Last week in the first of a two-part series, I shared a blog about Insider Risk management and its growing importance especially now when so many organizations are dealing with constant changes related to the pandemic. Remote work. Longer hours. Burnout. Use of unsanctioned tech. Cloud-based collaboration. Worn out security practices. These cultural dynamics along with the drive to innovate and work faster are introducing more Insider Risk to the people, technology and data needed to run a healthy company. Today, 89% of CISOs believe the fast-paced culture model of their organizations puts them at greater risk of data breach. (Code42 Data Exposure Report 2019)
In this week’s follow-on blog, I’ll share some thoughts on how to tackle these Insider Risk challenges by applying Gartner’s integrated risk management (IRM) methodology to data protection. It’s an approach that Code42 aligns with and one that will help you keep pace with collaboration without jeopardizing the safety of data.
A lesson from the National Football League
To start, let’s look in a not so obvious place. The National Football League (NFL). In a previous post, I used the analogy of the NFL. I talked about how the NFL’s pace of play is getting faster and faster; and how that speed poses more risks to the integrity of the game and the safety of the players. All of this has changed the way the game is refereed. Referring has evolved not only to keep pace with play, but also to manage the risks to the game and prevent harm to the players. We see the same paradigm when we look at the speed in which corporate cultures rooted in cloud, collaboration and remote work operate and the corresponding need to evolve data protection.
The massive move to cloud, collaboration and remote work—the very digital transformation 80% of organizations are driven to foster—fundamentally speeds the pace of business and with it new ways to prevent risks to the organization and its data. As a result, progressive CISOs, like NFL referees, are evolving their security strategies from a Governance Risk and Compliance (GRC) approach to an IRM approach.
What is integrated risk management?
Gartner defines IRM as “a set of practices and processes supported by a risk-aware culture and enabling technologies, that improves decision making and performance through an integrated view of how well an organization manages its unique set of risks.”
In other words, IRM is about mitigating the risks of culture. In order to understand culture, IRM CISOs have to first understand the behavioral dynamics of the culture and the Insider Risks those dynamics introduce to the organization. We unpacked this idea and the related Insider Risks in last week’s blog and go deeper in our new data security book Inside Jobs: Why Insider Risk Is the Biggest Cyber Threat You Can’t Ignore.
How to put integrated risk management into practice
According to Gartner, there are six core components to an IRM methodology:
- Strategy: Enablement and implementation of a framework for effective governance and risk ownership with continuous improvement
- Assessment: Identification, evaluation and prioritization of risks
- Response: Identification and implementation of mechanisms to mitigate risk
- Communication and reporting: Tracking and informing stakeholders of risk response
- Monitoring: Tracking objectives, accountability and effectiveness of risk mitigation and controls
- Technology: The design and implementation of an IRM solution (IRMS) architecture
To understand the full scope of risk, Gartner recommends that security leaders address all six components. Code42’s approach to Insider Risk management makes this process easy. Here’s how our core capabilities map to Gartner’s framework.
Code42 Insider Risk Approach:
- Insider Risk Exposure: Discover critical data threats and vulnerabilities inside the organization (Strategy in IRM)
- Insider Risk Indicators: Develop a methodology to identify, assess and prioritize Insider Risks to data (Assessment in IRM)
- Detection and Response: Document processes to detect, investigate and respond to Insider Risk events (Response in IRM)
- Insider Risk Program: Determine the stakeholders involved in the process (Security, IT, HR, Legal, LoB) (Communication and Reporting in IRM)
- Insider Risk Metrics: Define how to measure, report and improve your overall Insider Risk posture (Monitoring in IRM)
- Insider Risk Framework: Deliver a cloud-native and integrated Insider Risk architecture (Technology in IRM)
A game plan for the future
Insider Risk is more dynamic and pervasive and largely hidden from the data protection systems we have in place today. It’s time we acknowledge that the era of command and control is over. It died the day cloud-based collaboration was introduced and that was more than five years ago.
As organizations build cultures rooted in speed, the more cloud-native, collaborative and unfortunately compromised the organization can become. That said, CISOs must appreciate the behavioral dynamics (people, technology, data) of the culture and the risks they introduce. It’s what we call Insider Risk at Code42 and to mitigate it, we must first understand how to manage it.
Taking an IRM approach to data protection is one way to keep up with the pace of play while protecting the integrity of the game and the safety of the players.
Learn more about Code42’s approach to detecting data exfiltration.
Read the 2020 Code42 Data Exposure Report.
Get a copy of our book: Inside Jobs: Why Insider Risk Is the Biggest Cyber Threat You Can’t Ignore