Proactive Insider Risk Management Amid Global Growth

CHALLENGE

Data protection without a perimeter

After a decade of continued domestic growth providing consumer financing and rent-to-own purchase options, this online financial services company was ready to take their offerings to the global stage. But expansion poses risk — particularly data risk — with more employees moving files and data in new and faster ways. To proactively address potential insider data risk, the company bolstered its security expertise by hiring a Chief Information Security Officer (CISO) to oversee technology and security strategy for its 1,100 employees.

When evaluating their risk posture, the CISO recognized that they had almost no visibility into how files and data moved between devices, users and applications in their environment – and that meant no good way of seeing Insider Risk to that data, such as potential data exfiltration. The CISO recommended they explore data loss prevention solutions to protect the company’s critical data, such as customer information and intellectual property, from exfiltration.

BUYING REQUIREMENTS

As a technology-driven company, any additional tech would have to enable seamless operations while driving cost efficiency — no exceptions. The Insider Risk solution would have to be system-agnostic, providing comprehensive visibility across the company’s Mac, PC and Linux operating systems, as well as a multitude of cloud platforms. They also needed a simple deployment, free from complex setup or painful data classification and not requiring endless policy management.

Despite the clear need, the company’s security team wondered if it was the right time to deploy an Insider Risk and data loss prevention solution. With the COVID-19 pandemic in full swing, budgets were tight and stress was elevated. Yet, the pandemic had also shifted employees to remote work — increasing data risk, while decreasing security’s visibility into data movement.

“In a perfect world without a pandemic, cost probably wouldn’t have been an issue at all. But the need was clear and with the experience and knowledge of our CISO backing us up, we were able to push it through,” said the company’s IT security analyst.

EVALUTATION PROCESS

A seamless start with Incydr

The company began exploring their options by engaging in a proof of concept with several Insider Risk Management and data loss prevention vendors, including Code42. At first glance, the company believed all the solutions were comparable in pricing and functionality. However, the Code42 Incydr™ data risk detection and response product — and the Code42 team — quickly stood out from the rest.

Incydr fit seamlessly within the company’s environment — deploying simply and working with all the operating systems and cloud platforms used within the company. The security team was also impressed with the functionality of Incydr. It delivered the deep visibility they needed across all file activity, including the ability to monitor data activity on Teams, Slack, Office 365 and OneDrive. With that visibility, they were able to understand the difference between normal and risky events and gain the context they needed to effectively investigate those incidents that required response.

Just as importantly, the Code42 team made an impression, providing exceptionally responsive and knowledgeable support and working well with the company’s security team. “If I had a question or anything that needed to be answered, Code42 was very quick,” said the IT security analyst.

Following the successful proof of concept with Code42, the company went forward with implementing Incydr for Insider Risk Management and data loss protection. The complete rollout was as quick and easy as the proof of concept had suggested. The Code42 team helped deploy the Incydr agent to the Windows, Linux and Apple machines using the company’s desktop management software. From there, the company’s IT team was able to deploy Incydr to all users with a simple push of a button. “Code42 did a lot of legwork on their end to make sure it worked with our management software. It was very easy. Boom, it’s done,” said the IT security analyst.

BENEFITS AND OUTCOMES

Deeper investigations and faster response

Today, Incydr has enabled the company to take a proactive approach to Insider Risk Management and data loss prevention. This gives the company greater confidence as they aggressively pursue global growth strategies and means they no longer have to wait to act until the signs of an insider incident finally emerge.

Additionally, the security team now has deep and comprehensive visibility across all of their operating systems and cloud platforms and high-fidelity alerts that help them quickly differentiate the real risks from normal behavior. Incydr’s focused lenses help them monitor their greatest risks — such as new employees, departing employees, or employees with access to high-value data — making their security team better able to prioritize those risks.

From there, the deep context around data activity provided by Incydr enables them to rapidly investigate identified data risk and determine a right-sized response.

The silent Incydr agent gives this financial services company visibility of data movement all the way to the endpoint, helping them get the context they need to further investigate and, ultimately, prevent data loss — all without impeding the productivity, collaboration and innovation of their users.

“Code42 offers everything we were looking for in data loss protection. Plus their team was very, very good to work with,” said the IT security analyst. With the support of Code42’s team and the power of the Incydr product, the security team has confidence it can effectively address Insider Risk, even as they grow and expand across the world.