Professional services organizations face a unique set of challenges when it comes to Insider Risk. From securing a large number of contract workers to protecting client data to monitoring their environment without negatively impacting productivity, these challenges make it all the more important that their security teams have visibility over their environment without creating roadblocks for employees.
When one Code42 customer began their journey to better understand data movement and address data exfiltration, they realized just how much they needed a solution that took these challenges into account.
Our customer is a financial consulting organization where the vast majority of their workforce is made up of consultants and contract employees. Before implementing an Insider Risk Management tool, their security team realized they had no way to know what data these consultants were using, how it was moving or even if it was leaving the organization with them.
Even when they became aware of data exfiltration, it was after the fact. In one instance, they found out about an exfiltration event months after it happened and were forced to rely on expensive, third party services to attempt to fix the damage.
In another situation, a former employee took financial data with them when they departed. Shortly thereafter, that former employee’s new organization reached out to offer their services based on the exfiltrated financial information. Without the other organization’s brazen tactics, our customer would never have known about the exfiltration, much less been able to mount a response.
Addressing the problem
Knowing they needed increased visibility to protect all data and prevent exfiltration, the security team began to consider their options.
Right away, they knew traditional DLP (Data Loss Prevention) solutions would not be effective in their environment. Due to the number of consultants on their team, it was unrealistic to establish and maintain rules-based monitoring without hampering the productivity of their organization.
Along with that consideration, they also knew that implementing a DLP solution would be a heavy burden on both their devices and on their team’s time, as managing those systems requires constant updates and frequent exceptions. Not to mention the risk of exceptions to DLP rules creating new vulnerabilities in their environment.
With all those factors working against traditional data protection approaches, the team decided on a different approach.
As soon as this customer signed on for a trial of Code42 Incydr, they knew they had found a solution that could give them the visibility they craved. They not only wanted to know if data was leaving their organization, but also to know how data was moving through their environment in general. Only Incydr could offer them that level of visibility to keep their data safe, while still being easy enough to use and administer that it didn’t put any undue burden on their small security team.
From the first day of their trial period, they were shocked to see the amount of data at risk and where it was moving. They immediately saw a large number of files being exfiltrated to unsanctioned cloud storage and were able to take action right away and remind their employees of their established security best practices.
Incydr helped them identify and respond to that risk before it became a breach, and they continue to use the information in Incydr to identify which security practices needed to be reinforced in the organization.
They’ve also found an immense amount of value in Incydr’s Departing Employee Lens, which allows them to monitor file movement at a time when they know data is at high risk of exfiltration. Before using the Departing Employee Lens, the security team had no visibility into what data someone might take when they left the organization. Now, they’ve established a process that allows them to monitor departing employees and respond to incidents before the damage is done.
Results after using Code42 Incydr:
- Gained full visibility into data movement across all vectors and all users, mitigating the risk of data exfiltration as well as giving clarity into where and how key data was moving.
- Established a proactive Insider Risk Management process and better positioned the security team as a partner to the rest of the organization, rather than a block to productivity.
- Saved cost of responding to incidents after the fact and eliminated the need for 3rd party investigation resources to retroactively investigate after damage was already done.
Today, this organization can finally see where their data is moving regardless of whether it lives with a consultant or a permanent employee. They can proactively address any potential risk factors that may lead to exfiltration and they’ve also increased their collaboration with the rest of their organization. Through all of this, they’ve also found that their security team can now spend their time responding to incidents without the need to constantly update rules or make exceptions to security standards. With Incydr, this financial consulting firm has established a proactive data protection strategy designed to enable employee collaboration and provide the visibility necessary to keep their data secure.