Forrester Publishes Timely Article on the Rise of Insider Threat

At a time when WFH (work from home) is emerging as the hippest acronym to use, Forrester’s aptly titled “Pandemic Fallout Creates Perfect Conditions For Insider Threat” article by Joseph Blankenship is very relevant. While organizations embrace remote work and figure out creative and innovative ways to unleash their collaborative cultures, they have to be mindful that the battlefield of insider threat has shifted away from the traditional perimeter and into open grounds. Oh, and these grounds happen to be off-network and off-VPN!

I had three brief takeaways from the article that I wanted to provide some personal context on.

  1. “The rapid move to remote work may leave some users outside the typical security controls organizations employ, leaving systems and data vulnerable.”
    This is a no brainer. So far, organizations have had the luxury of creating security strategies tied to the safe vicinity of corporate workspaces. The rapid shift to work-from-home has allowed very little time for planning, so expect gaps!
  2. Security teams need to “[n]ot rely entirely on user behavior monitoring tools that no longer reflect the actual environment users are working in.”
    Traditional approaches to data security haven’t evolved with company culture or the simple reality that users have, in fact, already started a movement of going remote. In this new world, data security simply has to keep pace with the way people work.
  3. “Your users are scared – both of getting sick and losing their jobs. How these concerns are addressed has tremendous impact on the likelihood of users turning malicious.”
    Protecting an organization from insider threat during a pandemic is not all about the tech. It’s just as much a human issue that involves fear and uncertainty. Simple measures that companies take during this time to remind employees of their value can in fact emerge as the best non-technology approach to preventing insider threat from ever happening.    

Collaboration Without Compromise: A New Approach to Securing the Remote Work Culture

We are witnessing the largest shift in work culture in our lifetime. And it’s putting remote work and collaborative technologies to the test at a scale that we have never seen before. Everyday the news is bringing us stories about more employees who are logging in from their kitchen table to email, slack, airdrop and message their colleagues. And while they are all focused on getting their work done, what might not be so apparent, is that they are also opening up their companies to heightened data risk. 

The simple truth is old-school technologies that were designed to prevent data from moving outside traditional security perimeters were never built to safeguard collaborative workforces. And if they weren’t equipped to protect routine cloud collaboration, how can they possibly handle the highly distributed workforces and huge influx of remote workers we are seeing today. 

The implications? This unprecedented situation is going to shine a light on gaps in the security stack that have existed for some time. So what can companies do to help secure this growing remote work culture?

Embrace the wave of collaboration

For starters, it means embracing the collaboration wave. The growth of remote work did not just start this month, it has been gathering steam the past dozen years. A survey by Global Workplace Analytics and FlexJobs states that remote work has grown 159% over the last 12 years. 

Collaborative work cultures definitely have their advantages. That’s why making it easy for employees to connect and get their jobs done — whether they’re in the office, on the couch, or at the coffee shop — has moved to the top of the to-do lists for many c-suites. In fact, according to the Code42 2019 Data Exposure Report, workforce culture ranks first among CEO, CIO and CHRO strategies and priorities. Why? CEOs, CIOs and CHROs are changing corporate culture in order to move faster. The more productive a workforce; the greater the payoff on the bottom.

Don’t let the inside be the blindside

Certainly, collaborative technologies — like Slack, Box, Microsoft Teams and OneDrive — are making it easier for remote workers to legitimately share files. The challenge, however, is they’re also making it easier to exfiltrate data, such as product ideas, source code and customer lists. 

Imagine how easy it is for an employee working from home to flip between personal and corporate cloud accounts like Google and Slack as part of their daily routine. Granted, some employees have malicious motivations. However, for the most part, its workers with the best intentions who will login to the most convenient tools at their disposal to get their jobs done — often without realizing the added data security risks they are creating for their company. 

The challenge is businesses are empowering employees with technologies for collaboration without having the proper security programs in place. Without the right technology, security teams are unable to detect and track files as they move between corporate and personal accounts. This leaves the files that employees create and share everyday vulnerable — and businesses open to insider threats.

The following stats paint a telling picture:

  • 89% of CISOs believe a fast-paced culture puts their company at greater data risk. (Source: Code42 Data Exposure Report 2019)
  • In the last 12 months, 66% of data breaches were inside jobs. (Source: Code42 Data Exposure Report 2019)
  • Only 10% of security budgets are dedicated to insider threats.

Bottom line: Insider risk programs are too often overlooked and underfunded – something that needs to change in this new era of collaboration.

Recognize that the culture shift requires a technology shift

So the question is. . . is it possible to have collaboration without compromise? Absolutely! Empowering employees to work-on-the-go does not have to come at the expense of the safety of data — that is, if companies are willing to shift how they think about and approach security. 

The lesson many companies have already learned is that traditional, prevention-based approaches to data security that focus on blocking are failing to protect data when workforces are highly distributed and reliant on the cloud to collaborate. In the Code42 2019 Data Exposure survey of 1600 business and IT leaders, 69% admitted that their organizations suffered an insider data breach at the same time they had a prevention solution in place. Not only were the organizations breached, but 73% admitted it takes months to discover, investigate and respond to a data breach. 

Think about it. Legacy solutions are busy trying to block access to files when the rest of the remote workforce is busy sharing. The approaches are working in direct opposition to one another. That’s why a new data security strategy is needed — one that fosters rather than tries to deter collaboration and productivity. 

At Code42, we believe data security should be defined not by what you can prevent, but by how fast you can detect, investigate and respond to the inevitable threats to data security. Fans of traditional prevention solutions will say: but if I can’t block, how can I prevent data from leaving? The truth is, data is already leaving. What is needed is a solution that offers complete visibility to where data lives and a high fidelity signal when it moves and leaves. 

If there is anything that we’ve learned during these past several weeks, it’s that the collaboration culture is here to stay. What we need to understand is that properly securing it is going to look different.

Don’t Poison Your Employee Experience With the Wrong Approach to Insider Threat

The year 2019 was a harsh reminder that as much as organizations try to downplay insider threats, they cannot be ignored or overlooked. Organizations like Capital One, McAfee (itself an insider threat solution) and even Apple can attest as they all found themselves on the wrong side of the headlines. Needless to say, as the year wrapped up, many 2020 predictions and resolutions included a better approach to insider threat.   

Forrester’s aptly titled report, “Don’t Poison Your Employee Experience With The Wrong Approach To Insider Threat” is timely! As much as we don’t want to admit the obvious, our colleagues are among the biggest threats to the data security of our organizations. But there’s a balance between understanding malicious and non-malicious intent. And with the CCPA and GDPR serving as backdrops to data privacy, security organizations have their work cut out in balancing the security and productivity of end users. No easy feat!

My Top 5 Takeaways on Forrester’s Latest Report on Insider Threat:

  1. Make your insider threat program fit within the overall security program. We know incident response processes have taken center stage in the security world. It’s all about decreasing time to detect and respond to threats. Insider threat needs to be a part of the overall incident process. Few organizations have well-defined incident response scenarios for insider threats, but that trend is changing fast.
  2. Don’t let security become a burden on employee productivity. Code42 has been saying this for quite some time and it’s worth repeating. Security is often confronted with a crossroads situation. Traditionally, the idea of prevention (otherwise known as Data Loss Prevention) has operated on the notion of blocking suspected users from carrying out their jobs. This approach is outdated and comes at the cost of collaboration. A new wave of solutions are paving the way for a security strategy rooted in protection, and one that embraces collaboration.
  3. The Collaboration Culture is a Security Culture. Gone are the days where security is a dreaded practice with productivity stalling implications. Today’s security culture is about embracing collaboration and why not? Ask any CEO what their top digital transformation initiatives are and they’re likely to put “better collaboration” near the top of the list.
  4. Technology and human intelligence fuel your insider threat program. Emerging insider threat programs are made up of people and technology. While many organizations have relied on technology to solve a very human program, it’s clear that understanding user behavior patterns, what drives user actions and predicting users’ next moves are equally important. In the end, an insider threat program is all about speeding up time to respond to a threat. By combining technology and human intelligence, you are building yourself an all-encompassing program that covers multiple vectors.
  5. Code42 takes the focus off users and instead focuses on file behavior. And of course, I have to mention Code42 here. While many security solutions are solely focused on user behaviors and actions, our approach has been simply rooted in understanding the behavior of the file. And it’s very simple logic… In the end, the malicious end user is after your “data,” so understanding everything about that data is paramount. As I like to say, “don’t follow the employee, follow the data.” With data privacy becoming more important and organizations growing more mindful of being “big brother,” an approach rooted in data will only become more important and compelling.

2020 will undoubtedly be another breakthrough year for insider threat. There will be more headlines, innovative security solutions and smarter insiders. In the midst of this growing problem, it’s good to see Forrester remind us that building an effective insider threat program doesn’t have to come at the cost of killing your employee experience. An effective security strategy coupled with a productive workforce? I say bring on 2020.

Download the complimentary Forrester report here.

Microsoft and Code42 Ignite the Focus on Insider Threat

The entire Code42 team had a great time attending Microsoft Ignite in Orlando. Microsoft Ignite brings together more than 25,000 attendees who have keen interests in software development, security, architecture and IT. I have to tell you, before going to Ignite, I held preconceived notions that attendees would hold a clear bias toward IT challenges and not the broader challenges facing enterprise security.

Fortunately, I was mistaken, and it quickly became apparent that security and cloud concerns were a big part of the conversation. For all of us at Code42, that meant we were in store for an exciting week. We came to Ignite with a significant announcement – our new integration with Office 365 email.

More tools to mitigate insider threat

Why integrate Code42 with Office 365 email? There are a couple of reasons. First, while there’s been plenty of talk about the demise of email as the top communication platform, the reality is the amount of confidential and proprietary information sent via attachments every day in email is mind-boggling and enterprises need better controls. Second, while Office 365 email does provide ways to create email policies and flag risky emails, Code42 provides complementary insights and valuable investigative information into the who what, when and why (as I like to call it) around the files. This is just another way Code42 helps our customers to mitigate insider risks.

We also showcased some new Code42 capabilities that enhance the workflow for departing employee data exfiltration detection. As you may already know, managing the data exfiltration risks associated with departing employees has been a significant effort for Code42. When it comes to mitigating insider threats and data breaches, it turns out that departing employees are notorious for taking trade secrets, confidential information, and other types of intellectual property with them as they leave organizations for new companies.

The departing employee challenge is exacerbated by the following: first, most organizations don’t have a data exfiltration mitigation policy in place for departing employees; and second, there typically aren’t technology or applications available to assist in the departing employee workflow. This is precisely why Code42 developed and released its new departing employee workflow capabilities.

“ The departing employee challenge is exacerbated by the following: first, most organizations don’t have a data exfiltration mitigation policy in place for departing employees; and second, there typically aren’t technology or applications available to assist in the departing employee workflow. ”

Being able to showcase such powerful new capabilities and seeing the positive reactions from such a large crowd, was one of the most rewarding parts of Ignite for me. Of course, Code42 SVP Rob Juncker got us off to the ideal start with a session mainly dedicated to insider threat and the importance of having a well-defined off-boarding process to protect valuable IP when employees leave.

The new capabilities were a hit among attendees. But, more importantly, to me, the new departing employee capabilities were the catalyst for conversations into understanding current departing employee workflows. These conversations largely confirmed what we’ve been saying here at Code42: that typical departing employee workflows are either under-developed or non-existent. No wonder insider threat continues to be on the upswing!

While Ignite gathers an IT-centric audience, what we learned is that when it comes to insider threat, multiple departments are part of the conversation. It isn’t uncommon to expect IT, security, compliance as well as HR teams to be in the mix when figuring out the best course of action to manage insider threat.

Demos, doughnuts and a customer’s personal account

We were also fortunate to be joined by one of our customers, David Chiang, an IT system engineer at semiconductor provider MACOM. David presented on how MACOM relies on Code42 to detect, investigate and respond to insider threats and file exfiltration. He framed the departing employee threat perfectly when explained how, when a departing employee tells MACOM that they’re “just taking personal pictures,” MACOM can now (thanks to Code42) look back and validate if that’s so. “If we access the files and find that it was company property, the conversation changes,” he explained.

And under those circumstances, that conversation should change. The problem is that too many – actually, the vast majority of organizations – don’t have such process and technology in place to provide themselves that level of visibility. Hopefully, our data security and departing employee announcements, an excellent and in-depth story from one of our customers on their success (over some excellent mini donuts) resonated and will change some of the status quo for the better.

While Code42 went into Microsoft Ignite with an intent to learn and educate around regarding the insider threat, it turned out we weren’t alone. There were two other significant announcements that reinforced the importance of mitigating insider threats. The first of those was Proofpoint’s acquisition of ObserveIT. Why? Because ObserveIT has been in the insider threat space for quite some time, and this acquisition is clear validation that Proofpoint views insider threat as an integral expansion of their security portfolio moving forward. The second announcement was from Microsoft itself. Microsoft unveiled its Insider Risk Management tool within Office 365 that is designed to help identify and remediate threats coming from within an organization.

I’m happy to say that the many announcements, as well as attendee interest and conversation around the issue, give me hope that insider threat programs are about to take center stage when it comes to managing enterprise data risk. And next year, Microsoft Ignite 2020, is bound to dig even deeper into the insider threat and all of the associated risks. We can’t wait to be there.

Code42 Blog about macOS Catalina compatibility with legacy DLP

macOS Catalina Creates Kernel Crisis for Legacy DLP

Apple released the new macOS Catalina on October 7, setting IT and security teams abuzz about the logistics of upgrading their users, excitement about new features and concerns about the pains that always come with change. But security experts have revealed a troubling impact: macOS Catalina entirely disallows kernel extensions (kexts). This isn’t just another instance of “kernel panic” — this is a full-blown kernel crisis: Legacy DLP products will cease to work in the Mac environment going forward.

“ Legacy DLP products will cease to work in the Mac environment going forward. ”

Catalina goes read-only — disallows kexts

With the release of Catalina, Apple shifts the entire macOS to read-only, regardless of permissions. Kernel extensions are completely disabled. This change strengthens the overall security stance of the macOS. But it’s a major problem for legacy DLP products like Symantec and McAfee, which depend on kernel extensions for their core functionality.

Legacy DLP simply won’t work in Catalina

Disallowing kernel extensions disables the blocking functionality of legacy DLP products. The products will technically still “run” on Catalina (with the usual kernel panics and other pains), but they’ll no longer be able to work the way they have — no more blocking risky user actions. In effect, legacy DLP will cease to work altogether. At a time when insider threat continues to escalate, companies simply can’t afford to risk leaving their data exposed.

You can’t afford not to upgrade

Most legacy DLP vendors are approaching the kernel crisis carefully. They’re reaching out to customers with one-to-one communications, trying to convince them not to upgrade to Catalina so they can retain the functionality of their DLP products (for example, reference the table on Symantec’s support page). But not upgrading is not viable in the long-term. You need to give your users access to the latest features of Catalina; moreover, your users will demand the upgrade. And your security team can’t afford the security risks of lagging behind.

Code42 Blog about macOS Catalina not working with legacy DLP
Current recommendation found on the Symantec support page. The latest Catalina release makes the security gap evident for legacy DLP customers.

There’s not a ton of time to waste, either. Apple will end updates, security patches and support of macOS Mojave in less than 24 months. That means most organizations need to begin planning their upgrades—including how they’ll fill the enormous security gap — now.

DLP for Macs has always been painful

Running legacy DLP on macOS has always been frustrating—a “square-peg-round-hole” problem that creates more work for security teams and increases the potential for dangerous gaps in visibility and protection. But the clear trend is that Apple is making it even harder for DLP to function in macOS — leading to more kernel panics, frustrations and potential security gaps. So the “kernel crisis” of the Catalina upgrade isn’t coming out of nowhere. The reality is that legacy DLP was not built with Macs in mind, and this disconnect is coming to an urgent head.

Code42 is next-gen data loss protection built for Macs

At Code42, we know the pains of legacy DLP for Macs firsthand — and built our Code42® Next-Gen Data Loss Protection solution to mesh seamlessly with macOS. We understand macOS better, so we approach things differently by:

  • Working at the file-system level to focus on what really matters — your file data         
  • Monitoring the applications that access, interact with and touch those files
  • Giving you deeper, broader visibility into all file activity — across your endpoints, in the cloud and in applications

We don’t have to muck around at the kernel level, playing the whack-a-mole game of activity-blocking. All of this means that the robust functionality of Code42 Next-Gen Data Loss Protection is completely unimpacted by the security improvements of the Catalina upgrade.

Providing the business-critical push to move to next-gen data loss protection

Most security pros already know the many pains of running legacy DLP products on Macs. So, the good news is that the Catalina kernel crisis will give many security teams the final push they need, providing a business-critical reason to move to a better data loss protection solution. In fact, several of the world’s leading tech companies anticipated the Catalina kernel crisis and have turned to Code42 Next-Gen Data Loss Protection: not just to fill the gap created by the Catalina upgrade — but to help them build a more forward-thinking, future-ready data loss protection strategy.

Zero Trust Starts with Data Security

Recently, I joined co-presenter Chase Cunningham from Forrester for a webinar titled, “Zero Trust starts with Data Security.” You can’t be in security and not have heard of Zero Trust. It’s become marketing fodder to a lot of folks, so our goal was to present a very real-world scenario of what was driving the Zero Trust movement. Recently, Code42 commissioned Forrester Consulting to evaluate challenges that organizations face using traditional data loss prevention solutions. They surveyed 200+ security budget decision makers in the U.S. at organizations with 1,000 to 4,999 employees.

Here is a summary of the key takeaways from the webinar: 

It’s war! 

Make no mistake, we are living in a warfighting domain in cyberspace. In fact, in 2010 the U.S. Department of Defense declared cyberspace a warfighting domain. Simply put, your business and its associated data is in the middle of a war zone.

Compliance is more than a checkbox!

You can be compliant or you can be secure. Often organizations that choose to just be compliant are still setting themselves up for major security breaches. The analogy Chase used to explain this idea in the webinar is reason enough to watch the replay.

DLP isn’t the second coming. Prevention isn’t enough.

There is plenty of market frustration about the current state of DLP. Users have essentially checked out and are recognizing that there is a critical protection layer missing from the security stack.

Insider threat is on the rise. 

Here’s a stat to ponder: Ninety percent of insider data loss, leak and theft goes undetected internally.

Departing employees are taking your data.

Fifty percent of the labor force is already looking for new employment, half of which have been with their current employer for less than a year. They are quitting at alarming rates, and they are taking your data when they go! 

Workflows don’t exist.

We asked a very simple question of today’s organizations: Do you have a departing employee workflow? While badge and device collection are standard HR protocols, we heard crickets when it came to “collecting the data.” Simply put, organizations do not have a process for protecting corporate data when employees leave. 

Data is no longer the core focus. Everything else is.

Solutions and training have shifted the focus away from the core problem of the “data” itself. Prevention-oriented solutions are so focused on policies, classification and blocking, etc., that they are ignoring data altogether, which is a critical element in the Zero Trust approach. 

Zero Trust is a timely reminder…

To focus on the data! 

All data matters

At the core of Zero Trust is an approach rooted in collecting all data, not culling it out. 

It’s about data loss protection 

You have to complement a prevention-focused approach with protection measures because ultimately it is imperative to reduce the time to detect, investigate and respond to a data breach. 

Follow the data, not the employee!

While it can be easy to get suckered into a “Big Brother” mindset of monitoring employee movement patterns, all you really need to do is understand data movement patterns. After all, it’s the data the employee is after! 

To dive into the details of this webinar some more, catch the entire on-demand version here.

Blog Gray Blue Header

CARTA: What Role will it Play in the Hippy Era of Data Love?

The Gartner Security & Risk Management Summit 2019 is upon us and this year’s theme is all about how you can shift organizational culture to improve cybersecurity, data privacy and business resilience.

When it comes to building a viable data security strategy, organizational culture has easily been one of the more overlooked elements. But that is changing! Today, end users play a key role in shaping security. The ultimate conundrum organizations face is how to embrace cultural shifts that drive  productivity without jeopardizing data protection.

“ CARTA offers a strategic approach to information security that assumes that everyone inside a security perimeter is a threat and all data interactions are a security event. ”

To that end, I’m very interested to learn more about Gartner’s Continuous Adaptive Risk and Trust Assessment (CARTA) framework. A logical companion to Forrester’s Zero Trust model, CARTA offers a strategic approach to information security that assumes that everyone inside a security  perimeter is a threat and all data interactions are a security event. The approach makes sense. In times where insider threat scenarios are clearly on the rise, a data focused approach to detecting and responding to risk becomes paramount. In my opinion, the best part of the CARTA framework is its approach of continuously adapting to change and learning from each data interaction.

I’ve often joked with security analysts that they have the unenviable task of protecting data in the hippy era of data love. In this new data paradigm, users call the shots. They use their device of choice, work from their location of choice and sometimes select their corporate IP storage destination of choice! Today’s users have rejected the mores of mainstream security. Countering this wave may actually have adverse effects on the business.

One of the key questions for me to answer at this year’s summit will be, “How well can CARTA enable this cultural shift?”

If you are attending the Gartner Security & Risk Management Summit, stop by booth #448. Learn how the Code42 Next-Gen Data Loss Protection solution makes it quicker and easier to detect and respond to data exfiltration and insider threats.

Insights From the 2019 Cyberthreat Defense Report Code42 Blog

Insights From the 2019 Cyberthreat Defense Report

This week, I joined Steve Piper, CEO of CyberEdge Group, to review the findings of the 2019 Cyberthreat Defense Report. The Cyberthreat Defense Report is designed to complement Verizon’s annual Data Breach Investigations Report and provides a penetrating look at how IT security professionals perceive cyberthreats and plan to defend against them. This study surveyed 1,200 IT security decision makers and practitioners from 17 countries, six continents and 19 industries.

Among the key findings this year, there are three that are sending a clear signal for the future of information security.

1. Too much security data. This might sound like a negative, but I view it as a good problem to have. After all, if you have all the pertinent data to help you with a security investigation, why wouldn’t you use it? Unfortunately, while the data may exist, the proper tools to decipher and analyze that data doesn’t. This is precisely why 47 percent of respondents acknowledged their organization’s intent to acquire advanced security analytics solutions that incorporate machine learning (ML) technology within the next 12 months.

My take: Having the data is one thing, being able to make quick and visual sense of it is quite another. Quick decision making is paramount and in security, time is emerging as a key factor to mitigating risk.

2. Thirteen percent of overall IT budget is consumed by security. This is up from five percent just two decades ago and will only continue to grow. There also is  a critical shortage of qualified IT security personnel, so I expect continued focus on smart investments in technologies.

My take: Security is rightfully taking center stage from a budget perspective. The challenges around too much security data to analyze, lack of skilled security practitioners and the realization that a cyberattack is imminent are only going to keep trending.

3. Insider threats continue to plague security teams. Detecting insider threats remains an enormous challenge for virtually every IT security organization. Although application development and testing remains atop the list of IT security functions perceived as most challenging, detecting rogue insiders and their insider attacks has risen from third place in 2018 to second place in 2019.

My take: Detecting insider threats comes down to how effective a company is in defining, collecting, correlating, analyzing and reporting on insider indicators of compromise. It’s time to take a proactive approach to protecting data.

“ Detecting insider threats comes down to how effective a company is in defining, collecting, correlating, analyzing and reporting on insider indicators of compromise. It’s time to take a proactive approach to protecting data. ”

Other key takeaways:

  • Hottest security technology for 2019. Advanced security analytics tops 2019’s most wanted list for not just the security management and operations category, but across all technologies in this year’s report.
  • Machine learning (ML) garners confidence. More than 90 percent of IT security organizations have invested in ML and/or artificial intelligence (AI) technologies to combat advanced threats. More than 80 percent are already seeing a difference.
  • Attack success redux. The percentage of organizations affected by a successful cyberattack ticked up slightly this year to 78 percent, despite last year’s first-ever decline.
  • Caving in to ransomware. Organizations affected by successful ransomware attacks increased slightly to 56 percent. More concerning, the percentage of organizations that elected to pay ransoms rose considerably, from 39 percent to 45 percent, potentially fueling even more ransomware attacks in 2019.
  • Container security woes. For the second year, application containers edge mobile devices as IT security’s weakest link.
  • Web application firewalls rule the roost. For the second year, the web application firewall (WAF) claims the top spot as the most widely deployed app/data security technology.
  • Worsening skills shortage. IT security skills shortages continued to rise, with 84 percent of organizations experiencing this problem compared to 81 percent a year ago.
  • Security’s slice of the IT budget pie. On average, IT security consumes 12.5 percent of the overall IT budget. The average security budget is going up by 4.9 percent in 2019.

It’s clear that security teams must ensure their organization’s defenses keep pace with changes both to IT infrastructure and the threats acting against it. The good news, at least for 84 percent of survey respondents, is that their IT security budgets are expected to increase in 2019.

Watch the on-demand webinar or get the full 2019 CyberEdge Cyberthreat Defense Report.

Finally, a DLP for Macs

Finally, a DLP for Macs

It’s time to face the facts, Macs are everywhere in the enterprise. In fact, a 2018 survey from Jamf pointed to the fact that more than half of enterprise organizations (52%) offer their employees a choice in their device of preference. Not entirely surprising, 72% of employees choose Mac. The Apple wave within business environments has begun and only promises to grow over time.

“ Legacy Data Loss Prevention (DLP) solutions don’t account for the Mac phenomenon and were not designed with them in mind. ”

The problem is that legacy Data Loss Prevention (DLP) solutions don’t account for the Mac phenomenon and were not designed with them in mind. As a result, legacy DLPs often approach Macs as an afterthought rather than a core strategy. Customer opinions of their DLP for Macs continue to be unfavorable. In fact, last year at Jamf’s JNUC event in Minneapolis, Mac users quickly revealed their sheer frustration with DLP and how it wasn’t built for Macs. Code42 customers currently using legacy DLP vendors vented about their Mac DLP experience saying, “It just sucks!”

Naturally, we asked why.

  1. No Support – Mac updates can be fast and furious. Unfortunately, DLP has traditionally struggled to keep up with those updates. The result? Errors, Kernel panics and increased risk for data loss.
  2. No OS Consistency – We often forget that today’s businesses often use both Mac and Windows. DLP has traditionally maintained a very Windows-centric approach that has made the Mac experience secondary and inconsistent with Windows. Having two sets of users with varying levels of data risk is never good.
  3. It’s Slow – The number one issue often stems from performance-sucking agents that bring the productivity of Mac users to a screeching halt.
  4. Kernel Panics – This is worth reiterating. Macs are sensitive to anything that poses a threat, so whenever perceived unsanctioned DLP software threatens Mac, it means reboots and an increased risk of downtime.
  5. It’s Complicated – Traditional DLP still relies on legacy hardware and manual updates, which is time consuming and expensive.

Recently, Code42 unveiled its Next-Gen Data Loss Protection Solution at the RSA Conference 2019. One of the reasons our 50,000+ customers love us is precisely because of the superior Mac experience we deliver. Our next-gen DLP solution was built with the Mac user in mind. Learn more about our trusted and proven take on DLP for Mac.