The Synergy of SIEM and Code42

I’ve been a user of security information and event management (SIEM) software for over a decade now. I loved it back in 2006, and it’s been incredible to watch SIEM tools evolve into a data security tool category that brings together a powerful community of administrators and a rich ecosystem of vendors, integrators and enhancements that continue to redefine adaptive response.

When I joined Code42, I was pleased to see that the company was already partnering with SIEM providers. Together, we are providing our customers an even more expanded view into the data that is living on their devices.

Code42 + SIEM: We’re both in the business of business resiliency

Code42 has always been a natural complement to SIEM solutions — and vice versa. In fact, to a large extent, Code42 and SIEM software share the same goals:

  • Securing your digital environment and protecting your data.
  • Monitoring activities in your environment and detecting threats —whether it’s an external attack or an insider threat.
  • Ensuring resiliency through rapid incident response and guaranteed recovery.
  • Enabling advanced investigation and forensics.

Or, to put it simply: We both help you prevent bad things from happening to your data and your ideas — and if something bad does happen, we help you see it quickly and recover faster.

“ By integrating directly into your ecosystem and your SIEM, the same data auditing functions you use today can be applied to your Code42 solution. ”

A powerful integration for visualization

As SIEM technology has evolved, Code42’s ability to integrate into SIEM ecosystems has also grown, allowing you to take the comprehensive data collection and data visibility you get from Code42 and feed it into your analytics-driven SIEM tool.

What’s that really mean for you? Code42-specific dashboards within SIEM applications, so you can easily visualize some of the things that matter most, such as:

In other words, you get real-time feedback on how we’re protecting your information and any risks that exist. And by integrating directly into your ecosystem and your SIEM, the same data auditing functions you use today can be applied to your Code42 solution. Your existing alerting and workflow pipeline can drive the Code42 alerts. That means we’ve made it easier for you to get up and running, easier for you to stay secure and faster for you to respond to events.

  • Prioritizing alerts: Leverage your SIEM’s smart monitoring capabilities for an at-a-glance look at your most critical alerts — failed backups, server issues, data exfiltration, etc. — so you can prioritize action.
  • Validating backups: Get a real-time look at how many users, how many devices and how much data are covered by Code42.
  • Monitoring endpoint data storage: See exactly how much data is being stored in each device — so you can see if that number changes drastically or unexpectedly.
  • Classifying endpoint data: Know what kinds of files you’re backing up —how much of your storage is made up of Word docs, emails, Excel files, coding files, etc.

Synergistic visibility

Like any good partnership, this one’s all about synergy. In this case, it’s synergistic visibility (say that five times fast!). Code42 brings deeper visibility to SIEM applications, so the powerful tools can see all the data living on all your devices. And SIEM tools give you an intuitive visualization of Code42 —both how Code42 is protecting your data, and what your users are doing with your data. All that adds up to identifying risks sooner and enabling faster remediation, so you can keep risks from becoming irreparable damage. Together, we’re helping you make smarter, better decisions in less time.

Code42 Restores Files, Moods and Attitudes

Here’s a story you’ll probably recognize: Because there’s no sense reinventing the wheel, you use an existing file—for instance, an Excel file or PowerPoint presentation—as the starting point for a new project. As you transform that old file into something brilliant and new, you instinctively hit CTRL+S (because you don’t want to lose that work!)—and unintentionally overwrite the original file, destroying your previous (yet still valuable) work.

You may have also lived this story: You’re working diligently when an email or a webpage opens a pop-up. Thanks to clever trickery, the “OK” and “Cancel” buttons are renamed or the question is misleading, and you’re duped into the wrong click. Suddenly, you feel the heat from your computer as ransomware begins encrypting all your files.

Another painfully familiar tale: Your computer dies or is lost. A day later, your trusty IT team hands you a beautiful new one. This new computer is clean, pristine, fast and slick—but has none of your information on it.

The stages of data loss grief

I’ll bet everyone has experienced at least one of these disasters, so you also know the feelings of disbelief, rage, guilt and sadness that go with them. It’s a big deal! Your ideas are lost. Your data is gone. Your future productivity is marginalized as you scrounge around to find bits and pieces of your files and work.

“ We understand the value of your data; we understand the risk it constantly faces; and we understand the raw emotion of losing (and recovering) that value. ”

I know these feelings all too well. In fact, just last month, I ended up wiping out a presentation two days before I was due to take the stage as a keynote speaker. But it took me less than a minute to recover the file, because, not surprisingly, we here at Code42 have our agent deployed on every endpoint. This was just the latest, deeply personal reminder of why we do the work we do at Code42—why we work so tirelessly to protect your (and my) data. We understand the value of your data; we understand the risk it constantly faces; and we understand the raw emotion of losing (and recovering) that value.

Four big improvements make Code42 restores better than ever

In the last year, we’ve been focusing on updating our technologies to make your restore process even better. Here are four ways we’re taking data restores to a whole new level:

  • Speed: We know that the speed of a restore is at the heart of our solution. When you lose a file, every minute counts. In the last year, we’ve invested time in optimizing our technologies for the new file sizes we expect in 2018. For some of our customers, this has resulted in a 10x improvement in performance.
  • Push Restores: We’ve made a lot of changes to our technology and message queueing to make the push restores work much better. Ironically, modern computing sometimes works against us; computers have gotten so good at understanding their workload that they optimize for the operations they perform the most frequently. Statistically, the Code42 infrastructure does a lot more backups than restores—but those restores (your restores) need to be as fast as possible. We’ve re-trained our servers and message queuing to make sure that your restores are always our top priority.
  • Security: When you store as much data as we do at Code42, making sure it’s safe is absolutely critical. I was thinking about this recently during an internal security exercise. All customer data protected with Code42 is protected with the strongest possible data encryption both in transit and at rest. We continue to find ways to make your precious files even more secure.
  • Bulk Restores: Finally, we’ve done a lot to make sure that even if you are doing massive restores, they are still fast and easy. Whether it’s users recovering an entire machine in minutes, or organizations doing widespread device-to-device migrations (in case of an OS Migration or hardware refresh), we’ve minimized the time and the pain.

No matter how you use Code42, we take pride in taking those “much ado” moments and turning them into “nothing.” We love hearing that “Oh my gosh, thank you so much,” that comes from customers when they recover all of their lost files, and we’re proud to provide the technology that lets you do this for your users.

At Code42, we restore files, moods and attitudes.

The Data Security Sandwich: A Recipe for Innovation

Big Data is one of the most overused buzzwords of the decade. The reality is that you know there’s huge potential value in your data. You’re collecting more than you know what to do with. The real challenge is finding or developing tools to extract that value and achieve that potential.

The ultimate data security sandwich

One of our new customers recently asked me why we combined our Code42 Backup + Restore and Code42 Forensic File Search solutions into a single agent. To me, it’s like explaining the appeal of the sandwich: You’ve got great bread. You’ve got great meat. You’ve got great cheese. Sure, you could enjoy them separately; but putting them together creates something far better.

Think about the data sitting on your users’ endpoints. Code42 Backup + Restore takes all that data and—through the magic of comprehensive backup and speedy restore—gives you the ability to support data protection, ensure business continuity and drive business resiliency. Code42 Forensic File Search takes that same data and gives you complete visibility. You can understand what your data looks like—how it’s created, where it lives and how it moves. You can understand its value—and track the movement of that value. You can further support data protection and compliance, while speeding and simplifying recovery and remediation.

Sure, you can use one product without the other—but then you’re not making the most of your users’ data.

A recipe for innovation

There’s probably no food item that has seen more variation and innovation than the sandwich. Likewise, (as always) our customers are much smarter than we are, and they’re already finding smart new ways to innovate by combining our two products:

  • Improving backup and simplifying data classification: Organizations keep looking for ways to understand the value of the ideas and files in their organization, get visibility into where they are stored, and find ways to classify data types and usage. With Code42 Forensic File Search, this classification becomes a lot easier. Today, we’re seeing organizations that have expanded their usage of Code42 with Code42 Forensic File Search ask questions about what files are not in their backups, and they are then using our scripts via APIs to add them. In addition, the query capabilities of Code42 Forensic File Search make it much easier to classify the value of data based on the type of intellectual property they are creating. Clearer visibility makes life easier.
  • Implementing data privacy and achieving GDPR compliance: By the time this blog goes live, GDPR will officially be in effect—can you believe it? A realistic view of data is the core of being able to respond and comply with GDPR. Organizations are already looking to use Code42 Forensic File Search to meet the GDPR’s “right to be forgotten” mandate—ensuring they can find files on their network and eliminate them—as well as ensuring compliance with the “business need” to collect information. In a world where we continue to see file decentralization, having a single lens to find files across an organization and systematically eliminate them is the only way to ensure an organization has successfully eliminated private information of customers.
  • Stronger security: Code42 Forensic File Search is being used for everything—and I mean everything—under the sun. The other day I learned that one of our customers was getting the MD5 hashes of new malware on a scheduled basis, and then looking across their organization for these new hashes as they were added to AV feeds, so they could ensure no existing instances existed. Quite creative! But here’s an even better example of how these two tools are better together: Code42 customers have already instrumented the Code42 Forensic File Search capabilities back into their Backup + Restore solution—and tied them to the Restore APIs as well. These organizations have taken the alerts fired from detection capabilities, pulled those back into SIEM systems, and created secure incidents in IT Service Management (ITSM) systems. They’ve added Code42 to the workflow to identify infected machines using Code42 Forensic File Search, and then used Code42 restore capabilities to pull the suspect file into a sandbox environment for a security researcher to examine. Now that’s synergistic value.

Aligning the needs of your business and your users

One last story on how companies are viewing the combined value of these two solutions: Last week, while talking with a very progressive CISO, he stopped me and said, “Rob, if I’m going to monitor my users more, I’d like to give them value back.” He explained that while Code42 Forensic File Search was his primary use case, his IT team decided to purchase the Code42 Backup + Restore capabilities too because “we wanted to give the users something back” for the visibility they gave to IT. It was a great sentiment, and his users responded with excitement. His users get the peace of mind of working continuously, without fear of losing their work or their data—and he and his team get the visibility they need to secure their business.

Are you making the most of your users’ data?

If you’re like me, all this sandwich talk means an early lunch. But before you go, ask yourself a simple question: Are you making the most of your users’ endpoint data? Or are you leaving some of that potential value unrealized?

Accelerating Incident Response with Forensic File Search

A streamlined incident response process depends on collaboration between security and IT teams. However, in many organizations, these teams often work in silos, with separate technologies, priorities and resources. With Code42 Forensic File Search, security and IT teams can come together with a unified incident response process.

By submitting this form, you agree to Code42’s Privacy Policy.

GDPR May Not Apply to You. Follow it Anyway

I recently spoke at a small business event, and I asked for a show of hands for those governed by various common data privacy regulations (PCI, HIPAA, etc.). I saw giant smiles on the faces of those not raising their hands—a sense of relief for having avoided the extra discipline and effort that compliance requires. My advice to that relieved group: pick a data security regulation anyway—any one of them—and follow it.

With the GDPR deadline just days away, a lot of organizations in the U.S. are feeling like those lucky few small business owners, thrilled that they don’t fall under the new GDPR regulations. My advice: follow it anyway. Here’s why:

The U.S. will copy elements of GDPR—sooner than you think

The U.S. tends to follow rather than lead when it comes to data privacy regulations. If history repeats itself, U.S. regulators will follow the tenets of GDPR—and likely enhance it (read: make requirements more specific and stricter) based on how GDPR enforcements shake out in the coming months and years. By starting the process of achieving compliance today—before deadlines rush timelines—U.S. companies can take the time to make smart decisions, build future-proof strategies and spread the costs out over time.

U.S. consumers want GDPR-level privacy

We’re seeing a big change in public awareness of data privacy. Everyday people—not just data security pros and regulators—are tuning into the details of what data companies collect about them, and how that personal data is used. As consumers, we’re becoming aware of all the new and terrifying ways our privacy is up for sale. The headline example of this is the Facebook/Cambridge Analytica case. There’s huge value in showing your customers that you go above and beyond, and GDPR is centered on concepts that customers understand and love: consent and the “right to be forgotten.” Moreover, you definitely don’t want to look like you’re taking the easy way out at the expense of your customers’ privacy.

GDPR is good business practice

In board rooms around the country, CEOs are getting grilled on data privacy and data security. No company wants the same embarrassment, fines and costly brand damage that Facebook is enduring. The basic tenets of GDPR—privacy by design, privacy by default, etc.—aren’t really revolutionary. They’re now just best practice for any digital business.

Proactively adopting the tenets of GDPR forces a solution to the fact that most companies don’t have the data visibility needed to understand and implement next-generation data privacy. You need to consider all the vectors within your digital ecosystem—look at all the endpoints floating around your world, instead of just your networks and servers. And you can’t treat all data the same way. You have to be able to recognize your most valuable and sensitive data—and see where it lives and how it moves.

Of course, proactively going above and beyond to secure customer data is a big challenge, to say the least. But, I recently saw something on TV that looked like a much bigger hassle: Testifying in front of Congress. 

Lesson From the Road: The Security and IT Partnership

Lesson From the Road: The Security and IT Partnership

The last two weeks have been filled with travel for me, and I’ve had many opportunities to talk with security practitioners about the realities they face on a daily basis.

At our Evolution customer conference and the RSA Conference in California, as well as at the CIO Perspectives event in New York City, I heard validation of something I’ve believed for a long time: Security continues to be democratized and is a shared responsibility of everyone. Now more than ever, having security and IT teams work together as partners is essential to ensure security alongside user freedom.

For example, I had the pleasure of being part of a panel discussing security challenges facing CIOs in today’s modern age at the CIO Perspectives event. There, I heard some common themes as I spoke with countless CIOs and CISOs:

  • No one has enough budget to fulfill the needs: We heard how CIOs and CISOs are looking at “two-fer” hires who bring an IT capability along with the ability to solve security controls, essentially functioning as members of both the security and IT teams.
  • No one has enough staff: IT and Security experts are in high demand and the skill gap is challenging. Often, CISOs are turning to IT experts to help implement policy and governance and validate compliance.
  • No one feels safe enough: In today’s world, IT experts know their users are under attack. Security experts know that “soft spots” exist in every organization and abating them presents a challenge.

Security and IT are separate disciplines, and yet CISOs are looking at ways to share resources between the two and, in some cases, find hires that can fulfill the responsibilities of both. Budget pressures aside, there’s perhaps an unconscious reason why technology leaders are exploring the overlap between security and IT: When these two teams work together, both security and IT are improved.

In many cases, security and IT teams don’t see eye-to-eye, which forces conflict over prioritizing investigations versus getting users back up and running when data security incidents strike. When security and IT are separate functions, they typically operate in silos, using different data sets to triage incidents. This results in duplication of work and wasted time validating each other’s findings. And, obviously, both teams are stretched thin and have difficulty accessing each other’s tools and data sets, leading to unneeded delays in investigation, response and recovery.

When using a common set of tools for incident response, critical information is gathered more quickly and accurately. At our Evolution customer conference, we announced new features and products to arm security and IT with the capabilities they need to accelerate incident response:

  • The new Code42 Cloud: fully cloud-native deployment of our capabilities, allowing customers to retain their encryption keys while having zero software on-premises.
  • The new Code42 Forensic File Search product: complete visibility into your data wherever it is in the world, at any time, with real-time results–even when endpoints are offline.

Code42 Forensic File Search is designed to quickly equip security and IT teams to answer the most probing security questions, reducing investigation times for cybersecurity incidents. It is our sincere hope that Code42 Forensic File Search can help move security and IT teams towards the partnership model that’s increasingly essential for today’s enterprise. With security now the responsibility of everyone in an organization, it is more critical than ever that the key players in incident response, security and IT, have the right tools to quickly, reliably and accurately gather information about data security incidents.

Six Months a Guardian

Last week marked my six-month anniversary at Code42, and I couldn’t be prouder of our teams – what we’re focused on doing, our vision for where we’re going and what I know we’re going to do in the future. We are pouring blood, sweat and tears into creating a safer future for our customers’ ideas, a protected world for our users and a world of growth for those bold organizations that embrace innovation, forging a new future in their respective industries.

To our administrators: If you think about the change that we’ve endured in the past five years, it’s shocking. We’ve been asked to embrace mobility, cloud, virtualization, containerization, the server-less world, Infrastructure as a Service, Software as a Service, identity, federated authentication and compliance. It’s seemingly been an endless sea of changes, and the plight we’ve all faced is only compounded by the reality of data darkness we live in. However, Code42 is here to help.

To our users: Our teams here truly believe your ideas are beautiful and important. We wake up daily determined to figure out new ways to protect them. We recognize how every individual contributes to the greater growth of their organization. We’re here to keep your ideas safe, allowing you to contribute at your absolute best.

To the security teams that rely on Code42 to defend your organizations from the endless darkness of the cybersecurity world we live in: Realize that if there was a magic switch on the wall to dispel the data darkness, we’d flip it to let in the light. We know you and your users are under constant assault from individuals who seek to steal, ransom and destroy the ideas that will grow your organization. We’ve made countless changes to increase our defenses of your data and to stay one step ahead of those who seek to destroy or hold captive your value. We’re a partner in this journey.

– Rob

P.S. – Last, but not least, to my fellow guardians: Thank you for an amazing first six months. You have done incredible work and I’m so proud of the work we’re doing to make the world a safer place.

Code42 Forensic File Search: Bringing “Night Vision” to Data Visibility

Code42 Forensic File Search: Bringing “Night Vision” to Data Visibility

The other day, while watching a show about modern warfare on The History Channel, I was struck by how technical advancements in modern warfare mirror the innovative leaps we have made in the battle of cybersecurity. In particular, the invention of night-vision goggles brought continuous visibility to the battlefield, changing warfare in two key ways:

  • It illuminated the dark corners: suddenly silent still actors would be seen as if they were fully illuminated; and
  • It enhanced the temporal dimension: what was traditionally a daytime activity became an around-the-clock battle.

Today, with the announcement of Code42 Forensic File Search, we’re happy to say that Code42 brings night vision to data security. We are enabling a new dimension of visibility—illuminating dark corners and creating a fully visible arena that you can examine, mine and use to take action in defense of your data.

We illuminate the dark corners

Imagine that you could search and investigate file activity across every endpoint on your network. You could instantly query your data to find where files are located. In the event of a malicious file finding its way onto your network, within seconds you could know where that file had landed and who was impacted by it—regardless of where the file resided on that machine. Suddenly the ransomware files that hide silently in users’ Recycle Bins and Downloads directories are visible. The least managed–but most exposed–entry points for malware and ransomware are suddenly visible to you.

We change the temporal dimension

Being able to see into the dark corners of the “battlefield” is only the first step. Imagine being able to take immediate action against those endpoints regardless of whether they are on your network, or even powered off in someone’s home. This is the power of Code42 Forensic File Search. We’re constantly logging changes happening on your endpoints and sending them to our cloud where you can interactively query them to find files regardless of the state of the endpoint. Our optics give you the enhanced vision to illuminate file activity on your endpoints, in near real-time, without waiting for users to connect or manually going out and searching the endpoints that were unavailable to you.

Our element of surprise

For years, as security experts we’ve been forced to fight a blind battle—one where the night sky is devoid of stars; one where our enemies could exploit any weakness in our data visibility. Tomorrow’s data security battle is defined by night vision, enabling you to know where your data lives and moves across all endpoints – at a moment’s notice. It’s defined by the ability to get real-time results from dynamic queries. These new capabilities enable the level of digital trust that you need to drive your organization’s digital transformation journey.

Code42 “night vision” is just one of the transformative changes we’re bringing to the battlefield for data visibility and security. What’s next? Well, those in attendance at our Evolution18 customer conference have seen a few glimpses today. We’ll share more here soon.

Code42 for data visibility

Better Data Visibility Unlocks Mobility and Collaboration

There’s a very good chance you’ve used a file-sharing product like OneDrive, Google Drive or Box today. There’s an even better chance that, at some point, you’ve shared the wrong file—or shared a file with the wrong people (mistakenly or unknowingly). It’s startlingly easy to do, and that’s a complete nightmare for enterprise data security. In fact, research shows that one in five files uploaded contain sensitive data, and 3 percent of uploads end up with “public” permissions. That means literally anyone with a Google search bar can find and view them.

Just like with GDPR compliance and data security in general, when it comes to securing collaboration and mobility, it’s about getting a better set of tools–tools that enable cloud collaboration and drive digital transformation while mitigating the inherent risks.

The problem: the world has changed in three big ways

The collaboration challenge is both driven and magnified by three critical changes in the enterprise world:

  1. The idea economy. Revenue and growth used to come from doing more transactions. Now we grow through innovation. As tech legend Meg Whitman put it, “In an Idea Economy, success is defined by the ability to turn ideas into value faster than your competition.”
  2. Mobility. Ideas are highly mobile, and this is accentuated by the mobility of today’s knowledge workers. Ideas are born on endpoint devices—and they’re increasingly staying there, instead of moving to central shared drives.
  3. Employee churn. The revolving door is spinning faster and faster. According to a recent Jobvite survey, 18 percent of the total workforce now switches jobs every one or two years. This number jumps all the way to 42 percent for millennials. When employees leave, they take their data (and many of their ideas) with them; 59 percent of employees take data when they leave a company, and 42 percent believe it’s their right to do so.

All of this adds up to a simple problem: Organizations don’t know where their data lives anymore. But there are tools being developed today that can help you move from the traditional approach of securing the environment to securing the data itself.

Step 1: Know WHAT your data is

I recently spoke at a 2018 CSO50 conference, and I asked a simple question to the crowd: Do you treat your data differently based on who created it, what it is and its value? My informal survey showed nearly all of the audience said, “No.” Most companies are treating valuable IP and sensitive data, like social security numbers, financial spreadsheets and documents containing architectural intellectual property in the same way they treat users’ music files and family photos.

We need to get better at classifying data if we’re going to simplify the giant (and growing) challenge of protecting data. At Code42, we’re working on tools that make it easy and cost-effective to understand what your data is. These tools combine comprehensive data visibility with smart ways of recognizing which files and data are most sensitive and valuable to your organization—so you can focus your efforts in the right place.

Step 2: SEE movement to the cloud

Today, plenty of organizations have tools in place that allow them to see when data moves from a laptop to a cloud storage location or file-sharing app. But the reality is this movement is happening constantly—and 99 percent of it is legitimate productivity. The challenge is recognizing that one percent that isn’t. We’ll have more news about these tools at Evolution18, our annual customer conference. Sign up today to be one of the first to learn about our new solutions and future innovations.

Digital Transformation Requires a New Kind of Castle

Digital Transformation Requires a New Kind of Castle

Why don’t we build castles anymore? The answer, of course, is that we do—they just look a lot different. In fact, thinking about how and why castles have evolved can tell us a lot about how we can improve our approach to securing the enterprise “kingdom.”

The first medieval castles were a lot like first-generation enterprise networks: giant walls surrounding centralized assets. Nearly all the value of the kingdom could be held within the walls (data, productivity, etc.). A single drawbridge (the firewall) was connected to the outside world. Turrets gave better visibility to threats coming from the outside. It was a simpler time: With most value contained within the walls and little need to connect outside, it was much easier to build up a hardy perimeter. But these castles were also big targets, with a huge attack surface and lot of value to be taken. Moreover, there was little in the way of internal security. If attackers breached the perimeter, they had their run of the kingdom.

Gunpowder changed everything

Then someone came along and invented gunpowder. Firepower is a lot like malware, ransomware and social engineering tactics. Suddenly you can shoot over castle walls or even through walls. The response in medieval times was to build more walls—to create castles within castles. We did the same in the digital enterprise world, adding VLANs, secondary firewalls, app-specific encryption and other “walls” around specific internal assets.

That’s where most organizations are today – still structured around the idea of the secure perimeter. We secure the thing that holds the value—the network, the server, the app, the endpoint device—but not the value itself (the data). We hone our sights on external threats, missing the threats that are already inside the castle walls.

The digital castles of tomorrow

It’s increasingly clear that a perimeter-based approach doesn’t suit the modern kingdom. You’re never going to completely stop all breaches, and tougher walls will end up locking your own people out and stifling value creation. So, what does a forward-thinking data security strategy look like? Here are four key features we’ll see in the digital enterprise “castles” of tomorrow:

  • There will be perimeter—but it will be porous. There will always be boundaries, but we’ll only rely on the perimeter to stop the most obvious and basic attacks—and we’ll ensure it doesn’t thwart our users’ productivity.
  • Smaller targets—less attack surface. Data security strategies will start at the most granular level which is at the user’s endpoint device. By making the targets small and many, it makes it more expensive (and less fruitful) to attack them.
  • Turrets that look inward. As threats increasingly come from within, we’ll turn our lookout towers around. We’ll use data visibility tools to see where our data lives and when it moves, and get better at recognizing when something doesn’t look right.
  • Securing the value itself. Instead of securing the thing that holds the value, we’ll secure the value (the data) itself. That means finding ways to ensure that attackers can’t actually remove data, and/or that the enterprise never truly loses that data (and all its value).

To close out our medieval castle analogy, the next-generation digital “kingdom” won’t have giant walls to protect our gold. We’ll use data visibility tools to know the second a gold coin moves somewhere it shouldn’t, and we’ll use data recovery tools to ensure we can always yank that gold coin back, no matter where someone tries to take it.

Forrester’s Mitigating Insider Threats: The Security Playbook

By submitting this form, you agree to Code42’s Privacy Policy.

A GDPR Strategy That Accelerates Digital Transformation

A GDPR Strategy That Accelerates Digital Transformation

The approaching GDPR deadline is creating a fascinating disconnect in many organizations. While data security teams focus on locking down information to achieve compliance, business leaders are preaching the gospel of digital transformation—prioritizing the free(er) flow of information. But if it seems like GDPR and digital transformation are at odds, think again. In fact, with the right strategy in place, GDPR should accelerate your digital transformation.

The key to “privacy by design”

Here’s the pattern emerging in most GDPR compliance strategies: Servers, internal networks and on-premises apps get almost all the attention. The majority of companies are considering cloud apps and storage, as well. But “privacy by design” needs to extend beyond your most critical assets that you’re already protecting—probably the least vulnerable facets of your digital ecosystem. Ironically, most GDPR plans aren’t considering the most vulnerable and most dynamic element: the endpoint (and its user).

Taking the long view on GDPR compliance (and digital transformation)

Gartner estimates that half of organizations impacted by GDPR won’t achieve compliance by the May 25 deadline. But even if you’re among the compliant half, your digital enterprise environment is constantly evolving. You can’t afford to inhibit this change. Building a giant wall around your most critical assets would stifle your digital transformation—and put your organization at a serious competitive disadvantage.

Where GDPR and digital transformation come together: the movement of information

You can boil the many elements of GDPR down to two main objectives:

  1. Protect data from going somewhere it shouldn’t.
  2. Secure data wherever it goes.

GDPR doesn’t say information can’t move—just that you need to see that movement, so you can identify and respond to potential risk. That concept—gaining visibility to enable the free flow of information—is the definition of the “digital trust” that every analyst report and white paper declares as the foundation of digital transformation.

Is your GDPR strategy focused on movement?

To make a long story short, GDPR isn’t at odds with digital transformation—it’s complementary. Organizations are too focused on preventing data movement, taking a “secure the fortress” mentality. Instead, they need to start focusing their energy on seeing how and where data moves throughout the organization—from servers to cloud apps, cloud apps to user endpoints, etc. The tools and strategies that deliver this kind of visibility are not just key to achieving “privacy by design,” but also help your organization build the digital trust to allow information to flow more freely between your assets, your apps and your people.

Facebook Twitter Google LinkedIn YouTube