We are witnessing the largest shift in work culture in our lifetime. And it’s putting remote work and collaborative technologies to the test at a scale that we have never seen before. Everyday the news is bringing us stories about more employees who are logging in from their kitchen table to email, slack, airdrop and message their colleagues. And while they are all focused on getting their work done, what might not be so apparent, is that they are also opening up their companies to heightened data risk.
The simple truth is old-school technologies that were designed to prevent data from moving outside traditional security perimeters were never built to safeguard collaborative workforces. And if they weren’t equipped to protect routine cloud collaboration, how can they possibly handle the highly distributed workforces and huge influx of remote workers we are seeing today.
The implications? This unprecedented situation is going to shine a light on gaps in the security stack that have existed for some time. So what can companies do to help secure this growing remote work culture?
Embrace the wave of collaboration
For starters, it means embracing the collaboration wave. The growth of remote work did not just start this month, it has been gathering steam the past dozen years. A survey by Global Workplace Analytics and FlexJobs states that remote work has grown 159% over the last 12 years.
Collaborative work cultures definitely have their advantages. That’s why making it easy for employees to connect and get their jobs done — whether they’re in the office, on the couch, or at the coffee shop — has moved to the top of the to-do lists for many c-suites. In fact, according to the Code42 2019 Data Exposure Report, workforce culture ranks first among CEO, CIO and CHRO strategies and priorities. Why? CEOs, CIOs and CHROs are changing corporate culture in order to move faster. The more productive a workforce; the greater the payoff on the bottom.
Don’t let the inside be the blindside
Certainly, collaborative technologies — like Slack, Box, Microsoft Teams and OneDrive — are making it easier for remote workers to legitimately share files. The challenge, however, is they’re also making it easier to exfiltrate data, such as product ideas, source code and customer lists.
Imagine how easy it is for an employee working from home to flip between personal and corporate cloud accounts like Google and Slack as part of their daily routine. Granted, some employees have malicious motivations. However, for the most part, its workers with the best intentions who will login to the most convenient tools at their disposal to get their jobs done — often without realizing the added data security risks they are creating for their company.
The challenge is businesses are empowering employees with technologies for collaboration without having the proper security programs in place. Without the right technology, security teams are unable to detect and track files as they move between corporate and personal accounts. This leaves the files that employees create and share everyday vulnerable — and businesses open to insider threats.
The following stats paint a telling picture:
- 89% of CISOs believe a fast-paced culture puts their company at greater data risk. (Source: Code42 Data Exposure Report 2019)
- In the last 12 months, 66% of data breaches were inside jobs. (Source: Code42 Data Exposure Report 2019)
- Only 10% of security budgets are dedicated to insider threats.
Bottom line: Insider risk programs are too often overlooked and underfunded – something that needs to change in this new era of collaboration.
Recognize that the culture shift requires a technology shift
So the question is. . . is it possible to have collaboration without compromise? Absolutely! Empowering employees to work-on-the-go does not have to come at the expense of the safety of data — that is, if companies are willing to shift how they think about and approach security.
The lesson many companies have already learned is that traditional, prevention-based approaches to data security that focus on blocking are failing to protect data when workforces are highly distributed and reliant on the cloud to collaborate. In the Code42 2019 Data Exposure survey of 1600 business and IT leaders, 69% admitted that their organizations suffered an insider data breach at the same time they had a prevention solution in place. Not only were the organizations breached, but 73% admitted it takes months to discover, investigate and respond to a data breach.
Think about it. Legacy solutions are busy trying to block access to files when the rest of the remote workforce is busy sharing. The approaches are working in direct opposition to one another. That’s why a new data security strategy is needed — one that fosters rather than tries to deter collaboration and productivity.
At Code42, we believe data security should be defined not by what you can prevent, but by how fast you can detect, investigate and respond to the inevitable threats to data security. Fans of traditional prevention solutions will say: but if I can’t block, how can I prevent data from leaving? The truth is, data is already leaving. What is needed is a solution that offers complete visibility to where data lives and a high fidelity signal when it moves and leaves.
If there is anything that we’ve learned during these past several weeks, it’s that the collaboration culture is here to stay. What we need to understand is that properly securing it is going to look different.