The entire Code42 team had a great time attending Microsoft Ignite in Orlando. Microsoft Ignite brings together more than 25,000 attendees who have keen interests in software development, security, architecture and IT. I have to tell you, before going to Ignite, I held preconceived notions that attendees would hold a clear bias toward IT challenges and not the broader challenges facing enterprise security.
Fortunately, I was mistaken, and it quickly became apparent that security and cloud concerns were a big part of the conversation. For all of us at Code42, that meant we were in store for an exciting week. We came to Ignite with a significant announcement – our new integration with Office 365 email.
More tools to mitigate insider threat
Why integrate Code42 with Office 365 email? There are a couple of reasons. First, while there’s been plenty of talk about the demise of email as the top communication platform, the reality is the amount of confidential and proprietary information sent via attachments every day in email is mind-boggling and enterprises need better controls. Second, while Office 365 email does provide ways to create email policies and flag risky emails, Code42 provides complementary insights and valuable investigative information into the who what, when and why (as I like to call it) around the files. This is just another way Code42 helps our customers to mitigate insider risks.
We also showcased some new Code42 capabilities that enhance the workflow for departing employee data exfiltration detection. As you may already know, managing the data exfiltration risks associated with departing employees has been a significant effort for Code42. When it comes to mitigating insider threats and data breaches, it turns out that departing employees are notorious for taking trade secrets, confidential information, and other types of intellectual property with them as they leave organizations for new companies.
The departing employee challenge is exacerbated by the following: first, most organizations don’t have a data exfiltration mitigation policy in place for departing employees; and second, there typically aren’t technology or applications available to assist in the departing employee workflow. This is precisely why Code42 developed and released its new departing employee workflow capabilities.
Being able to showcase such powerful new capabilities and seeing the positive reactions from such a large crowd, was one of the most rewarding parts of Ignite for me. Of course, Code42 SVP Rob Juncker got us off to the ideal start with a session mainly dedicated to insider threat and the importance of having a well-defined off-boarding process to protect valuable IP when employees leave.
The new capabilities were a hit among attendees. But, more importantly, to me, the new departing employee capabilities were the catalyst for conversations into understanding current departing employee workflows. These conversations largely confirmed what we’ve been saying here at Code42: that typical departing employee workflows are either under-developed or non-existent. No wonder insider threat continues to be on the upswing!
While Ignite gathers an IT-centric audience, what we learned is that when it comes to insider threat, multiple departments are part of the conversation. It isn’t uncommon to expect IT, security, compliance as well as HR teams to be in the mix when figuring out the best course of action to manage insider threat.
Demos, doughnuts and a customer’s personal account
We were also fortunate to be joined by one of our customers, David Chiang, an IT system engineer at semiconductor provider MACOM. David presented on how MACOM relies on Code42 to detect, investigate and respond to insider threats and file exfiltration. He framed the departing employee threat perfectly when explained how, when a departing employee tells MACOM that they’re “just taking personal pictures,” MACOM can now (thanks to Code42) look back and validate if that’s so. “If we access the files and find that it was company property, the conversation changes,” he explained.
And under those circumstances, that conversation should change. The problem is that too many – actually, the vast majority of organizations – don’t have such process and technology in place to provide themselves that level of visibility. Hopefully, our data security and departing employee announcements, an excellent and in-depth story from one of our customers on their success (over some excellent mini donuts) resonated and will change some of the status quo for the better.
While Code42 went into Microsoft Ignite with an intent to learn and educate around regarding the insider threat, it turned out we weren’t alone. There were two other significant announcements that reinforced the importance of mitigating insider threats. The first of those was Proofpoint’s acquisition of ObserveIT. Why? Because ObserveIT has been in the insider threat space for quite some time, and this acquisition is clear validation that Proofpoint views insider threat as an integral expansion of their security portfolio moving forward. The second announcement was from Microsoft itself. Microsoft unveiled its Insider Risk Management tool within Office 365 that is designed to help identify and remediate threats coming from within an organization.
I’m happy to say that the many announcements, as well as attendee interest and conversation around the issue, give me hope that insider threat programs are about to take center stage when it comes to managing enterprise data risk. And next year, Microsoft Ignite 2020, is bound to dig even deeper into the insider threat and all of the associated risks. We can’t wait to be there.
Insider Threat Is Real