Skip to content

Microsoft + Code42 Ignite the Focus on Insider Threat

The entire Code42 team had a great time attending Microsoft Ignite in Orlando. Microsoft Ignite brings together more than 25,000 attendees who have keen interests in software development, security, architecture and IT. I have to tell you, before going to Ignite, I held preconceived notions that attendees would hold a clear bias toward IT challenges and not the broader challenges facing enterprise security.

Fortunately, I was mistaken, and it quickly became
apparent that security and cloud concerns were a big part of the conversation. For all of us at Code42, that meant we were in store
for an exciting week. We came to Ignite with a significant announcement – our new
with Office 365 email

More tools to mitigate insider threat

Why integrate Code42 with Office 365 email? There are a
couple of reasons. First, while there’s been plenty of talk about the demise of
email as the top communication platform, the reality is the amount of
confidential and proprietary information sent via attachments every day in
email is mind-boggling and enterprises need better controls. Second, while
Office 365 email does provide ways to create email policies and flag risky
emails, Code42 provides complementary insights and valuable investigative
information into the who what, when and why (as I like to call it) around the files.
This is just another way Code42 helps our customers to mitigate insider risks.

We also showcased some new Code42 capabilities that enhance the workflow for departing employee data exfiltration detection. As you may already know, managing the data exfiltration risks associated with departing employees has been a significant effort for Code42. When it comes to mitigating insider threats and data breaches, it turns out that departing employees are notorious for taking trade secrets, confidential information, and other types of intellectual property with them as they leave organizations for new companies.

The departing employee challenge is exacerbated by the following: first, most organizations don’t have a data exfiltration mitigation policy in place for departing employees; and second, there typically aren’t technology or applications available to assist in the departing employee workflow. This is precisely why Code42 developed and released its new departing employee workflow capabilities.

Being able to showcase such powerful new capabilities and seeing
the positive reactions from such a large crowd, was one of the most rewarding
parts of Ignite for me. Of course, Code42 SVP Rob Juncker got us off to the ideal start with a session mainly dedicated
to insider threat and the importance of having a well-defined off-boarding
process to protect valuable IP when employees leave.

The new capabilities were a hit among attendees. But, more
importantly, to me, the new departing employee capabilities were the catalyst
for conversations into understanding current departing employee workflows. These
conversations largely confirmed what we’ve been saying here at Code42: that typical
departing employee workflows are either under-developed or non-existent. No
wonder insider threat continues to be on the upswing!

While Ignite gathers an IT-centric audience, what we
learned is that when it comes to insider threat, multiple departments are part
of the conversation. It isn’t uncommon to expect IT, security, compliance as
well as HR teams to be in the mix when figuring out the best course of action
to manage insider threat.

Demos, doughnuts and a customer’s personal account

We were also fortunate to be joined by one of our
customers, David Chiang, an IT system engineer at
semiconductor provider MACOM. David presented on how MACOM relies
on Code42
to detect, investigate and respond to insider
threats and file exfiltration. He framed the departing employee threat
perfectly when explained how, when a departing
employee tells MACOM that they’re “just taking personal pictures,” MACOM can now (thanks to Code42) look back and validate
if that’s so. “If we access the files and find that it was company property,
the conversation changes,” he explained.

And under those circumstances, that conversation should
change. The problem is that too many – actually, the vast majority of
organizations – don’t have such process and technology in place to provide
themselves that level of visibility. Hopefully, our data security and departing
employee announcements, an excellent and in-depth story from one of our
customers on their success (over some excellent mini donuts) resonated and will
change some of the status quo for the better.

While Code42 went into Microsoft Ignite with an intent to
learn and educate around regarding the insider threat, it turned out we weren’t
alone. There were two other significant announcements that reinforced the importance
of mitigating insider threats. The first of those was Proofpoint’s
acquisition of ObserveIT
. Why? Because ObserveIT has been in the
insider threat space for quite some time, and this acquisition is clear validation
that Proofpoint views insider threat as an integral expansion of their security
portfolio moving forward. The second announcement was from Microsoft itself.
Microsoft unveiled its Insider
Risk Management
tool within Office
365 that is designed to help identify and remediate threats coming from within
an organization.

I’m happy to say that the many announcements, as well as attendee interest and conversation around the issue, give me hope that insider threat programs are about to take center stage when it comes to managing enterprise data risk. And next year, Microsoft Ignite 2020, is bound to dig even deeper into the insider threat and all of the associated risks. We can’t wait to be there.

You might also like: