Code42 Talks DLP with Dark Reading

After unveiling our Next-Gen Data Loss Protection solution at the RSA Conference 2019 in San Francisco, just about every visitor to the Code42 booth asked: How is data loss protection different than data loss prevention?

To answer this question, I sat down with Dark Reading’s Terry Sweeney for a video interview. You’ll find the highlights of our conversation in a short video below — and you can watch the full interview at Dark Reading.

The home security analogy

I like to start with a simple analogy everyone can identify with: Let’s say a would-be burglar comes to your door while you’re at work. In theory, you can rest assured that the person will not break into your house — because you have locks on your doors, right? But we all know locks aren’t failsafe, so what if this individual does find a way in? You won’t know about any of this until you get home — hours later — or until you realize something is missing, perhaps days later. By then, it’s much harder to figure out what all was taken, who took it and when it was taken. That’s the problem with the traditional data loss prevention model: it’s focused on prevention — but if that fails, you’re not left with much.

Now, imagine you have Nest cams inside and outside your house. Your front-door Nest cam notifies you immediately, via smartphone, to activity at your front door. With real-time visibility, if you don’t recognize the face of the visitor and/or are concerned with the actions he takes next (e.g., picking the lock, breaking a window, etc.), you can take action right now. Even if you discover something missing later in the day, you have video logs that will help you figure out when that article was taken and how. Just like the Nest cams, Code42 Next-Gen Data Loss Protection shows you exactly what’s happening, when it’s happening — so you can decide if it’s important and take action now.

Paradigm shift: all data matters

Another major difference in approach between legacy data loss prevention and Code42 Next-Gen Data Loss Protection: how the tools define the value of data. Traditional DLP tools require an organization to decide which data and files are valuable or sensitive — and then figure out how to configure it with rules and policies. But today’s knowledge workers are constantly creating data — and it all matters. From developing new software, to innovating manufacturing processes or providing consulting services, more and more businesses across every sector are ultimately in the business of making new ideas. For these “progressive makers,” as we call them at Code42, every file and every piece of data holds value in the chain of idea creation. And the value of any given piece of data can skyrocket in an instant — when a project turns from theoretical tinkering into tangible innovation. Finally, while traditional forms of protected data like PCI, PII, HIPAA tend to follow predictable formats and patterns that can be recognized through rules, all of this “idea data” is wrapped up in largely unstructured data. The data relating to a software product launch, for example, might span from source code files, to Word documents containing marketing plans, to Excel spreadsheets with revenue forecasts and production budgets, to CRM data on target prospects. There’s no way to create a blanket “rule” for defining the structure or pattern of data relating to a valuable product launch. 

“ In this new reality of endpoints and cloud where all data matters, Code42 offers an unmatched core capability: We’ve gotten really good at collecting and saving every file, from every user, on every device. ”

In this new reality of endpoints and cloud where all data matters, Code42 offers an unmatched core capability: We’ve gotten really good at collecting and saving every file, from every user, on every device. More importantly, we’ve gotten really good at doing it in near-real time, doing it cost-effectively and doing it without inhibiting users as they’re working. This means organizations no longer have to define, at the outset, what data matters. And this complete data collection unlocks the kind of immediate, comprehensive visibility that creates the foundation of data loss protection — and sets it apart from data loss prevention.

Two critical questions DLP buyers need to ask

One of my favorite questions from Terry Sweeney was, “What should a DLP buyer look for as they’re evaluating a solution?” My answer is simple:

  1. How soon does the tool show you that something is going wrong?
  2. How soon does the tool let you take action?

The most consistent and concerning finding from annual infosecurity reports like Verizon’s Data Breach Investigation Report and the Ponemon Institute’s Cost of Data Breach Study is that most organizations aren’t discovering incidents for weeks — or months. In fact, the Ponemon Institute’s 2018 research showed the average breach took 197 days for an organization to discover. That’s six months before the investigation even begins— and even longer until the organization can attempt to take some remedial action. That’s a lot of time for data to be lost, tracks to get covered and stolen IP to do damage to a business.

Code42 Next-Gen Data Loss Protection cuts that time-to-awareness from months to minutes. Take the common example of a departing employee: You’ll know if they’ve taken data before they even leave the building — not months later when a rival launches a competing product. Moreover, you’re getting immediate and full visibility around the context of the departing employee’s data removal — you can look at the exact file(s) and see if it’s valuable and/or sensitive — so you can make decisions and take action quickly and confidently.

Enabling infosec automation

My discussion with Terry ended with a look at perhaps the most important factor driving infosecurity forward: the expanding role of automation in helping organizations manage and protect ever-increasing volumes of data. Many organizations fight expanding data security threats with a small handful of infosecurity staff — half who are “on loan” from IT. Automation and orchestration platforms pull together and make sense of all the alerts, reports and other data from various infosecurity tools — fighting false positives and alert fatigue, and allowing them to see more and do more, with fewer human eyes. But these platforms are only as good as the inputs they’re fed. These platforms rely on comprehensive data feeds to ensure you can create the customized reports and alerts you need to reliably bolster your security automation. The complete security insights gathered by Code42 Next-Gen Data Loss Protection ensure there are no blind spots in that strategyThat’s why we’re focused on making sure all our tools plug into automation and orchestration platforms, and support the workflow automation capabilities you already have in place. All Code42 tools are available through APIs. If you want us to integrate data and alerts to be automatically provisioned in your SIEM or orchestration tool, we can do that. If you want us to automatically raise an email alert to your ticketing system, we can do that, too. Furthermore, Code42’s Next-Gen DLP allows you to take a more proactive “data-hunting” approach to data security, much like you would with threat hunting to deal with external malware and attacks.

This is where the value of Code42 Next-Gen Data Loss Protection gets really exciting. Our tool gives you incredible off-the-shelf value; it does things no other tool can. We’re seeing organizations integrating our tool with advanced automation and orchestration platforms — using our tool in ways we hadn’t even considered — and really amplifying the value and driving up their return on investment.

Watch the video highlights of the Dark Reading interview here or you can watch the full interview at Dark Reading.

Driving Innovation for CrashPlan for Small Business

When we announced our exclusive focus on businesses of all sizes, there were (understandably) a lot of questions about what this means for the future of CrashPlan for Small Business. For those of you who aren’t familiar, CrashPlan for Small Business is our unlimited, automated, and secure cloud backup product designed for emerging businesses with less than 200 employees (including freelancers, home-based businesses, and more).

I understand why those questions came up. We routinely see IT consultants advising this segment to use CrashPlan for Home, and businesses opting for it instead of CrashPlan for Small Business. As a whole, CrashPlan for Home has largely been seen as interchangeable for business and personal use. But CrashPlan for Home and CrashPlan for Small Business are two different products. Expectations of businesses and home users continue to diverge. Businesses, small and large, are worried about things like the cost of doing business, privacy of employee data, and management of data for regulatory compliance (for instance, HIPAA data). These features simply aren’t needed by home users. This is where Code42’s ability to focus exclusively on needs of businesses will benefit our CrashPlan for Small Business customers. That’s because these are the types of problems we’ve been working on for our larger business customers, and we’re now able to apply those investments toward CrashPlan for Small Business.

We’ve already made several dedicated investments in CrashPlan for Small Business that will be ready to debut in 2017 and 2018. For example, we are:

  • Exploring the ability to make it possible for customers to purchase Code42 products more easily without necessarily having to go through a month-long trial (which is required today).
  • Working to introduce a new streamlined user experience for the CrashPlan for Small Business client to simplify common tasks like getting files from your backup or replacing an existing device.

These are just a couple of examples of investments that will lead to even greater innovations in the coming months and years. For those of you now using or considering using CrashPlan for Small Business, let me share some details on what enhancements you can expect.

Device migration

The process for updating computers or replacing lost or stolen laptops can be quite a struggle for most of us. You may not be sure that you’ve got all the data. Plus, you might spend several hours getting all your files from your old computer to a new computer. It’s common to spend half a day, or sometimes a whole day, getting to your new computer set up just right will all your files.

Code42 has long offered a device adoption feature in the CrashPlan client to help users with this process. We received a lot of feedback from customers that the device adoption feature is hard to understand and use. So last year, we introduced a refreshed device replacement workflow as part of the CrashPlan client that we delivered to our larger enterprise customers, and made several improvements in that workflow since. Several of our customers like Getty Images, Jones Lang Lasalle, and Schneider Electric use this updated capability.

CrashPlan for Small Business Device Replacement

When we introduce the new user experience in CrashPlan for Small Business in the near future, you will be able to take advantage of this new, simplified device replacement feature as well. You will spend less time figuring out how to get your files from your old computer to your new one, and it will be easier for you to replace your old computer with the new one.

Security & compliance

Health Insurance Portability and Accountability Act (HIPAA)
Many small and emerging businesses have a need to manage their backup data in a HIPAA compliant manner. If you’re in the healthcare services sector or a law firm, then you know what I’m talking about. Such businesses need technology vendors with whom they can have a Business Associate Agreement (BAA).

Today, Code42 offers the ability to execute a BAA only to our larger enterprise customers – CrashPlan for Small Business customers don’t have this option. As a result, many small businesses opt to purchase our product aimed at larger enterprises. This introduces added complexity to their IT operations, and can add to cost of doing business. Over the last couple of years, Code42 has invested more in the compliance and security aspects of our core platform, and in our internal company processes to make it easier for our enterprise customers to manage their data in a HIPAA-compliant manner. In the near future, we’re planning to introduce the ability to sign a HIPPA BAA for CrashPlan for Small Business customers.

Code42 Security Center
A key feature we’ve rolled out in 2017 for Code42 Enterprise is Code42 Security Center. This feature helps companies figure out if a departing employee has taken sensitive company data with him by copying it to a thumb drive or a personal Dropbox or Google Drive folder. We are exploring the potential of making this application available for small businesses.

Increased globalization

Currently, the majority of CrashPlan for Small Business customers reside in the U.S. While we also have a strong and growing base globally, including in the U.K., Australia, New Zealand and more, those customers have to purchase CrashPlan for Small Business in US Dollars. The data Code42 manages for those customers also resides in Code42’s secure U.S. data centers. For our customers in other parts of the world, this can lead to poor experience with restore speeds, and with the purchase process. We have had many requests from our non-U.S. customers and prospects to be able to purchase CrashPlan for Small Business using local currency, and to have the data reside in their regions.

Based on this feedback, we will expanding our CrashPlan for Small Business features to allow transactions in non-U.S. currencies, and to allow data storage in Code42’s secure data centers around the globe. We will start first with Europe and the U.K., and then work to expand to other regions based on customer need and demand.

These are just a few of the exciting new capabilities we’re working on for CrashPlan for Small Businesses. As we work on all these improvements, we’re also very keen to get direct feedback from our CrashPlan for Small Business customers. To help with this, we have formed a new internal CrashPlan for Small Business Customer Council, which is designed to meet with customers, consider their feedback, and adjust our product development roadmap.

Looking ahead

I am truly excited about all the new capabilities we’re developing for our business customers. We’re working hard to deliver high-quality products that will delight you and will continue to “just work” for you! Thank you for taking the time to read this blog post. Thank you also for considering Code42, and CrashPlan for Small Business for your business needs.

Evolving Threats Compel an About-Face in Data Protection Strategy

It’s time to flip our thinking about enterprise information security. For a long time, the starting point of our tech stacks has been the network. We employ a whole series of solutions on servers and networks—from monitoring and alerts to policies and procedures—to prevent a network breach. We then install some antivirus and malware detection tools on laptops and devices to catch anything that might infect the network through endpoints.

But this approach isn’t working. The bad guys are still getting in. We like to think we can just keep building a bigger wall, but motivated cybercriminals and insiders keep figuring out ways to jump over it or tunnel underneath it. How? By targeting users, not the network. Today, one-third of data compromises are caused by insiders, either maliciously and unwittingly.

Just because we have antivirus software or malware detection on our users’ devices doesn’t mean we’re protected. Those tools are only effective about 60% to 70% of the time at best. And with the increasing prevalence of BYOD, we can’t control everything on an employee’s device.

Even when we do control enterprise-issued devices, our security tools can’t prevent a laptop from being stolen. Or keep an employee from downloading client data onto a USB drive. Or stop a high-level employee from emailing sensitive data to a spear phisher posing as a co-worker.

We need to change our thinking. We need to admit that breaches are inevitable and be prepared to quickly recover and remediate. That means starting at the outside, with our increasingly vulnerable endpoints.

With next-gen DLP in place, one that’s protecting data in real time, you gain a window into all your data. You can see exactly where an attack started and what path it took. You can see what an employee who just gave his two weeks’ notice is doing with data. You can see if a stolen laptop has any sensitive data on it, so you know if it’s reportable or not.

By starting with endpoints, you eliminate blind spots. And isn’t that the ultimate goal of enterprise infosec?