In the security world, blocking has been around forever. It has helped organizations keep their proprietary data from leaving the four walls of their company. Before the days of unstructured data, cloud sharing, remote work and ChatGPT, heavily blocking activity was a more feasible way to protect data. You could create policies and rules about the data you cared about, where it couldn’t go and try to prevent it from leaving. But that was then.
Content-based blocking alone won’t work in today’s modern organizations
Welcome to the 21st century where people have never been more connected, more transient and more informed. Microsoft desktop applications have been replaced by cloud services. AOL instant messenger has been replaced by Slack. And Ask Jeeves could have never imagined ChatGPT. Every day workers are using cloud sharing tools like Sharepoint and GoogleDrive to collaborate on their work with others, Evernote and GoogleKeep to keep track of notes, and GitHub and BitBucket to manage source code. Today’s workforce enjoys working together on projects and ideas to create the best outcome for their organization – they work fast and often remotely. They are expected to be efficient and productive. This is why content-based blocking as a default response to data risk doesn’t work.
Blocking has traditionally been executed by creating complex policies that security professionals need to create and maintain. It creates rules that protect the data it’s told to look for, but doesn’t see anything it’s not looking for. When a traditional DLP misses critical data leaving an organization, it misses it completely. There’s no trail to look back on once the incident has been identified. This means your critical IP such as source code, customer lists and product roadmaps could end up in your competitor’s hands. Just one of these insider incidents costs organizations $15 million on average.
Not only does traditional blocking put a strain on our security team’s already scarce resources, but it also slows down the business and creates rogue employees. It creates frustrated employees who are blocked by accident while just trying to get their work done. When blocking tools require content inspection and cracking open files, it also slows down employee computers. Power users like software developers simply won’t stand for it. To them, this creates an unacceptable working environment reminiscent of waiting for dial-up internet to start.
Incydr blocks data exfiltrations based on user and destination to prevent high-risk data leaks
With Code42 Incydr, we’ve built a complete response strategy that works to prevent and correct risk without creating more work for security or employees. In this strategy, blocking finds a rightful place – which is for the most unacceptable activity driven by highest-risk users. Generally these are departing employees (who are twice as likely to take data with them when they leave), repeat offenders (employees who don’t respond to correction) and contractors. These are cases that may call for blocking, and we’ve reimagined how it should be done to remove the traditional pain points such as impact to the endpoint and time spent configuring. Incydr takes a user and destination-focused approach. You can prevent your highest-risk users from uploading files to untrusted websites, sharing files externally, and pasting text into ChatGPT.
This way of blocking not only prevents data leak, but also frees up your security analyst’s time to investigate legitimate insider threats – all while allowing the bulk of your employees to get legitimate work done. Your data needs to be protected, but that doesn’t mean the way you do it has to be stuck in the past. Incydr’s approach to blocking is exactly what the modern day workforce needs.
LEARN MORE