Differentiating Between Personal and Corporate Accounts for Browser-Based Data Exfiltration
The most loved innovations have always been those that understand and have been purposely designed to support the nuances of human behavior. The way people think, the unique behaviors, and innovative work arounds people conduct to solve problems, get the job done, collaborate, take risks and ownership of their work.
That’s never been more relevant with the constant movement of sensitive data throughout a company – with trusted partners, customers and employees working out-on-the-edge from home, and remote through collaborative cloud platforms; data is next to impossible to overly contain.
Every day, highly portable data like source code, company playbooks and customer lists are put at risk by employees. And that’s okay, to an extent. Effective businesses must prioritize collaboration, especially rapidly growing enterprises that focus on being agile and responsive. But when sensitive data falls into the wrong hands, it can be devastating to a company’s competitive position and bottom line. Insider Risk Management allows you to combat this risk while still allowing your teams to openly collaborate.
Existing restrictive approaches and controls put in place by organizations are eroding trust with employees, preventing collaboration and hindering open innovation.
It’s time for an approach that provides better visibility into risk posture and understands and supports the nuances of human behavior and how people actually think, act and work.
It’s time to actually tackle the problem and opportunity, rather than adding to the collateral damage, overly focussing on controlling symptoms. As such, we couldn’t be more excited that Code42 Incydr is now able to differentiate between personal and corporate cloud accounts when it detects data exfiltration via web browser without getting in the way of legitimate work.
Reduce Noise to Better Detect Risk to Data
The new Code42 Incydr capability supports and understands the way people behave in the real world and helps security teams determine if data has left the corporate environment and thus is exposed or leaked. It is designed to provide security with accurate alerts on file exposure events happening at untrusted destinations and to filter out legitimate, trusted file movements that would otherwise be noise.
Code42 Incydr takes the onus off security teams and performs a comparative audit of file movements on the endpoint with the expected activity in a company’s corporate cloud environment, since both locations are monitored by Incydr. If a file destination is within the corporate cloud environment, the activity is deemed “trusted ” because it remains within a managed, sanctioned system. When the audit does not turn up a matching event, Incydr alerts on exfiltration to an untrusted destination, like personal cloud accounts. This is critical for exfiltration vectors such as Google Drive that cannot be detected through domain-based approaches. Files uploaded to Google Drive are sent to drive.google.com, regardless of whether the end destination is the sanctioned corporate account or a personal one. Without Incydr, security teams are left with significant blindspots — unsure whether that activity is everyday employee collaboration or an actual data leak event.
Needed Now in Today’s Open Collaborative Culture
Particularly now as cloud-based collaboration tools, like Google Drive and Box, have risen in popularity within the enterprise, personal use of the same tools has become a breeding ground for data leaks and theft, contributing to losses up to 20% of revenue annually.
Today, 91% of security leaders agree that users may be exfiltrating data via personal cloud accounts, yet nearly half (49%) don’t have a tool to differentiate personal and corporate Google Drive uploads.
Developing and managing an insider risk program based on controls, policy restrictions and limiting access to information just doesn’t scale over time. People will always find a work around that may compromise your company and sensitive data.
Where there is a will – people will find a way. Policies will be broken, controls will be by-passed and data will be exfiltrated. Sometimes with deliberate, malicious intent in mind and other times – negligently or inadvertently.
Having an Insider Risk Management solution that captures the key nuances of how people behave in the real world and being able to differentiate major corporate data exfiltration to personal Google Drive, Box and other Cloud Applications from those activities shared to trusted destinations makes all the difference.