Poof! Just like that the very security perimeter organizations built around infrastructure, network and endpoints to keep corporate data safe is gone. Yes, we all have been saying the perimeter is gone for what feels like years now. But now, it’s really gone, and we would argue for good. COVID-19 has turned our world upside down. What started as a health crisis became an economic crisis followed by a security crisis The very thing the conventional perimeter was designed for—data security—is gone. Welcome to the next-normal. Data security for the next-normal will be defined by three brutal truths.
Three brutal truths about conventional data security
The reality: We have a security crisis on our hands. The old-school ways that we follow to protect data from loss, leak, theft, sabotage no longer fit the new way we work. Our challenge as an industry is to rethink, reimagine and rebuild what data security means in what we contend is not the new normal, but the next-normal.
1. It’s impossible to identify, classify and create policies for all of your sensitive data
Almost all conventional data security tools are based on three core tenets for them to be effective, First, identify where all your sensitive data is. Second, classify your data. And finally, set policies, rules or other admin-defined parameters to block it from leaving the organization. These tenets have become the foundation for the category everyone loves to hate—data loss prevention. Here is the irony. As a security leader, the efficacy of any conventional data security you purchase rests not on the efficacy of the security vendor you selected, but entirely on the foresight of your security team. The reality is that security teams can’t possibly know where all sensitive data lives. No one can. So, tenet one of conventional data security sets you up for not only a false sense of security, but failure.
2. It’s incredible to think you will get away with blocking user productivity and collaboration
Hypothetically, for fun, let’s say you could account for every sensitive file in your organization, you can’t just lock down all these files. A lot of this information is living among collaborative users and cross-functional teams, partners, consultants, even customers. This brings us to fatal flaw two: blocking. You realize this quickly as waves of employees storm the security department with pitchforks and torches exclaiming, “You’re preventing me from getting my work done!” So you end up writing all sorts of exceptions to your security policies, or more commonly, turning off blocking altogether—aka run in “monitor mode.” In the process, you’ve taken the very teeth out of the policy-based, prevention-centric security tools you’ve invested in to protect your organization.
3. It’s unfathomable to believe prevention strategies erase all sensitive data vulnerabilities
The third brutal truth of conventional security tools like DLP: You don’t know when you’ve been beaten. If a file event happens off the corporate network, or the employee action falls outside the defined rules or policies, you won’t see it. According to the Code42 Data Exposure Report 2020, 37% of employees use unsanctioned tools on a weekly basis to get their work done. In practice, that means users are already finding ways around classification and policy-based prevention methods; and you have no idea, which leaves your corporate data vulnerable.
Data vulnerability has never been more rampant than it is today. While conventional data security is intended to stop data threats and mitigate risks, they do nothing to shine a light on your data vulnerabilities. Ironically, the identify, classify and policy-based approach in essence creates data vulnerabilities by providing a false sense of data security. Let’s face it, conventional solutions like DLP no longer meet the needs of today’s workforce, which is more mobile, self-sufficient, productive and collaborative than ever before. Given the current market conditions, the harsh reality is data vulnerabilities are not going to subside anytime soon. Work from home is here to stay; employees will always use the tools they want to get their jobs done; and like it or not, the corporate workforce is in a constant state of change.
To Continue Reading…
Share a few pieces of information and we’ll personalize your experience with us