Gartner 2020 Market Guide for Insider Risk Management Solutions | Get the report →
  • Partners
    • Technology Partners
    • Reseller Partners
    • Partner Portal
  • Customer Toolkit
  • University
  • Support
Code42 Logo
  • Products
    • Incydr™ Data risk detection and response for insider threat Product Overview right arrow icon
      • Features
      • Detection
      • Investigation
      • Response
      • Use Cases
      • Remote workforce monitoring
      • Departing employee monitoring
      • IP theft detection
      • View All
      • Information
      • Product Plans
      • Deployment
      • Integrations
      • Developer Portal
      • Trust & Security
      • Services
    • Incydr™ Gov Insider Risk detection for the federal government
  • Solutions
    • Insider Risk
    • Data Exfiltration
    • Incident Response
  • Company
    • About
    • News
    • Careers
    • Leadership
  • Resources
    • Resource Center
    • Reports, eBooks, Videos
    • Events & Webinars
    • Customer Stories
    • Product Resources
    • Integrations
    • Developer Portal
    • Trust & Security
    Data Protection: Code42 vs. DLP Leave DLP behind with a better, risk-based approach to protect data. Learn more right arrow icon
  • Blog
  • Get Started
  • Partners
    • Technology Partners
    • Reseller Partners
    • Partner Portal
  • Customer Toolkit
  • University
  • Support

DATA SECURITY STRATEGIES

Stop Complexity and Resource Constraints From Inhibiting Success


5 MIN READ

SHARE

Rob Juncker

Chief Technology Officer

Two separate developments in cyber security are combining to create significant challenges for security leaders and teams – the first being the growing complexity of the security landscape, and the second is the ongoing shortage of skilled cyber security professionals.

This is no small matter. An increasingly complex infrastructure and a lack of resources to deal with it can spell disaster for companies. A survey of 577 IT security practitioners in the U.S. conducted by Ponemon Institute in 2019 shows that more than half (53%) don’t know if their cyber security controls are working. And the craziest part – they are still spending an average $18.4 million on cyber security a year.

To Continue Reading…

Share a few pieces of information and we’ll personalize your experience with us

If companies keep throwing even more money and tools at the problem, the situation could continue to get worse from a complexity standpoint. However, there are alternate solutions out there.  It is time to launch a strategy to make security simpler, automate processes, and better allocate resources.

Twin Challenges: Growing Complexity and Lack of Skills

The IT infrastructure at a typical global enterprise, or even a mid-sized company, is nothing like it was even a few years ago. Then, it was still quite common for organizations to base their IT environments at on-premises data centers and keep all critical data protected by the corporate firewalls.

Today, a growing number of companies are deploying multiple cloud or hybrid cloud strategies, often using a variety of services from different providers. The cloud promises a number of benefits, but it also adds new levels of complexity in terms of managing data, applications, access, and other areas.

Increased complexity is also coming from the burgeoning mobile infrastructures that businesses are relying on more and more. Along the same lines, the emergence of the Internet of Things (IoT), with countless connected devices, sensors, products, assets, and locations, is creating complexities of its own.

Research firm International Data Corp. (IDC) in a 2019 report said the number of devices connected to the Internet, including machines, sensors, and cameras, continues to grow at a steady pace and estimated that there will be 41.6 billion connected IoT devices generating 79.4 zettabytes (ZB) of data by 2025.

To help protect their IT environments, companies have deployed a growing number of security tools, which generate a huge volume of alerts—to the point where security teams can’t keep up. Those responsible for monitoring activities, such as the movement of data, can’t possibly watch everything that’s going on, and are at risk of “alert fatigue.”

Alert fatigue — all security teams know the feeling. Many teams become overburdened by managing multiple security tools. This leads to ignoring or disregarding the never-ending security alerts, defeating the aim of detection and response.

On top of all of these challenges, organizations continue to struggle to find and retain skilled cyber security professionals. The IT environment—hardware, software, networks, services—continues to become more complex and yet there are nowhere near enough staffers to keep it safe.

A 2019 study by (ISC)², an international non-profit membership association of certified cyber security professionals, shows that the cyber security workforce would need to grow 145% to close the skills gap. The group’s 2019 Cybersecurity Workforce Study estimates that the current workforce stands at 2.8 million professionals worldwide, and the number of additional trained staff needed to close the gap is 4.07 million professionals.

Solution: Keep it Simple

The best way to address these challenges might run counter to what many enterprises consider the normal approach to cyber security: keep it simple.

The concept of security simplicity is undervalued, because for many it might imply a lackadaisical approach to protecting systems, networks, and data. That’s not the case, however, because simplicity means fewer tools generating fewer alerts.

By scaling back on the number of tools and trying to monitor everything at all times, security teams can reduce the “noise” from all these resources and focus on the areas that are most important to the business.

Rather than try to monitor every bit of data as it moves or is acted upon through the organization, why not focus on how, when, and why data is leaving the organization? Where is this data going and how is it being used?

The alerts that really matter are the ones that indicate when a valuable document, such as customer lists, source code, or intellectual property, is going out the door.

This highly focused, simplistic, and more cost-effective approach enables security teams to better maintain visibility across their organization with fewer resources. That makes far more sense than constantly dealing with a never-ending stream of false alerts.

To help monitor data leaving the organization, and to keep the process simple for their security teams, companies need to deploy an automated solution that notifies managers when data is leaving, how it’s leaving, and what value the data has to the business.

Such a solution would detect when employees move files to removable media, Web browsers and applications, and cloud sync folders; identify files that are shared externally via corporate OneDrive, Google Drive, and Box accounts; and define alert criteria based on user, data exfiltration vector, and file count or size.

Conclusion: CISOs Don’t Need to Despair

Clearly this is a challenging time to be a security executive. There’s a lot more to be worried about from a threat perspective, far more tools in place to address these risks, an ever-growing IT environment that typically includes multiple clouds, and the complexity all of this creates.

At the same time, many security leaders are trying to figure out how to acquire the specific skills needed to meet the company’s security goals.

As daunting as this sounds, security leaders don’t need to despair. By taking a simpler approach to security, focusing on the context of data leaving the organization, and leveraging automation, they can actually get more done with fewer resources.

Rather than throwing more money at the problem and adding more resources that only add more complexity, they can do much more with less. It’s simple.

Rob Juncker

As chief technology officer, Rob leads our software development and delivery teams. He brings more than 20 years of security, cloud, virtualization, mobile and IT management experience to Code42. Although Rob grew up as a hacker, he’s happy to be on the “good side,” working alongside many CIO’s/CISO’s of Fortune 500 companies to ensure their networks and users are secure.

Code42 logo
Code42 logo

Code42

  • About Code42
  • News + Events
  • Awards
  • Investors
  • Leadership
  • Careers
  • Contact Sales

Learn More

  • Insider Risk Ecosystem
  • Reseller Partners
  • Federal Solutions
  • Higher Education Solutions
  • CrashPlan for Small Business
  • Customer Stories

Support

  • Help Center
  • Code42 University
  • Professional Services
  • Twitter Twitter
  • Facebook Facebook
  • LinkedIn LinkedIn
  • YouTube YouTube
  • Terms of Use
  • Privacy Statement
  • Impressum
© 2021 Code42 Software, Inc. All rights reserved.
Get Started with Incydr™
Contact Salesright arrow icon
We'll have an insider threat expert reach out within 24 hours
Start Free Trialright arrow icon
Try Incydr at no cost for 30 days to quickly uncover your data blindspots
Interactive Demo
Take Incydr for a spin in our free sandbox environment.
Launch the demo right arrow icon
Explore the deeper functionality of Incydr™
Contact Salesright arrow icon
We'll have an insider threat expert reach out within 24 hours
Interactive Demo
Take Incydr for a spin in our free sandbox environment.
Launch the demo right arrow icon

This website uses cookies to improve your user experience and to provide content tailored specifically to your interests. Detailed information on the use of cookies on this website, and how you can manage your preferences, is provided in our Cookie Notice. By clicking I Agree or continuing to use this website, you consent to the use of cookies. Learn more.

Code42
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

Strictly Necessary Cookies

Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.

If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.