An incident or breach caused by an undetected insider threat in the private sector could damage a business’s reputation or significantly impact the organization’s financial wellbeing. But, in the public sector, a similar undetected insider threat breach or incident could jeopardize our national security! That heightened level of risk is why we’re thrilled to share that Code42 has achieved the In Process designation from the Federal Risk and Authorization Management Program (FedRAMP) for Code42’s cloud-based insider threat and data loss recovery solution. With the In Process designation, Code42 appears on the FedRAMP Marketplace, which means that Federal agencies and contractors have the ability to leverage Code42’s insider threat detection, investigation and response capabilities.
Insider threat in the public sector: the risk is real
Breaches and insider threats in the private sector may get the lion’s share of the headlines, but the public sector is far from immune to the insider threat risk. A Carnegie Mellon analysis of data from the CERT National Insider Threat Center (NITC) Insider Threat Incident Corpus shows that the federal government has, by far, the highest number of serious insider threat incidents detected over the past 20+ years — more than all incidents from state and local governments combined. While alarming, it isn’t exactly surprising that the federal government is such a big target. Just as in the private sector, the offending insiders in the public sector tended to be in trusted positions, and most exfiltrated data during normal working hours. And just as in the corporate world, roughly one in three insider threats were contractors, vendors or another third party not directly employed by the federal agency.
Stepping up insider threat protection in the federal government
It’s not that federal agencies don’t understand the risks of insider threat; on the contrary, they are quite well versed and have been managing and setting best practices on insider threat programs for nearly a decade. In fact, way back in 2011, Executive Order 13587 mandated that all federal government agencies that operate or access classified computer networks implement an insider threat detection and prevention program — including the capacity to monitor and analyze the information from insider threats. But eight years later and with growing cloud adoption, there are exponentially more ways for insiders to exfiltrate data. The truth is that most federal agencies’ insider threat programs likely are built around traditional tools like data loss prevention (DLP) products that weren’t designed to handle the modern reality of ultra-portable data and widespread collaboration and file sharing — and simply can’t keep up with today’s resulting insider risks to data.
Code42 gives federal agencies a new insider threat toolset
The In Process designation is a significant milestone in the FedRAMP authorization process. Code42 is working towards FedRAMP authorization by the fall of 2020. But as I mentioned earlier, Code42 is already available on FedRAMP Marketplace — and organizations can even begin the onboarding process today. That means all federal agencies and contractors can leverage our industry-leading backup and recovery capabilities, while also gaining access to our insider threat detection, investigation and response capabilities.
Our solution quickly surfaces insider threats to a federal agency’s most sensitive, valuable and vulnerable files and information, so security teams can respond immediately and effectively — before damage is done. The solution tracks files as they are attached to web-based emails, uploaded to web applications, and moved to USB sticks and external hard drives. As part of its offering, Code42 also preserves a copy of all versions of all files on a user’s computer. This data can be used for forensics or to recover data after theft, ransomware, hardware or software failure.
Demonstrating our commitment to the highest security standards
FedRAMP Authorization requirements include some of the very highest standards for cloud security and data security risk mitigation in the world. Code42 is actively working on FedRAMP Authorization and, once achieved, will mean that we adhere to some of the most rigorous security standards and requirements. Of course, this is meaningful well beyond the public sector: FedRAMP certification should give all Code42 customers reinforced confidence in our ability to secure and protect your data.
We’re quite proud of this achievement around the Code42 offices — and we’re excited to extend our solution beyond commercial and educational organizations to the federal government, helping to protect sensitive federal data that impact us all.