When do you most value your applications or ability to access your data? That would be the very second after something goes awry and your access is lost. It’s true, and it’s like the cliché: you don’t know what you have until its gone.
In this way, computing is a lot like a utility service: we just expect to flip a switch and have the lights go on. We plan to dial a number and have the phone system work. Moreover, we don’t tend to think about how much we appreciate these technologies until the moment they don’t work as we expect. If you don’t believe me, talk to people diligently working on your IT support team right now. Ask them how often they get calls when everything is working right from staff, thanking them for ensuring access to their business-technology systems has remained available and smooth.
Then ask them how often the phone rings when something goes down.
Cybersecurity is very similar. No one thinks about the technologies protecting them until they fail, and there’s a breach or systems become inaccessible. How security professionals help others manage risk can also create challenges.
What I mean by this is that often, when staff hears from their security teams, it’s because something went wrong. The user did something wrong, or the security team is going to inform staff that they can’t continue doing things a certain way: Don’t access public Wi-Fi without a VPN. Stop using this password. Hurry up and patch and reboot all of these systems. No, you can’t use that cloud service; you have to use this cloud service instead.
While some rules are necessary, security technology that is focused on prevention only can position security teams as blockers and deniers. There are, however, other ways security teams can serve as business partners and architect solutions that not only secure data but also make it easier for users to get their work done. At Code42, we are always looking for ways to provide added value directly to the user.
Here’s an example. As part of the Code42 Next-Gen Data Loss Protection solution, we also provide users the ability to back up and secure their data. Data loss protection with that extra level of recoverability gives the user additional peace of mind. They know that if their notebook dies, or someone clicks on a malicious link, that they don’t have to panic. There’d be no reason to. They’ll see something went wrong, but they’ll know their data is backed up and safe and can be recovered.
Recently, I had the opportunity to watch this play out with a customer. They wanted to make a security purchase, but they were low on budget at the time. They thought they had to postpone their purchase. However, when the IT team found out that they would get data leak protection and the ability to consolidate their endpoint backup solution, they decided to move forward.
They ended up going forward with the investment because they realized that this was a win for the IT team, the security team and the end user.
My takeaway from this experience is also a good lesson for security professionals: don’t over-focus on prevention technology that is narrowly focused on denying and blocking. Look for solutions that enable end users and IT to be not only more secure but also more collaborative and productive. And that’s something everyone would be thankful for.
It’s Time to Rethink DLP