Legacy DLP Doesn’t Work: McAfee Sues Former Employees for Stealing Company Data

If you think your company is immune to departing employees walking out the door with sensitive data, think again.

Case in point: A world leader in data loss security, McAfee, just filed a lawsuit against three former employees for conspiracy and stealing trade secrets before they went to work for Tanium, a market rival. To carry out the alleged heist, the employees did not use the type of sophisticated technology that you might expect. Instead, according to the lawsuit, confidential company information was moved to unauthorized USB devices, private email addresses and cloud-based drives.

“ If a legacy DLP vendor can’t keep a simple breach from occurring in its own company, why would anyone trust legacy DLP software to keep their data safe? Short answer: they shouldn’t. ”

The kicker? A “leader” in data loss prevention didn’t realize that critical data was leaving until months after the damage was already done. And even then, they couldn’t definitively determine what had been taken or how much. 

Thank you, McAfee, for demonstrating what many of your customers must already know — legacy Data Loss Prevention (DLP) doesn’t work. If a legacy DLP vendor can’t keep a simple breach from occurring in its own company (a breach of data that McAfee claims is worth millions of dollars!) why would anyone trust legacy DLP software to keep their data safe? Short answer: they shouldn’t.

The insider threat problem is growing

The insider threat problem is getting worse. Simply put: when people leave jobs, they take lots of data with them. According to McKinsey, 50 percent of breaches involved insiders between 2012 and 2017. It’s no longer a matter of whether data leaves, but when it leaves – and it’s leaving every day.

Part of the problem is that data has never been more portable — so taking it has never been easier. Sales lists, product specs, pricing information, payroll data and even contact lists are just a few examples of small but critically important files that are simple to take. Employees can store hundreds of gigabytes on their mobile devices, put 1TB or more of data on removable media, or quickly transfer data to personal cloud storage services like Dropbox.

Not only is data moving around more, but so are employees. The median tenure of U.S. workers ages 25 to 34 is just 2.8 years. And as they move from company to company, they take data with them. But that’s not all. While they may change companies, many opt to stay within the same industry, making the data that goes with them even more valuable.

“ We are offering all McAfee customers six months of free service when they buy a year of Code42 Next-Gen Data Loss Protection. ”

This is a solvable problem

At Code42 we’ve been working to help our customers face these challenges. Our insider threat solution identifies what data employees are taking as they depart your organization. In fact, we look back for 90 days because we have found the smart employees take important data long before they actually quit. Unlike McAfee and other traditional DLP players, we don’t require policies or classification of data, which means our solutions roll out in days not months. Oh, and unlike traditional DLP, we track all data exfiltration. Our products are designed to tell you before the damage is done so you don’t have to file lawsuits like McAfee’s.

To put our conviction on display, we are offering all McAfee customers six months of free service when they buy a year of Code42 Next-Gen Data Loss Protection*. And yes, that offer even extends to McAfee. After all, their data is valuable too, and they clearly need a better solution. 

*Offer details: If you are a current McAfee DLP customer, Code42 will offer six free months of service to switch to Code42. You must be a new Code42 customer and you must buy a minimum of 12 months of service to qualify for the six free months. This offer is valid through December 31, 2019. Contact Code42 sales at (877) 464-1061, or email mark.blaseck@code42.com.

Consumer and Enterprise Data Protection Needs Diverge

Today we announced our decision to no longer offer the consumer version of our product, known as CrashPlan for Home. We will honor all of our existing agreements with consumers, but we will no longer renew any consumer subscriptions, nor will we sign up any new consumers for Crashplan for Home.

This is not an easy course of action for us at Code42 for a couple of reasons. First, we have consumers who love our CrashPlan for Home product and trust us every day to protect their personal files. Second, our number one core value at Code42 is “Put the Customer First” and our announcement today may seem to be at odds with that. But, it is precisely this core value that led us to the strategic decision to focus on business customers. And, in order to serve businesses well, we need to prioritize their needs–which have diverged from the needs of the consumer.

We want you to know that we are doing everything we can to help our consumer customers make the transition with all the support they need. First, we will honor all existing CrashPlan for Home subscriptions and the data we store for consumers will remain protected. Second, we are offering a choice to transition to either our CrashPlan for Small Business product or to our preferred third-party consumer backup provider, Carbonite. All the relevant information consumers need regarding this transition can be found on the Consumer Information Page.

This decision does not impact our existing relationships or technology offerings with enterprise companies, organizations or small businesses. In addition, we are not selling or transitioning any of our proprietary technology, our software platform, the CrashPlan brand or other intellectual property.

Our Exclusive Focus on Business

Our market has evolved in the last few years. We’ve seen that our business customers look at data protection holistically today–it’s vastly different from the days when we backed up servers and added some anti-virus software. Nearly half of all corporate data reside on laptops and desktops, and we play a critical role in securing that data. Business demand for innovations in data protection, real-time recovery and visibility solutions is growing exponentially with the ever-changing threat landscape.

Going forward, we will exclusively serve all businesses large and small, as well as education organizations. Code42’s success has been driven by our growth in this segment with 50% year-over-year recurring revenue for the last three years.

The benefit for our business customers is that we now have a singular focus on solving their complex data protection, security and compliance challenges. In addition, we will be able to accelerate our R&D investments that strengthen our technology foundation and further our data protection innovations. While exiting the consumer market to focus exclusively on the business market was a difficult decision, we know that it will allow us to continually live up to our most important value: Put the Customer First.