Insider Threat Begs the Question, “Where’d My File Go on the Web?”

You know the risks posed by Shadow IT and unsanctioned app use. It’s a blind spot we’ve all been fighting for years now. But a new challenge is emerging: what do you do when the app is sanctioned? For example, how do you stop employees from exfiltrating data via Google Drive — when your organization uses this app, legitimately, all day long? With cloud and web-based apps like Google Drive, Gmail, OneDrive and Slack increasingly blurring the lines between personal and professional use, how do you shine light into the alarming blind spot we’re calling “Mirror IT?”

An easy way to move and share files

Most of us have used email or cloud storage as a means to instantly and easily make files available from anywhere. In fact, our 2019 Code42 Data Exposure Report found that 43% of business decision-makers say they use their personal email to share files with peers, and 41% use Google Drive. Not surprisingly, this is also one of the most common (and fastest growing) methods of employee data theft a.k.a. insider threat. Look to the headlines and you’ll read about cases like the sales executive at U.S. solar company SunPower Corp who emailed himself highly confidential files — and used them in his next role at a SunPower competitor.

“ An experienced security team with a range of tools at their disposal should be able to use network-layer information to piece together a good idea of where that file went — but only if users are on the network…and it won’t be fast or fun. ”

You can see that, right?

It’s not that modern data security tools are totally blind to this kind of activity. Most have some level of visibility into the web and cloud apps that touch your files. But some of the most popular enterprise data security tools are still limited to telling you that Google Chrome or Firefox accessed a file — essentially telling you that your file went somewhere on the internet. An experienced security team with a range of tools at their disposal should be able to use network-layer information to piece together a good idea of where that file went — but only if users are on the network…and it won’t be fast or fun.  

Sanctioned apps make things blurry

The real challenge comes in “Mirror IT” situations where employees have both personal and professional accounts for apps like Gmail, Google Drive or Slack. In these scenarios, how can you see — and respond to — an employee removing a customer list or source code via the approved Google Drive app? Leading CASB solutions can block unapproved sites — but they won’t help you here. Even top-of-class data loss prevention tools can only get as far as telling you that Google Drive accessed the file. But you have no way to make the all-important distinction about whether that file was uploaded to their personal or professional Google Drive account. Once again, a veteran security analyst could likely get to the bottom of this question, given some time — but in the meantime, those valuable files remain exposed.

A simple, fast answer to the question, “Where’d my file go?”

Code42 shines powerful light into the black hole of web and cloud file activity in a number of ways. Now, we’re solving the challenge of “Mirror IT” by giving you a first-of-its-kind level of visibility: Code42 shows you the title of the tab and the specific tab URL that was active at the moment the file activity occurred. This means you can plainly discern personal versus professional accounts and instantly understand the potential risk to your data.

It’s all part of the simple, speedy solution we’ve created for homing in on the risky signal amid all the noise of your users’ normal, harmless activity. The Code42 dashboard lets you immediately see when files are read or uploaded by an internet browser — and gives you one-click visibility into the tab title and URL.

The end result: with just two clicks, you can definitively answer the question, “where’d my file go?” and immediately take action, if necessary. It’s just one more way Code42 provides much-needed visibility to give you high-fidelity alerts and actionable information to help you find and address the data risks in your organization.

Don’t Believe the Hype from DLP Players

We got a good chuckle when one of our competitors recently called us a “DLP Wannabe.” Let’s face it, no one wants to be a data loss prevention provider (DLP) – including us. Seventy-three percent of companies with DLP report that employees complain of lost productivity and collaboration. Eighty-one percent of security decision makers are frustrated with these issues: they feel they need a better way to protect sensitive data without slowing down innovation (Source: Forrester 2019). The brutal truth is no one likes DLP. Our customers that have it don’t like it. The customers that think they need it look for excuses not to buy it.  

“ Seventy-three percent of companies with DLP report that employees complain of lost productivity and collaboration. ”

Progressive organizations thrive on collaboration. We are in the midst of a massive culture change that centers on employees’ ability to share ideas, move faster and transform the customer experience both internally and externally.   

That’s where our approach to protecting data was born. It’s an approach that focuses on enabling security teams and their internal customers to move faster, collaborate with one another and be more productive. We called it next-gen DLP because it’s time for change. It’s time for a new approach that works for the collaboration era.

Code42 Next-Gen Data Loss Protection

Code42 at Jamf Nation User Conference: Data Loss Protection for Macs

The Code42 team is gearing up for the annual user conference for one of our favorite hometown partners: the Jamf Nation User Conference, Nov. 12 – 14 at the Hyatt Regency Hotel in Minneapolis, literally right up the road from our offices. Code42 has been a proud sponsor for JNUC since 2012 and we love rubbing elbows and throwing back a few with our friends in the Apple community. Billed as the world’s largest rally of Apple IT administrators, JNUC is always a great place for us to educate users about the reality of data loss and showcase the tool that truly works to protect data from insider threat: Code42® Next-Gen Data Loss Protection.

“ …69% of organizations say they experienced an insider threat breach while they had a prevention solution in place. ”

Traditional data loss prevention (DLP) claims it can prevent data loss and theft from employees. It relies on arcane policies, rules and user blocking that stifle collaboration and productivity. According to our recently released Data Exposure Report, 69% of organizations say they experienced an insider threat breach while they had a prevention solution in place. No wonder 78% of information security leaders—including those with traditional DLP solutions—believe prevention strategies and tools aren’t enough to stop insider threat. 

“ The right tool provides these insights in real time, so organizations can respond to insider threat immediately, not months after an employee quits and takes data with them. ”

Fortunately, there’s a better way to protect data while also encouraging user collaboration and productivity: by detecting, investigating and responding to suspicious file activity that could indicate an insider is taking data. The right tool provides these insights in real time, so organizations can respond to insider threat immediately, not months after an employee quits and takes data with them. And a comprehensive solution allows Apple IT administrators to visualize their data loss risks with one pane across endpoints, cloud and email.

At JNUC, we’re looking forward to sharing how our next-gen data loss protection solution—which is built for Mac and has complete feature parity in Windows—can do all this and more. Check out customer stories from companies that have successfully used next-gen data loss protection to safeguard their data from insider threat. At JNUC, come check us out at:

  • Nov. 12: 
    – 7 a.m. to 5 p.m. at booth 5
  • Nov. 13:
    – 7 a.m. to 5 p.m. at booth 5
    – 11:15 a.m. in the Nicollet Grand Ballroom for the breakout session, “How to Keep Data Safe: Data Loss Protection and macOS Catalina.
    – 5–8 p.m. for “Off the Clock with Code42” at one of our favorite local spots, Butcher and the Boar. You can register here.
  • Nov. 14: 
    – 7 a.m. to 3 p.m. at booth 5

Looking forward to seeing you there!

Code42 blog header

Hey Microsoft Ignite, Code42 is Here Talking Insider Threat

Team Code42 is excited to be at the Orange County Convention Center for the Microsoft Ignite conference this week. We have a ton going on and are ready to talk to security and IT teams about one of the biggest insider threats to their data – employees who quit. Swing by to see us at booth #1141 and find out how we can show you exactly what IP your employees are stashing in their pockets, personal email and cloud. Hint: they probably took the data long before you knew they were leaving.

All week, we will be ready to give demos and previews of our Code42(R) Next-Gen Data Loss Protection solution, which makes it quicker and easier to detect, investigate and respond to insider threats. Visit with Team Code42:

  • Nov. 4: 12:30-7:30 p.m.
  • Nov. 5: 8:30 a.m. to 6 p.m.
  • Nov. 6: 8:30 a.m. to 6 p.m.
  • Nov. 7: 8:30 a.m. to 5:15 p.m.


Rob Juncker, SVP, Speaks in Theater C at 2:15 p.m
Employees are Taking Data when They Quit
Sixty percent of departing employees admit to taking data – company trade secrets, customer lists and source code – when they leave their job. Want to know the truth? The other 40% probably are lying and also have taken data. At a time when the data economy is flourishing and your competitive edge hinges on keeping your most innovative ideas under lock and key, we have to find better ways to protect valuable IP and trade secrets when employees and contractors quit and head off to their next gig. That’s why Rob Juncker, our SVP of product, research, operations and development, is leading off the show with a presentation about insider threat called, “Employees are Taking Data when They Quit.” Head over to Theater C on the expo show floor at 2:15 p.m. ET on Monday to catch his talk.

Tuesday and Wednesday:

Code42 Customer MACOM in Booth #1141
Don’t take our word for it. Hear from one of our power users, MACOM’s David Chiang, about how he uses the Code42 solution to hang onto MACOM’s most valuable files. Be sure to spend some time talking to David in Code42 booth #1141 about how he tackles the challenge of data loss from departing employees and protects MACOM’s highly proprietary semiconductor designs and CAD drawings. He’ll be in the booth Tuesday and Wednesday from 9 a.m. to 12 p.m.

Other Activities in Code42 Booth #1141

Monday: Demos and Drinks, 4-7:30 p.m.
End your day with a product demo and glass of McSwagger’s Own Ale from local brewery Crooked Can Brewing Company.

Tuesday: Demos and Donuts, 8:30 a.m. to 12 p.m.
Grab mini donuts made fresh in our booth while taking in a solution demo.

Wednesday: Midweek Energy Boost, 8:30 a.m. to 12 p.m.
Need some more wings mid-week? We’re doing a Red Bull giveaway and solution demos.

Thursday: Thank You, Safe Travels Cookies, 11 a.m. to 3 p.m.
Before you finish at Ignite, swing in for a solution demo and fresh-made cookies.

Macom Data Loss Protection Blog - Code42

MACOM Uses Code42 to Stop Departing Employee Data Loss

MACOM is truly a great place to work. But, like every company, the unavoidable reality is that people leave. And, like every company, we’re faced with the challenge of making sure our trade secrets — in our case, highly proprietary semi-conductor designs and CAD drawings — don’t leave with them. I am part of a three-person security team, and we are tasked with overseeing around 1,500 employees spread across 50 sites worldwide. Today, I’d like to share how we’re using Code42® Next-Gen Data Loss Protection to tackle the challenge of data loss from departing employees — protecting our most valuable files and protecting our business.

A Better Process for Detecting, Investigating and Responding to Data Loss Risks

About a year ago, we chose to implement Code42’s solution as the foundation of our comprehensive data loss protection strategy. We’re leveraging the solution in a number of ways, but one of the simplest and most valuable use cases is detecting when departing employees put data at risk — and accelerating investigation and response to data loss incidents.

Here’s what a typical workflow looks like with departing employees:

  1. HR Notice: Our HR team understands how we’re trying to focus on the unique data loss risk presented by departing employees. Having their buy-in ensures that HR informs us as soon as an employee gives notice that they’re leaving the company. This kick-starts the entire workflow.
  2. Past Activity Examined: As soon as we know an employee is leaving, we look back at the last 90 days of their file activity to see if they’ve done anything risky.
  3. Employee Added to Watchlist: Going forward, that employee is added to a watchlist within Code42 for enhanced monitoring. We watch their file activity closely for potentially risky data movement.
  4. Activity Alerts for File Movement: Code42 automatically generates activity notifications when an employee on our watchlist exceeds our defined file activity thresholds (moving too many files, moving too much data, moving files in specific ways, etc.).
  5. Forensic Investigation: Once again, since we’re able to track all file activity over the last 90 days, we’re able to rapidly investigate any alerts to assess whether the activity represents a data loss risk.
  6. Response: Our strong partnerships with Legal and HR allow us to quickly bring them in to execute an appropriate response to an identified risk. This also means we’re not left being the bad guys; our staff see us as the brand-value and idea protectors instead of the police.

How Cross-Functional Support Makes Our Security Team Smarter

It wasn’t as hard as you’d think it would be (or I thought it would be) to get to the point that we are at today with our data loss protection program. But it really all started with the security team building partnerships with our line-of-business (LOB) leaders. They helped us identify:

  • Our most valuable and vulnerable files and data: Our semi-conductor designs, our manufacturing CAD drawings, our marketing plans, our customer lists, etc.
  • What normal vs. abnormal file movement looks like: If someone from marketing is using a USB to transfer data, that’s not that unusual — it’s common for collaborative marketing projects. But if an engineer is removing design files or an executive is taking customer lists, it might be risky. We have different alert profiles set up based on the type of employee, because we recognize that “normal” looks different for different types of employees.
  • What action is required: Just as different files constitute different kinds of risk, different risks require different kinds of action. We worked with our LOB leaders to identify what corrective actions should be taken to protect files and prevent damage when a departing employee attempts to take data with them.

Once we had these things figured out, we worked to develop protocols where possible. This standardized our definition of what risk looks like when an employee is leaving — and defines what action should be taken based on the identified risk.

Focusing on Data — Not People

Like all security teams, we’re trying to focus on our biggest risks. But it’s the data — not the people — that we’re watching. Thanks to our LOB partnerships, we know what our most vulnerable and valuable data is. Thanks to Code42, we know where this data lives and we can see how it moves. When we detect that something’s unusual, we have the forensic depth to look closely at files that we detect as having left — so we know immediately if it’s something we need to address.

Moreover, by first narrowing our scope to focus on departing employees, we can more fully leverage this broad and deep file visibility to efficiently and effectively protect our data. And because we have this streamlined process in place, we are able to expand our team’s focus to monitor data in other potentially high-risk situations. We’re able to look more closely — while simultaneously being smarter and more efficient about how we spend our time.

A Rapid Learning Curve

I’ve mentioned that we run a lean security operation. In fact, we only recently added the third member of our security team, hiring a security analyst to help our director of IT security and me in better protecting the company. Our new security analyst came in with very little experience using enterprise data security tools, but he was able to jump in and begin using Code42 almost immediately. He’s taken a very hands-on role in using Code42 to actively protect our data, and it’s expanded what we can do — our capabilities, our use cases, etc. — as a security team.

This experience stands in stark contrast to most legacy data security tools, which are complex, require weeks of training — and years to become really proficient. Using these complex tools is no problem for more seasoned security pros. But most of us are familiar with the increasing shortage of security people — even as data security becomes more high-profile and demand rises. This was a popular topic at Black Hat USA 2019, and the consensus is that we need tools that don’t require extensive training and allow even rookie security analysts to hit the ground running.

Giving Us Confidence to Protect Our Business

Code42 has already proven its value in myriad ways, and our process for monitoring departing employees has already helped us catch risky data movement and take action. Because of successes like these, HR and Legal understand and appreciate the capabilities our security team has — and this fosters a deeper collaborative partnership as we tackle other data security challenges in our organization. Code42 is giving us the confidence to proactively protect our valuable files and data across our global environment, and to take rapid action to protect our business.

Code42 Blog about macOS Catalina compatibility with legacy DLP

macOS Catalina Creates Kernel Crisis for Legacy DLP

Apple released the new macOS Catalina on October 7, setting IT and security teams abuzz about the logistics of upgrading their users, excitement about new features and concerns about the pains that always come with change. But security experts have revealed a troubling impact: macOS Catalina entirely disallows kernel extensions (kexts). This isn’t just another instance of “kernel panic” — this is a full-blown kernel crisis: Legacy DLP products will cease to work in the Mac environment going forward.

“ Legacy DLP products will cease to work in the Mac environment going forward. ”

Catalina goes read-only — disallows kexts

With the release of Catalina, Apple shifts the entire macOS to read-only, regardless of permissions. Kernel extensions are completely disabled. This change strengthens the overall security stance of the macOS. But it’s a major problem for legacy DLP products like Symantec and McAfee, which depend on kernel extensions for their core functionality.

Legacy DLP simply won’t work in Catalina

Disallowing kernel extensions disables the blocking functionality of legacy DLP products. The products will technically still “run” on Catalina (with the usual kernel panics and other pains), but they’ll no longer be able to work the way they have — no more blocking risky user actions. In effect, legacy DLP will cease to work altogether. At a time when insider threat continues to escalate, companies simply can’t afford to risk leaving their data exposed.

You can’t afford not to upgrade

Most legacy DLP vendors are approaching the kernel crisis carefully. They’re reaching out to customers with one-to-one communications, trying to convince them not to upgrade to Catalina so they can retain the functionality of their DLP products (for example, reference the table on Symantec’s support page). But not upgrading is not viable in the long-term. You need to give your users access to the latest features of Catalina; moreover, your users will demand the upgrade. And your security team can’t afford the security risks of lagging behind.

Code42 Blog about macOS Catalina not working with legacy DLP
Current recommendation found on the Symantec support page. The latest Catalina release makes the security gap evident for legacy DLP customers.

There’s not a ton of time to waste, either. Apple will end updates, security patches and support of macOS Mojave in less than 24 months. That means most organizations need to begin planning their upgrades—including how they’ll fill the enormous security gap — now.

DLP for Macs has always been painful

Running legacy DLP on macOS has always been frustrating—a “square-peg-round-hole” problem that creates more work for security teams and increases the potential for dangerous gaps in visibility and protection. But the clear trend is that Apple is making it even harder for DLP to function in macOS — leading to more kernel panics, frustrations and potential security gaps. So the “kernel crisis” of the Catalina upgrade isn’t coming out of nowhere. The reality is that legacy DLP was not built with Macs in mind, and this disconnect is coming to an urgent head.

Code42 is next-gen data loss protection built for Macs

At Code42, we know the pains of legacy DLP for Macs firsthand — and built our Code42® Next-Gen Data Loss Protection solution to mesh seamlessly with macOS. We understand macOS better, so we approach things differently by:

  • Working at the file-system level to focus on what really matters — your file data         
  • Monitoring the applications that access, interact with and touch those files
  • Giving you deeper, broader visibility into all file activity — across your endpoints, in the cloud and in applications

We don’t have to muck around at the kernel level, playing the whack-a-mole game of activity-blocking. All of this means that the robust functionality of Code42 Next-Gen Data Loss Protection is completely unimpacted by the security improvements of the Catalina upgrade.

Providing the business-critical push to move to next-gen data loss protection

Most security pros already know the many pains of running legacy DLP products on Macs. So, the good news is that the Catalina kernel crisis will give many security teams the final push they need, providing a business-critical reason to move to a better data loss protection solution. In fact, several of the world’s leading tech companies anticipated the Catalina kernel crisis and have turned to Code42 Next-Gen Data Loss Protection: not just to fill the gap created by the Catalina upgrade — but to help them build a more forward-thinking, future-ready data loss protection strategy.

Code42 Evolutionary Awards 2019

2019 Evolutionary Award Winners Showcase Innovation in Data Loss Protection

With all the scary statistics out there about the growing data security threats in the enterprise world, it’s easy to lose sight of a more optimistic fact: Enterprise data security is getting better — and organizations everywhere are building smarter data loss protection programs. Each year, the Code42 Evolutionary Awards celebrate the smart, innovative and just-plain-cool ways that organizations are protecting their data. This year, we recognized 10 organizations for their extraordinary innovation in data loss protection. Let’s take a look at the 2019 Evolutionary Award winners:

Evolutionary Award: BAYADA Home Health Care

BAYADA Home Health Care won the namesake Evolutionary Award for completely evolving the way their company secures data, protects IP, and enables users. Their data security journey began with safeguarding training videos in the cloud for their mobile workforce, then expanded to protecting data from the threat of lost and stolen laptops. BAYADA’s current project is to ensure that their proprietary and regulated data is secured and monitored for loss and proper usage. “Protecting data is impossible if you don’t have comprehensive visibility into where your data is, and to accomplish this you need the right tools,” says Craig Petrosky, director of Desktop Equipment Services for BAYADA. “That’s why it was critical for us to implement a solution that provides near real-time detection and the ability to respond to cases of data loss, leakage, misuse, or potential exposure.”

Guardian Award: Cisco

Cisco won the Guardian Award for a security team that creatively and effectively fends off an array of threats —from ransomware to malicious insider actors — to protect its valuable data. Cisco has developed countless data protection workflows by using Splunk to develop actionable insights about how data may be infiltrated and exfiltrated from the organization. “In today’s data landscape, it is important to have a solid data collection agent, one that offers insight into where data is, where it’s moving, and where it’s been. A tool that can offer this is an invaluable tool for Insider Threat investigations” says Kevin Currie, investigator CSIRT of Cisco.

Rookie Award: Ironwood Pharmaceuticals 

Ironwood Pharmaceuticals won the Rookie Award for an organization that has successfully deployed a new software product within the past year. Deploying new software is never a small feat, Ironwood Pharmaceuticals did so with a de-merger on the horizon, knowing that they would soon have to split their deployment in two. “When our organization was going through the de-merger, we needed a simple and flexible solution to ensure our data is protected,” says Lian Barry, manager, end user support for Ironwood. “We found a solution that has provided constant assurance that our data is protected throughout this period of increased organizational change. 

Harmony Award: MacDonald-Miller 

MacDonald-Miller won the Harmony Award for striking a balance between data protection and empowering employees to be productive and collaborative in order to deliver results to the company’s bottom line. Two of MacDonald-Miller’s top security priorities are that users never experience downtime from data loss, and that valuable data is not leaving with departing employees. “Our data is our competitive advantage,” said Eddie Anderson, technical business analyst at MacDonald-Miller. “It’s critical for us to protect data from loss, leak and theft, while enabling our employees to collaborate and work at the speed of business.”

Evangelist Award: David Chiang, MACOM

David Chiang, IT system engineer of MACOM, won the Evangelist Award for an individual with expertise in data loss protection who sets industry best practices and actively shares them with peers. Chiang’s passion for software deployment and systems integration began with an intern project and has evolved into deep expertise on protecting data in the midst of a digital transformation. “Digital transformations are exciting, but they can put data at an elevated risk,” says Chiang. “It’s important for organizations to take steps to protect their most important asset — their data — during these times.”

Atlas Award: Proofpoint

Proofpoint won the Atlas Award, honoring an organization for deploying and protecting an expansive global workforce. As the Proofpoint organization grew quickly through M&A, business continuity and user productivity were top priorities set by the CIO. “With help from professional services, we were able to quickly go from nothing to a fully deployed data collection agent that can support our global workforce, ensuring we never experience data loss. We had a very successful deployment and it proved ROI within four months.” says Brock Chapin, systems admin for Proofpoint.  

Trailblazer Award: Schneider Electric 

Schneider Electric won the Trailblazer Award for improving a critical workflow or process for its organization. The company developed a custom app, used as part of their computer depot service, which collects and recovers data — in order to streamline, expedite and standardize the service. The results: time saved for technicians, reduced end-user downtime and improved user experiences. “As anyone in IT knows, positive user experience is critical to the effectiveness of any technical program. Our custom app not only provides that user experience, but it also lets them get back to work faster through decreased down time,” says Austin Joe, end point solutions senior engineer, enterprise IT of Schneider Electric. “We couldn’t be happier with the results.” 

We’re in this together

Join us in giving a virtual round of applause for these successful and innovative organizations. These examples not only represent major achievements for the organizations themselves, but the overall progress of the collective community of enterprise data security professionals. As your security team tackles emerging and evolving data loss challenges, don’t forget that you have a powerful resource in your Code42 peer network. From looking to examples like the customers highlighted here as inspiration or blueprints for your own initiatives, to consulting with other data security professionals to get answers, advice and guidance, we encourage you to leverage this valuable connection to some of the enterprise security world’s best minds and biggest thinkers. While the details differ, we face the same threats, manage the same challenges and share the same goals. We’re in this together.

Today’s Five Biggest Overlooked Data Security Trends

In the weeks following Black Hat USA 2019, I’ve done a little traveling from conference to conference – and, in between all that, met with a few customers. In those conversations, I’ve noticed that the key themes that emerged at this year’s Black Hat (all of which I’ve outlined below) have been holding strong throughout customer conversations. I believe these will be the trends we’ll continue to see throughout the last leg of this year, and well into 2020.

1: Complex Solutions

The first trend that stuck out is how complexity remains too high in cybersecurity. Many vendors continue to talk about how sophisticated their products are and how they can solve complex problems. In doing so, these tools become inherently very complex and unwieldy themselves. There’s a large and relevant inconsistency here: on one hand, the security industry, and really all enterprises, struggle with a serious shortage of skilled cybersecurity personnel. On the other hand, the complexity of the toolsets continues to rise. Something has to give.

Of course, these tools are aimed at people who are assumed to be masters of their trade, and who are able to make informed decisions as they examine data subtleties. Finding people with such talents continues to be one of the biggest challenges in the security industry, and without such staff, these tools end up being misused, or even unused.

2: Skills Gap

The second trend is how vendor complexity exacerbates the skills gap. As more organizations look to hire security staff who are less skilled and experienced with the hopes of quickly training these personnel, security vendors still need to provide the market with products that enable newcomers to be as effective as experienced security professionals.

If we want to get information security right in the next 10, 15 or 20 years, the industry must make products and tools that are easier for this next generation of security professionals to consume. Innovative technologies like machine learning and AI are indeed exciting, but they need to be coupled with easy and prescriptive solutions that new security professionals can start using right away without having to be experts first.

3: Communication is Key

The third trend: security vendors need to improve how they communicate their value. By walking the show floor at Black Hat and engaging with various security vendors, you’ll quickly realize that they don’t communicate their value propositions very clearly. It’s a real challenge to determine what many vendors actually do and make sense of whether or not these “solutions” actually solve specific challenges.

This is an area where the entire security industry can improve. The focus needs to be on how to better communicate the value of products and services, and how they provide better business outcomes. However, it’s not just security vendors that should be thinking about how they impact business outcome versus just tools and technologies; security engineers, architects, directors and CISOs must also do a better job of discussing business outcomes and how their investments will improve those outcomes.

4: Management Challenges

The fourth trend is that the challenges associated with managing data loss remain high. There is a considerable amount of continued frustration when it comes to managing data loss.

In fact, all of the leading data loss prevention vendors still talk about how they use AI to help classify data and automatically create data-loss policies. However, none have crossed the threshold where they can help security teams that don’t have the wherewithal to undertake a monumental project lasting several months or years to classify all of their data so that they can begin to deploy DLP.

Related to this is how understaffed and stressed most security teams seem to be. At the conference, I met with growing enterprises that have staffing ratios so low that one internal person supports 100+ employees. That ratio is far too low, and it’s why it doesn’t matter how cool the technology is; if it doesn’t help security teams that are under constant stress, then it simply doesn’t matter.

“ Making data-loss protection seamless and able to be managed by security teams of any size is something that we think a lot about at Code42. We focus on solving real-world cases, such as dealing with data loss risk by departing employees and high-risk employees in ways that don’t require hundreds to thousands of staff work hours to get right. ”

5: Product Consolidation

The final trend is the continued high level of technological and product consolidation occurring within the security market. This has been going on for some years now, and it’s continuing to accelerate. Security vendors continue to expand to adjacent problem spaces with complementary solutions – be it a DLP vendor acquiring CASB products, or a next-gen firewall solution adding EDR and SOAR capabilities to their portfolio. Elevating the business value to customers is one of the biggest drivers to increase user adoption of these new products and technologies.

These are the trends I noticed while exploring the show floor, speaking with vendors about the issues they are trying to solve, as well as meeting with customers and prospects. While the challenges are steep, I’m convinced that the industry and security professionals alike are motivated to learn, adapt and improve in order to solve the intricate obstacles we face, such as insider threat. We should expect to see solid progress in these areas in the next year.

Zero Trust Starts with Data Security

Recently, I joined co-presenter Chase Cunningham from Forrester for a webinar titled, “Zero Trust starts with Data Security.” You can’t be in security and not have heard of Zero Trust. It’s become marketing fodder to a lot of folks, so our goal was to present a very real-world scenario of what was driving the Zero Trust movement. Recently, Code42 commissioned Forrester Consulting to evaluate challenges that organizations face using traditional data loss prevention solutions. They surveyed 200+ security budget decision makers in the U.S. at organizations with 1,000 to 4,999 employees.

Here is a summary of the key takeaways from the webinar: 

It’s war! 

Make no mistake, we are living in a warfighting domain in cyberspace. In fact, in 2010 the U.S. Department of Defense declared cyberspace a warfighting domain. Simply put, your business and its associated data is in the middle of a war zone.

Compliance is more than a checkbox!

You can be compliant or you can be secure. Often organizations that choose to just be compliant are still setting themselves up for major security breaches. The analogy Chase used to explain this idea in the webinar is reason enough to watch the replay.

DLP isn’t the second coming. Prevention isn’t enough.

There is plenty of market frustration about the current state of DLP. Users have essentially checked out and are recognizing that there is a critical protection layer missing from the security stack.

Insider threat is on the rise. 

Here’s a stat to ponder: Ninety percent of insider data loss, leak and theft goes undetected internally.

Departing employees are taking your data.

Fifty percent of the labor force is already looking for new employment, half of which have been with their current employer for less than a year. They are quitting at alarming rates, and they are taking your data when they go! 

Workflows don’t exist.

We asked a very simple question of today’s organizations: Do you have a departing employee workflow? While badge and device collection are standard HR protocols, we heard crickets when it came to “collecting the data.” Simply put, organizations do not have a process for protecting corporate data when employees leave. 

Data is no longer the core focus. Everything else is.

Solutions and training have shifted the focus away from the core problem of the “data” itself. Prevention-oriented solutions are so focused on policies, classification and blocking, etc., that they are ignoring data altogether, which is a critical element in the Zero Trust approach. 

Zero Trust is a timely reminder…

To focus on the data! 

All data matters

At the core of Zero Trust is an approach rooted in collecting all data, not culling it out. 

It’s about data loss protection 

You have to complement a prevention-focused approach with protection measures because ultimately it is imperative to reduce the time to detect, investigate and respond to a data breach. 

Follow the data, not the employee!

While it can be easy to get suckered into a “Big Brother” mindset of monitoring employee movement patterns, all you really need to do is understand data movement patterns. After all, it’s the data the employee is after! 

To dive into the details of this webinar some more, catch the entire on-demand version here.

YMCA Twin Cities Takes a Next-Gen Approach to Data Loss Protection

The Y connects with youth, adults, families and seniors of all backgrounds to explore and enjoy opportunities to learn, grow and thrive. In order to strengthen the community, which is our cause, it’s important that we make it easy for our employees and volunteers to do their work in supporting our programs and services — and data security plays a vital role.

The importance of data security for us lies in our ability to keep our data safe while enabling our users to get their jobs done efficiently and fast, without hindering what they’re trying to do. If our users aren’t able to access their data, it impedes their ability to accomplish the mission of the YMCA of the Greater Twin Cities. Specifically, data loss means time wasted in redoing work; it means time spent researching where that data went; it means determining whether that data movement created a new risk for the organization; and ultimately, it means not being able to serve our community so all can thrive.

People want to embrace technology and expect that it will allow them to get their jobs done quicker. As a security director, it is my responsibility to layer in security in a way that enables employees to use technology the way they want to. That’s critical, because if we don’t, they’ll stop using the organization sponsored technology entirely. Providing for this flexibility requires strong governance, and faster detection and response to data loss incidents.

I don’t think traditional data loss prevention (DLP) works. Policy sets with traditional DLP are hard to tune, and it takes months or maybe even a year or two to get to the point where you can enforce policy rather than just monitor. I am not willing to accept the risk associated with imperfect policies, resulting in blind spots. Instead, to enhance the security of the YMCA of the Greater Twin Cities, I prioritize faster detection and response.

When our existing DLP solution was due for an upgrade, we took a cloud-first approach to looking for a replacement. We also wanted to get away from the burden that traditional DLP places on user productivity when policies block the movement of data for legitimate workflows.  Considering this, we found that it made sense fiscally, strategically and technologically, to replace our legacy DLP solution with Code42 Next-Gen Data Loss Protection.

Code42 Next-Gen Data Loss Protection gives us the visibility we need across our endpoints and cloud applications — visibility that I haven’t had through other tools. We can create alerts to help us find any data exfiltration attempts so we can quickly take action, in the event of insider threats. It also helps us detect, respond and recover should there be an incident where a departing employee takes data.

“ The simplicity of the Code42 deployment was amazing. It’s been invaluable for us to be able to deploy efficiently and in such a short time because it freed us to work on other projects. ”

And, we were able to replace more than 10 on-premise servers with a cloud deployment, bringing financial savings. Code42 Next-Gen Data Loss Protection accelerates our detection and response to data loss and leak, at a fraction of the cost of alternatives, all without impeding users from accomplishing the YMCA of the Greater Twin Cities’ mission.

From advocacy to aquatics, child care to camps, mentoring to multicultural experiences, sports to safe spaces, water safety to wellness, the Y strengthens the community with life-changing programs and services. With Code42, we’ve been able to advance our data security program to support these efforts.