Entrust Datacard CISO on Endpoint Backup, Then and Now

Code42 is pleased to present a guest post from Mark Ruchie, vice president and chief information security officer for Entrust Datacard.

Today, endpoints are the easiest points of access to enterprise information. Thankfully, at Entrust Datacard, we have a modern endpoint strategy to help us manage our weakest links. When I think about our endpoint system today compared to what was available just a few years ago, the benefits are incredible:

Added protection because we can afford to back up everyone
Back when Internet bandwidth was limited and access expensive, most enterprises only backed up the computers of key executives. As cloud computing gained a foothold and bandwidth got bigger and faster, many of us added another tier of employees—typically sales reps, because they had sensitive client data, and designers and engineers, who had intellectual property on their laptops. Today, with ample, cheap bandwidth, we can afford to back up all employees for greater protection.

Increased productivity with self-serve restore
At one of my jobs a few years ago, 19 laptops in Australia were hit by ransomware, so we had to fly our IT guy from Singapore to rebuild them. There was the cost of the flight and his time, plus four days of lost productivity for all those employees. Today, with modern endpoint backup, employees can restore their own files to any iOS or Android device—at any time—without connecting through a VPN. And because their devices are automatically being backed up in real time, they can recapture all lost or stolen data.

Less disruption to end-users with self-serve tech refresh
At one of my jobs, we had to push active agents for multiple solutions onto 150,000 laptops—and upgrade those agents every 6 months. That meant employees were adversely impacted every time we upgraded. And while we’d only upgrade a few thousand laptops at a time, it still caused issues that further disrupted operations. Today, with modern endpoint backup, end users don’t have to leave their devices with IT. They can do their own tech refreshes in about one-fourth the time via on-screen instructions. And with the backup system running continuously in the background, no data is lost in the process.

Shorter dwell time with faster forensics
When you look at the most spectacular recent breaches—including Home Depot and Target—all were endpoint compromises. Before modern endpoint backup, we’d need to conduct a deep forensic investigation to figure out what happened. We had to push an agent to the laptop, take the device offline and spend days analyzing files. In fact, a hot topic at RSA the past few years has been big data analytic solutions, with data scientists combing through umpteen terabytes of data to solve cybercrimes. I estimated that it cost one bank more than $25 million for its data analytic solution and a 6-figure-a-year data scientist. That kind of price tag for one breach just isn’t reasonable for an average $1 billion company. Especially when a modern endpoint backup system allows you to quickly scan endpoints and find the source of the breach—reducing security incident response from days to hours, sometimes even minutes. That means we can significantly reduce our average dwell time to contain the breach faster. And legal can get access to the data themselves, making IT more productive.

Less breach impact with data attribution capability
When I worked for another company, we lost a lot of laptops to a cybercrime syndicate. We didn’t have an endpoint backup system, so we didn’t know what was on those laptops. We estimated between 35,000 and 55,000 files had been breached. To be compliant, we had to report the higher number, which meant sending out letters and paying $100 in credit monitoring to each of those 55,000 individuals. Understandably, many of them were upset and scared. We disrupted the lives of 20,000 individuals that we may not have needed to. With modern endpoint backup, I can go in and tell you with a high degree of certainty if the data on a stolen or breached device is reportable. Having that data attribution minimizes the financial and PR impact of a breach.

Looking back now, it’s almost unfathomable that we shipped an employee across the globe to restore devices or upgraded anti-virus agents manually. But then, it wasn’t that long ago that we we used fax machines, too.