Star Tribune, our local Minneapolis newspaper. As a Top Workplace, Code42 joins the ranks of the most progressive companies in Minnesota, based on employee opinions measuring engagement, organizational health and satisfaction.

It’s the dedication and hard work of our employees that enable us to continue to fulfill our customer-first mission. With that said, we want to extend a special thanks to our employees and customers whose passion for what they do has driven us for the last 18 years to become an industry leader in data security.

Code42 Blog

Breach Fatigue – And How to Take Action

Since 2005, a staggering 9,033 data breaches have been made public — that averages about 1.77 breaches a day. In the wake of this stream of breaches, a sense of apathy has taken hold, causing both employees and organizations to become numb to their own security risks.

In her latest byline for TechBeacon, Code42 Chief Information Security Officer Jadee Hanson shares the dangers of employees and leadership experiencing breach fatigue and how it leaves an organization open to insider threats, ineffective security strategies and other security vulnerabilities.

The Best of Evolution19 - Code42 Blog

The Best of Evolution19 (Video)

Wow! What a great time we had at Evolution19 in Denver, April 30 to May 2. The event was jam packed with educational sessions, many opportunities to network and meet other customers, hear about product roadmap and what to expect from Code42 in the coming year. Evolution19 attendees heard about this year’s focus on actionable data insights, including new dashboards and alerting, which are coming soon. In addition, customers can expect new data security applications developed on top of the platform to support insider threat workflows, such as departing employees, workforce reductions and more. Be sure to stay up-to-date on product news by joining the Code42 customer community and registering for our quarterly product webinars.

Watch Evolution19 highlights.

And now, the Evolution19 Top 5:

5. Seattle Police Department Detective Ian Polhemus and Police Dog Bear: Okay, a dog as a keynote? Yes. We heard Ian talk about security and how Bear locates items you can’t easily see. This visibility message hit home for attendees as they thought about how effectively and quickly they can investigate and remediate data following a breach.  If your organization is still challenged to understand the forensics of a breach or attack and recover your data, just think of Code42 as your own personal Bear.

Code42 Evolution19 Keynote

4. Upgrades: Upgrading to a Code42 cloud solution is so easy that one of your peers moved to the cloud while onsite at Evolution19! As you embark on your own digital transformation, an upgrade gives you access to our best security and risk management tools.

It was exciting to see IT teams working hand-in-hand with their partners in Security to develop data protection strategies that really serve their businesses–we had some big teams attend Evolution19 together this year, and they were able to make some key  decisions on site.

3. Education and Training: Knowledge is power and you knocked it out of the park at Evolution19! A total of 35 people successfully became certified Code42 Administrators. We offered two certification classes and certified almost 50 admins and help desk staff. More than 90 customers took part in seven educational workshops that were hosted during the event. Five people also took our new Security Specialist exam that was offered as part of the Code42 Next-Gen DLP workshop.

Code42 Evolution19 Training

2. The Evolutionaries: We love to honor attendees for demonstrating their strength in security and creating a better workplace for the businesses they serve. This year, there were 30 finalists for the Evolutionaries and 10 winners. Watching the winners dance up onto the stage was a true highlight of this year’s Evolutionaries security industry awards.

Code42 Evolution19 Evolutionaries Awards

1. Networking: We heard all over the conference that the best times were when people had time to connect and learn from other Code42 customers. Whether it was dancing at Lucky Strike, earning cash through questions in sessions, meeting others or petting puppies from the Denver Animal Shelter, this group took advantage of this unique chance to network; it was very fun to watch.

But don’t take our word for it. Here’s what Evolution19 attendees had to say:

“Evolution19 has delivered on its promise. From panel sessions, workshops, product training and certification courses, Code42 has once again shown its commitment to its customers.”

Zerin Dube, Code42 customer and HFF Engineering Director

I debated going this year (since I just attended in 2018). So glad I went! Tons of new, valuable information; I reconnected with peers and colleagues; and saw the best doggone keynote speaker ever!”

David Paul, Code42 customer

“Finishing up an awesome few days here in Denver for Evolution19. Thank you to the Code42 team for putting on such a great event. Lots of fun, learning and connecting. Congrats to MACOMs own David Chiang on his Evangelist award! #thankyou #denver #code42 #macomlife”

Lauren Walsh, Code42 customer

Evolution20 has not been announced yet. We look forward to sharing what we have in store for you!


Learnings From Verizon’s Insider Threat Report Code42 Blog

Learnings From Verizon’s Insider Threat Report

What does McKinsey call one of the largest unsolved issues in cybersecurity today? Insider threat. They noted that a staggering half of all breaches between 2012-2017 had an insider threat component. To make consequential strides in combatting insider threat, the topic must be explored further. Thanks to Verizon’s Threat Research Advisory Center, which produced the Verizon Insider Threat Report, we can take an in-depth look at the role insider threat plays in the broader cyber threat landscape.

The Verizon report draws on statistics from their Data Breach Incident Reports and lessons learned from hundreds of investigations conducted by their internal forensics teams. It highlights the ease with which insiders exfiltrate data, while detection on the other hand often takes far longer.

“ Insider threat should no longer be a taboo subject for internal security teams. Denial has not helped – it has only resulted in time-to-discovery being months-to-years for most inside breaches. ”

A trio of Code42’s leading experts on insider threat shared their reactions to the report. Read on to find out their most compelling takeaways.

Jadee Hanson, CISO and VP Information Systems for Code42 called out:

  • The top motivations for insider threats include financial gain (48%), which is not surprising. This is followed second by FUN (23%). It’s deeply concerning to think that a colleague would do something detrimental to their own company… just for fun. 
  • Detecting and mitigating inside threats requires a completely different approach than what we (security teams) are used to when it comes to external threats. Insiders are active employees with active access and sometimes the actions these individuals take look completely normal to a security analyst. 
  • Security awareness and education and overall company culture continue to be a very effective way to mitigate the risks of insider threats. 

  • Data theft incidents are driven mostly by employees with little to no technical aptitude or organizational power. Regular users have access to sensitive and monetizable data and unfortunately too often are the ones behind most internal data breaches.

Code42’s Vijay Ramanathan, SVP Product Management, shared these thoughts: 

  • Insider threat should no longer be a taboo subject for internal security teams. Denial has not helped – it has only resulted in time-to-discovery being months-to-years for most inside breaches. This is a massive blind spot for security teams. Also, this is a problem for all sorts of companies. Not just large ones.

  • The report outlines counter measures that companies should take as part of a comprehensive data security strategy. This is a great starting point. But those measures (outlined on page 7) are nonetheless complex and require skilled staff. This continues to be difficult for many companies, particularly smaller and mid-market organizations, to navigate, especially because of the chronic skills shortage in the security industry. 

  • The “Careless Worker” is called out as one of the harder vectors to protect against. Security teams need to take a proactive, “data hunting” approach to help them understand where data lives and moves, when it leaves the organization, and in what situations data is at risk.

  • Robust data collection and preservation, along with behavior analytics, are models that can help organizations understand where accidental or deliberate data exposure/exfiltration may be occurring. This need is going to become even more stark in the next 12-36 months as companies come to terms with the reality that current data security tools, technologies and practices (eg. policy management, data classification, user blocking, highly-skilled security staff) are not designed for a much more fluid and unpredictable future.

Mark Wojtasiak, VP Portfolio Marketing highlighted: 

  • Nowhere in the report did Verizon say the goal was to prevent insider threats – the focus was all about detection, investigation and response. Verizon even called out DLP as a monitoring tool, likely to the chagrin of legacy DLP providers.
  • The single biggest problem relative to insider threat is detecting them in the first place and the length of time it takes to detect one. I argue that most insider breaches go undetected altogether and the number of insider breaches are actually grossly underreported.
  • Detecting insider threats comes down to how effective a company is in defining, collecting, correlating, analyzing and reporting on insider indicators of compromise. This basically means “machining” a security analyst’s intuition.
  • Creating insider indicators of compromise is difficult because they rely heavily on what is considered “normal” or “abnormal,” which can vary greatly by company, department, job role, individual and the data itself. It’s a lot of work, so why not just use machine learning to do it? 
  • Once an insider breach is detected and the investigation process starts, it can grow very complex quickly. Oftentimes multiple stakeholders are involved and organizations might hire or outsource digital forensic services, which can be expensive. There has to be a faster, simpler process, especially for small to mid-market companies, which can be devastated by insider threats.
  • Insider Threat Programs go way beyond the incident response process (detect – investigate – respond – communicate, etc.). Ongoing vulnerability audits and assessments are needed to fine tune the insider indicators of compromise.
  • I still find it shocking that data classification continues to be a must have – and that employees need to be trained, made aware of and actually take the steps to classify the data they create. Couldn’t it be an indicator of compromise in and of itself if an employee self-classifies data as non-sensitive, then exfiltrates it? 
  • Finally, it is clear that the key to establishing an insider threat program is to start with the data (called “assets” in the report), and then move to people. 

The rise of insider threats is a significant threat to every business and one that is often overlooked. While we all would like to think that employees’ intentions are good, we must prepare for malicious (or accidental) actions taken by those from within our organizations. And because up to 80 percent of a company’s value lies in its intellectual property, insiders are in the position to do serious harm to your business. Is your business prepared to minimize the impact of these data threats?

Security Pitfalls of Shared Public Links Code42 Blog

Security Pitfalls of Shared Public Links

Imagine terabytes of corporate data exposed in the wild by employees sharing publicly available links on the cloud. Sound far fetched? It’s not. According to a recent article from SiliconANGLE, that’s exactly what happened when security researchers uncovered terabytes of data from over 90 companies exposed by employees sharing publicly available links to Box Inc.’s cloud storage platform. And while it’s easy to think that this problem is restricted to Box, it is in fact a problem most cloud services like Dropbox or OneDrive for Business need to address.

“ Cloud security is failing every day due to public file share links – content that users deliberately or accidentally expose to outsiders or to unapproved users within the company. ”

Cloud security is failing every day due to public file share links – content that users deliberately or accidentally expose to outsiders or to unapproved users within the company. This presents significant gaps in cloud security and compliance strategies and raises important questions such as:

  • What data is going to an employee’s personal cloud?
  • Who’s making a link public instead of sharing it with specific people?
  • Are departments or teams using other/non-sanctioned clouds to get their work done?
  • Are contractors getting more visibility than they should in these clouds?

Compounding the problem, the remedy that most cloud services provide to administrators is to “configure shared link default access” to users. Administrators can configure shared link access so accidental or malicious links can’t be created in the first place, however, there is a clear loss of productivity when users who need the continued collaboration and ability to share are mistakenly denied. This is where IT/security teams need to strike the fine balance between protecting corporate IP and enabling user productivity.

Code42’s approach to DLP doesn’t block users or shut down sharing, giving organizations visibility while there is a free flow of information between partners, customers and users in general. While understanding that a link has gone public in the first place, security protocols should further include:

  • Identifying files that are going to personal clouds
  • Understanding who’s sharing links publicly and why
  • Mitigating instances of non-sanctioned clouds
  • Gaining visibility into cloud privileges extended to contractors or other third parties
Tips From the Trenches: Cloud Custodian–Automating AWS Security, Cost and Compliance Code42 Blog

Tips From the Trenches: Cloud Custodian–Automating AWS Security, Cost and Compliance

“We’re moving to the cloud.” If you haven’t heard this already, it’s likely you will soon. Moving to the public cloud poses many challenges upfront for businesses today. Primary problems that come to the forefront are security, cost and compliance. Where do businesses even start? How many tools do they need to purchase to fulfill these needs?

After deciding to jump start our own cloud journey, we spun up our first account in AWS and it was immediately apparent that traditional security controls weren’t going to necessarily adapt. Trying to lift and shift firewalls, threat vulnerability management solutions, etc. ran into a multitude of issues including but not limited to networking, AWS IAM roles and permissions and tool integrations. It was clear that tools built for on-premise deployments were no longer cost or technologically effective in AWS and a new solution was needed.

“ It was clear that tools built for on-premise deployments were no longer cost or technologically effective in AWS and a new solution was needed. ”

To remedy these discoveries, we decided to move to a multi-account strategy and automate our resource controls to support increasing consumption and account growth. Our answer to this was Capital One’s Cloud Custodian open source tool because it helps us manage our AWS environments by ensuring the following business needs are met:

  • Compliance with security policies
  • AWS tagging requirements
  • Identifying unused resources for removal/review
  • Off-hours are enforced to maximize cost reduction
  • Encryption needs are enforced
  • AWS Security Groups are not over permissive
  • And many more…

After identifying a tool that could automate our required controls in multiple accounts, it was time to implement the tool. The rest of this blog will focus on how Cloud Custodian works, how Code42 uses the tool, what kind of policies (with examples) Code42 implemented and resources to help one get started in implementing Cloud Custodian into their own environment.

How Code42 uses Cloud Custodian

Cloud Custodian is an open source tool created by Capital One. You can use it to automatically manage and monitor public cloud resources as defined by user written policies. Cloud Custodian works in AWS, Google Cloud Platform and Azure. We, of course, use it in AWS.

As a flexible “rules engine,” Cloud Custodian allowed us to define rules and remediation efforts into one policy. Cloud Custodian utilizes policies to target cloud resources with specified actions on a scheduled cadence. These policies are written in a simple YAML configuration file that specifies a resource type, resource filters and actions to be taken on specified targets. Once a policy is written, Cloud Custodian can interpret the policy file and deploy it as a Lambda function into an AWS account. Each policy gets its own Lambda function that enforces the user-defined rules on a user-defined cadence. At the time of this writing, Cloud Custodian supports 109 resources, 524 unique actions and 376 unique filters.

As opposed to writing and combining multiple custom scripts that make AWS API calls, retrieving responses, and then executing further actions from the results, the Cloud Custodian simply interprets an easy-to-write policy that then takes into consideration the resources, filters and actions and translates them into the appropriate AWS API calls. These simplifications make this type of work easy and achievable for even non-developers.

“ As a flexible rules engine, Cloud Custodian allowed us to define rules and remediation efforts into one policy. Cloud Custodian utilizes policies to target cloud resources with specified actions on a scheduled cadence. ”

Now that we understand the basic concepts of Cloud Custodian, let’s cover the general implementation. Cloud Custodian policies are written and validated locally. These policies are then deployed by either running Cloud Custodian locally and authenticating to AWS or in our case via CI/CD pipelines. At Code42, we deploy a baseline set of policies to every AWS account as part of the bootstrapping process and then add/remove policies as needed for specific environments. In addition to account specific policies, there are scenarios where a team may need an exemption, as such, we typically allow an “opt-out” tag for some policies. Code42 has policy violations report to a Slack channel via webhook created for each AWS account. In addition, we also distribute the resources.json logs directly into a SIEM for more robust handling/alerting.

Broadly speaking, Code42 has categorized policies into two types – (i) notify only and (ii) action and notify. Notify policies are more hygiene-related and include policies like tag compliance checks, multi-factor authentication checks and more. Action and notify policies are policies that take actions after meeting certain conditions, unless tagged for exemptions. Action and notify policies include policies like s3-global-grants, ec2-off-hours-enforcement and more.  The output from the custodian policies are also ingested into a SIEM solution to provide more robust visualization and alerting. This allows the individual account owners to review policy violations and perform the assign remediation actions to their teams. For Code42, these dashboards provide both the security team and account owners the overall health of our security controls and account hygiene. Examples of Code42 policies may be found at GitHub.

What policies did we implement?

There are three primary policy types Code42 deployed; cost-savings, hygiene and security. Since policies can take actions on resources, we learned that it is imperative that the team implementing the policies must collaborate closely with any teams affected by said policies in order to ensure all stakeholders know how to find and react to alerts and can provide proper feedback and adjustments when necessary. Good collaboration with your stakeholders will ultimately drive the level of success you achieve with this tool. Let’s hit on a few specific policies.

Cost Savings Policy – ec2-off-hours-enforcement

EC2 instances are one of AWS’s most commonly used services. EC2 allows a user to deploy cloud compute resources on-demand as necessary, however there are many cases where the compute gets left “on” even when it’s not used, which racks up costs. With Cloud Custodian we’ve allowed teams to define “off-hours” for their compute resources. For example, if I have a machine that only needs to be online 2 hours a day, I can automate the start and stop of that instance on a schedule. This saves 22 hours of compute time per day. As AWS usage increases and expands, these cost savings add up exponentially.

Hygiene Policy – ec2-tag-enforcement

AWS resource tagging is highly recommended in any environment. Tagging allows you to define multiple keys with values on resources that can be used for sorting, tracking, accountability, etc. At Code42, we require a pre-defined set of tags on every resource that supports tagging in every account. Manually enforcing this would be nearly impossible. As such, we utilized a custodian policy to enforce our tagging requirements across the board. This policy performs a series of actions as actions described below.

  1. The policy applies filters to look for all EC2 resources missing the required tags.
  2. When a violation is found, the policy adds a new tag to the resource “marking” it as a violation.
  3. The policy notifies account owners of the violation and that the violating instance will be stopped and terminated after a set time if it is not fixed.

If Cloud Custodian finds tags have been added within 24 hours, it will remove the tag “violation.” If the proper tags are not added after, the policy continues to notify account owners that their instance will be terminated. If not fixed within the specified time period, the instance will terminate and a final notification is sent.

This policy ultimately ensures we have tags that distinguish things like a resource “owner.” An owner tag allows us to identify which team owns a resource and where the deployment code for that resource might exist. With this information, we can drastically reduce investigation/remediation times for misconfigurations or for troubleshooting live issues.

Security Policy – S3-delete-unencrypted-on-creation

At Code42, we require that all S3 buckets have either KMS or AES-256 encryption enabled. It is important to remember that we have an “opt-out” capability built into these policies so they can be bypassed when necessary and after approval. The bypass is done via a tag that is easy for us to search for and review to ensure bucket scope and drift are managed appropriately.

This policy is relatively straightforward. If the policy sees a “CreateBucket” Cloudtrail event, it checks the bucket for encryption. If no encryption is enabled and an appropriate bypass tag is not found, then the policy will delete the bucket immediately and notify the account owners. It’s likely by this point you’ve heard of a data leak due to a misconfigured S3 bucket.  It can be nearly impossible to manually manage a large scale S3 deployment or buckets created by shadow IT. This policy helps account owners learn good security hygiene, and at the same time it ensures our security controls are met automatically without having to search through accounts and buckets by hand. Ultimately, this helps verify that S3 misconfigurations don’t lead to unexpected data leaks.

Just starting out?

Hopefully this blog helped highlight the power of Capital One’s Cloud Custodian and its automation capabilities. The Cloud Custodian policies can be easily learned and written by non-developers, and provides needed security capabilities. Check out the links in the “Resources” section below regarding Capital One’s documentation, as well as examples of some of Code42’s baseline policies that get deployed into every AWS account during our bootstrap process. Note: these policies should be tuned accordingly to your business and environment needs and not all will be applicable to you.

Resources:

Authors:

Aakif Shaikh, CISSP, CISA, CEH, CHFI is a senior security analyst at Code42. His responsibilities include cloud security, security consulting, penetration testing and inside threat management. Aakif brings 12+ years of experience into a wide variety of technical domains within information security including information assurance, compliance and risk management. Connect with Aakif Shaikh on LinkedIn.

Byron Enos Code42

Byron Enos is a senior security engineer at Code42, focused on cloud security and DevSecOps. Byron has spent the last four years helping develop secure solutions for multiple public and private clouds. Connect with Byron Enos on LinkedIn.

Code42 Jim Razmus

Jim Razmus II is director of cloud architecture at Code42. He tames complexity, seeks simplicity and designs elegantly. Connect with Jim Razmus II on LinkedIn.

Code42 Product Spotlight: Identify Risk to Data Using Advanced Exfiltration Detection

Product Spotlight: Identify Risk to Data Using Advanced Exfiltration Detection

When it comes to data loss protection, there are fundamental security questions that every organization needs to answer. These include, “Who has access to what files?” and “When and how are those files leaving my organization?”

Code42 Next-Gen Data Loss Protection helps you get answers to these questions in seconds by monitoring and investigating file activity across endpoints and cloud services. And now, Code42 has expanded its investigation capabilities to provide greater visibility into removable media, personal cloud and web browser usage by allowing security analysts to search file activity such as:

  • Files synced to personal cloud services. Code42 monitors files that exist in a folder used for syncing with cloud services, including iCloud, Box, Dropbox, Google Drive and Microsoft OneDrive.
  • Use of removable media. Code42 monitors file activity on external devices, such as an external drive or memory card.
  • Files read by browsers and apps. Code42 monitors files opened in an app that is commonly used for uploading files, such as a web browser, Slack, FTP client or curl.

Advanced Exfiltration Detection can be applied to proactively monitor risky user activity — such as the use of USBs across an organization — as well as to eliminate blind spots during security investigations. For example, imagine you’ve just learned that a confidential roadmap presentation was accidentally sent to the wrong email distribution list. Sure, it can later be deleted from the email server. But did anyone download it? Has anyone shared it? By using Code42 to perform a quick search of the file name, you can answer those questions in seconds. You’ll not only see which users have downloaded the attachment, but also that one has since saved the file to a personal Dropbox account. With this information in hand, you can quickly take action against this risky data exposure.

See Advanced Exfiltration Detection in action.


Code42 Security Team Talks Predictions for 2019

The Code42 Security Team Talks Predictions for 2019

As companies plan their data security strategy for 2019, they’re faced with a particularly challenging set of unknowns. On top of shifts in the market and political uncertainties, businesses must operate in an ever-changing threat landscape as they make decisions about how best to protect their most valuable asset: their data.

We gathered members of the Code42 security team for a roundtable discussion to get their cybersecurity predictions for 2019. The upshot: Employee behavior and need for collaboration will challenge security teams as they face an increasingly hostile threat landscape and tightened regulations.

Employee behavior and corporate practices will be front-and-center for data security strategies.

Chrysa Freeman, senior analyst, security awareness and training: Security awareness isn’t always a hot topic, but we’re going to see a lot of change in this space in 2019. Annual compliance trainings and e-learnings will be replaced by interactive, short, frequent trainings to increase employee engagement and retention of the content. Companies will start using humor instead of the somber, scare-your-socks-off tone of years past because they’ll recognize they’ll be more successful when trainings are engaging and to the point.

Jeremy Thimmesch, senior information security analyst: We will continue to see organizations struggling with the basics: patching, asset management, access control and data management. Vulnerabilities in operating systems, applications and infrastructure will go unpatched due to IT constraints, leadership priorities, and poorly implemented vulnerability and risk management programs. As a result, we will continue to see breaches from the usual suspects: phishing, lack of user awareness and poor patch management.

“ Employee behavior and need for collaboration will challenge security teams as they face an increasingly hostile threat landscape and tightened regulations. ”

Use of two-factor authentication and password managers will increase.

Jeff Holschuh, manager of identity: 2019 will be the year of two-factor authentication for consumer websites. With the huge number of compromised username/password combinations currently for sale on the dark web, the number of banks and e-commerce sites that allow a second authentication factor will increase substantially.

Chris Way, senior security engineer: As breaches continue to become more commonplace, more users will embrace password managers. They are timesavers when the alternative is having to manually update your passwords across the board

The regulatory environment will tighten, but companies may not change anything.

Chris Ulrich, senior information security analyst: 2019 will be the beginning of the “Data Responsibility” movement, partly because of GDPR and partly because people are tired of having their data spilled all over the Internet with little to no recourse for the responsible party. Most breaches are a result of vulnerability and carelessness. I’m always hearing people ask, “What could security have done better?” But not once have I heard, “Why did we have this data in the first place?”

Nathan Hunstad, director of security: I’m a bit more pessimistic: nothing will change. Systems will continue to go unpatched; and as a result, avoidable exploits will not be avoided. People will click on links. There will be at least one breach with more than 100 million records lost. GDPR will increase the fines for some of these breaches, but not enough to motivate companies to approach security differently; the recent fine of Google for €50 million is pocket change to such a company. Instead, we will see companies just leave the EU market to avoid regulatory burden.

Cyber warfare will escalate and create more mistrust in our digital world.

Andrew Moravec, security architect: 2019 will be the year when cyber warfare moves further out of the shadows. We’ll see nations actively spying on foreign citizens and bugging officials and executives via their own gadgets and technology. We’ll see foreign leaders and states use hacks and cyberattacks against global corporations as a form of extortion for political influence. With successful attacks, we’ll see bravado — “Big deal, what are you going to do about it?” — and  fewer denials.

There will also be a resurgence of troubled and misguided attempts to regulate and monitor social networks and calls to ban VPNs and limit civilian cryptography, which is currently the case in Australia.

You will see a cable or DSL network go down for a prolonged period of time, perhaps for days. It will be unclear if this is an attack or the result of poor management or overwhelmed staff. The result will be a conversation on how dependent we are on computer networks for day-to-day life, and just who do we trust with our link to the world.

Despite the increasing challenges, security teams will need to allow employee collaboration—and be collaborators themselves.

Michelle Killian, senior manager of security and risk compliance: I’d love to see security get better at real information sharing and collaboration in 2019. The DevOps community is awesome at sharing their failures as much as their wins, which allows the community to benefit. Security is, understandably, a bit more tight-lipped about our failures. But I think we’re only hurting ourselves and making adversaries out of what should be great security partners.

Byron Enos, senior security engineer: In 2019, security teams will be forced to become more agile to keep up with business demands. They will start moving away from big gates and bars, and instead gravitate towards automation and providing “security as a service” to internal business partners.

Shape Technologies Group Relies on Next-Gen DLP

Shape Technologies Group Relies on Code42 Next-Gen Data Loss Protection to Safeguard Data

As industry leaders seek to consolidate their positioning in the global marketplace, mergers and acquisition activity continues to surge. In 2018, companies announced more than 50,000 transactions worldwide for a total value of approximately $4 trillion.  However, only one out of five M&As achieves its potential value. 

One culprit for lackluster M&A results? Losing valuable IP—much of which lives on employee endpoints—from the sell-side company during the acquisition process. Much of an acquisition target’s value lies in its IP. In order to get the full value of an acquisition, buy-side organizations must identify, locate, secure and safely migrate the IP of the sell-side company. And it has to happen fast.

IT implications for growth

One company that’s garnering top value from the IP of its merger and acquisitions is SHAPE. You likely encounter the results of SHAPE’s waterjet cutting solutions every day. Its technologies are integral in many industries such as auto, aerospace, food, mobile and fabrication. Since 1974, the Kent, Washington-based company has delivered more than 13,000 waterjet systems to customers in more than 100 countries.

The global company employs 1,400 workers in more than 20 offices in North and South America, Asia and Europe. The organization’s goal is to double in size over the next four years to reach $1 billion. In addition to strong organic growth, one of SHAPE’s growth strategies is acquisitions — many of which are smaller companies and some are overseas.

With such aggressive growth targets come data security and IT challenges. 

SHAPE turned to Code42 for its Next-Gen Data Loss Protection (DLP) to help protect precious IP during M&As and against loss or theft during employee departures.

“ Some of the companies SHAPE acquires don’t have sophisticated security and IT programs, so SHAPE’s IT team must quickly get their data secured, integrated with their core technologies and aligned with IT standards. ”

Protecting sell-side company data

A large part of the value proposition when SHAPE buys a company is the IP that comes along with it. Unfortunately, that data is easily put at risk by employee actions and departures. That’s why it’s critical to protect the files and information on the sell-side company’s devices. The IT department at SHAPE understands the reality of this risk and proactively takes steps to protect the organization’s IP and secure the data. 

“Our initial goal is to get the data captured and backed up,” says Jeff Zuniga, director of IT operations. “Some people have taken it upon themselves to delete files thinking they’re helping by cleaning things up. Once we get the data protected, we are able to manage it and consume it as needed.”

Some of the companies SHAPE acquires don’t have sophisticated security and IT programs, so SHAPE’s IT team must quickly get their data secured, integrated with their core technologies and aligned with IT standards.

“We needed a quick way to be able to start collecting the data that resided on their machines,” says Zuniga. “A lot of them ran on a shoestring budget and workstation backups weren’t part of their vocabulary.”

Safeguarding data during consolidation

Organizational consolidation often accompanies acquisitions — and often includes employee departures. To monitor IP and determine whether there’s any suspicious file movement or deletion during this process, SHAPE is using Code42. 

“Being able to make sure we’re protecting our IP, that it’s not walking out the door, is important,” says Zuniga.

At a company that’s the innovator in its field, IP carries a premium—and without the right tools, it could be vulnerable to insider threats.

“We have a lot of IP like our drawings, sensitive information like cost of goods, where we purchase things, vendor lists,” says Zuniga. “We’ve been running reports and looking at users who have copied their local drives. We have to sort through and see if they’re personal files or does it contain IP.”

As it maintains its growth trajectory, SHAPE’s strategic approach to IT will continue to serve it well. And Code42 Next-Gen Data Loss Protection capabilities like data collection and monitoring, will help the industry leader safeguard its valuable IP—that of its acquisition targets and the homegrown ideas that have made it the industry leader for more than four decades.

Using-Delayed-Client-Updates-to-Test-the-Code42-App

Product Spotlight: Using Delayed Client Updates to Test the Code42 App

One of the benefits of selecting a Code42 cloud deployment is that that you don’t need to manage software upgrades. Code42 manages all infrastructure, and the Code42 app installed on endpoints is automatically updated when new versions are released. This process ensures your organization always has the latest security updates and newest functionality.

However, some customers have told us their change management process requires them to test new versions of the Code42 app with internal groups prior to distributing to the entire organization. Today we’re excited to announce new functionality that allows you to do just that.

With the new delayed client updates functionality, Code42 cloud deployment customers have up to thirty days to test new versions of the Code42 app before all endpoints are updated. In most cases, you will be notified one week prior to the release date so that you can prepare for the start of the testing period.

How to use delayed client updates

First, you must opt into this functionality by setting a global delay for all Code42 app updates. This delay can be set for up to thirty days. The selected global delay becomes the date on which all endpoints will receive a new version of the Code42 app after its release. Customers who do not set a global delay will continue to receive new versions of the Code42 app automatically on release date.

Once you’ve selected your global delay, you can specify organizations as “exceptions” to the delay date. These will become your test organizations. For example, if you’ve set your global delay to the thirty day maximum, you can arrange for the IT organization to receive the update on the general availability date, and for the marketing organization to receive the new app ten days after the release. This allows for sequenced testing with multiple test groups. If needed, you can also deploy to individual devices for targeted testing.

Once you’ve completed any desired testing, all Code42 apps will update automatically according to your global delay setting.

We hope this process allows you to follow your established change management process while still benefiting from the automatic updates that come with a cloud deployment. Happy testing!