Skip to content

Finally, a DLP for Macs

…in a post-COVID-19 era

As we cautiously enter 2021, we find ourselves in a completely new reality, faced with newer security challenges. The almost overnight global transition to remote working as a result of COVID-19 has spearheaded most of these challenges. But none has quite captured the breach headlines as much as Insider Risk did in 2020. Our 2021 Data Exposure Report found that employees are 85% more likely today to leak files than they were pre-COVID.  Data portability in a completely virtual world has posed all kinds of visibility challenges for security teams.

The same security teams generally agree that Data Loss Prevention (DLP) solutions simply weren’t built to tackle this new work reality. One of my favorite recent quotes to capture this sentiment is “The 90s called, they Want their DLP back”. When you couple this reality with the enterprise growth of Mac, I understand the cause for panic!     

Data Loss Prevention (DLP) solutions never accounted for the Mac phenomenon and were not designed with them in mind. As a result, legacy DLPs (as the market has embraced calling them these days) often approach Macs as an afterthought rather than a core strategy. Security is at the forefront of people’s minds as more data is captured around the threats that companies of all sizes are facing on a daily basis, but that shouldn’t ever be a reason that a company shies away from adopting Mac. This was core to a panel session that Code42 hosted alongside our friends at CrowdStrike at the 2019 Jamf Nation User Conference session.

Customer opinions of their DLP for Macs continue to be unfavorable. Naturally, we continue to ask why.

  1. No Support – Mac updates can be fast and furious. Unfortunately, DLP has traditionally struggled to keep up with those updates. The result? Errors, Kernel panics and increased risk for data loss.
  2. No OS Consistency – We often forget that today’s businesses often use both Mac and Windows. DLP has traditionally maintained a very Windows-centric approach that has made the Mac experience secondary and inconsistent with Windows. Having two sets of users with varying levels of data risk is never good.
  3. It’s Slow – The number one issue often stems from performance-sucking agents that bring the productivity of Mac users to a screeching halt.
  4. Kernel Panics – This is worth reiterating. Macs are sensitive to anything that poses a threat, so whenever perceived unsanctioned DLP software threatens Mac, it means reboots and an increased risk of downtime.
  5. It’s Complicated – Traditional DLP still relies on legacy hardware and manual updates, which is time-consuming and expensive.
  6. It’s not the 1990s – If you had a rulebook, wrote policies and even classified data, that approach is simply no longer applicable. Welcome to 2021!  

Approach Matters

The approach we take is Insider Risk Management.  

Insider Risk Management (IRM) helps security teams bridge the gap between an innovative, collaborative and cloud-based culture and data risk. Unlike old-school approaches like DLP that rely on traditional identify, classify, block methods and disrupt employee productivity, IRM is cloud-native, non-disruptive to employee collaboration and productivity and takes into account all data, all vectors and all users.

IRM empowers security teams to reduce data risk exposure and prevent data exfiltration. With an IRM approach, CISOs are armed to secure the collaboration culture, deliver true business value and transform their team – freeing them from the frustrations of policy maintenance to focus on improving the organization’s overall Insider Risk posture and security maturity. 

With a product we aptly call Incydr

Incydr allows you to detect and respond to data risk caused by those inside your organization. This includes exposure and exfiltration activities on computers and via corporate cloud and email services. The foundation of Incydr’s ability to speed insider risk detection and response comes from monitoring all file activity regardless of what is considered acceptable or unacceptable by the security policy. Incydr logs every file event and enriches it with context on the vector, file and user to determine what represents real risk. This allows Incydr to not only reduce alerts and investigation time, but also remediate risk that goes unnoticed by DLP.

For more information on why traditional DLP and other traditional security tools are failing, read our latest report with Forrester.