What’s more valuable: a screw or a screwdriver? It may sound like a complicated, philosophical question, but there’s a pretty clear answer: the screwdriver. The screw has one real function and solves one problem: fastening two items or surfaces together. The screwdriver, by contrast, is a tool: it has many functions and can be used to solve an endless range of problems.
In the data security world, a lot of products like to call themselves “tools,” but in practice, their functionality is relatively specific — more like the screw. These products, like screws, can play critical roles in holding everything together, but the most valuable type of security tool proves its value by solving new challenges as they emerge. This article compiles just a few of the novel ways that Code42 customers are leveraging the Incydr data risk detection and response product to solve their own emerging challenges.
1. Protecting their highest-value data
At Code42, we believe that it’s not only the regulated or classified data that’s important but rather all data matters. The reliance on digital collaboration has dynamically changed the way we work, often resulting in the value of a file rapidly evolving — going from work-in-progress one day to critical competitive advantage the next. Nevertheless, most companies do have some data that is clearly, consistently of the highest value to their business. Security teams know they need to focus on this high-value data, but there are two challenges:
- Intellectual property (IP), one of the most valuable types of data, is difficult if not impossible to protect through traditional classification and policy-based approaches, forcing security teams to think differently about how they protect IP.
- Valuable data is increasingly dynamic and mobile. It can’t be locked in a secure location — the sharing and iteration of high-value files is at the core of how businesses work today. This means security teams must hone in on the signals of risk so that they can separate legitimate and necessary data movement from risky movement.
How Code42 customers address these challenges: Assessing risk in new ways
Security teams are working with line-of-business (LOB) leaders to gain a better understanding of how their high-value data can be recognized within their environment. This collaboration helps security teams to understand the nuances across their own organization when it comes to determining what data is of high value and what are the strongest indicators of risk.
Savvy security teams are using Code42 Incydr to take a smart, new approach to assessing risk across different facets:
- By department or user group: A company may know that its marketing team typically does not have access to high-value data, whereas its engineering team does. So data exfiltration from a member of the marketing team is considered to be less risky than data exfiltration from someone on the engineering team.
- By cloud sharing app: Many companies support one corporate-sanctioned cloud collaboration platform, but some may have multiple with designated uses. For example, one customer uses Google Drive for daily collaboration, and Box for storage of finished, high-value work. For this customer, data being exfiltrated from Google Drive is likely legitimate collaborative work, whereas data shared externally through Box is a clear red flag.
- Contextual risk: There are many situations where one factor doesn’t indicate high risk on its own — but the combination of two or more factors does. If an engineer who is traveling overseas moves 200 gigabytes of data onto a USB, it’s a stronger risk signal than simply knowing that 200 gigabytes of data was moved to a USB. In this example, a Code42 customer would add the engineer who is traveling overseas to Incydr’s high-risk lens for the duration of their travel. Doing so will provide the security team with multivariable risk context, helping them focus on what is high-risk for their unique organization.
By relying on Incydr to surface signals of risk such as the ones outlined above, security teams are able to tune out the noise of sharing for legitimate work and gain precision in detecting risk indicators.
2. Protecting successful mergers & acquisitions (M&A)
Perhaps nowhere is our belief in the value of data more clearly supported than in the case of an M&A. A merger or acquisition comes down to the value that the sell-side company can offer to the buy-side company. And as Deloitte tells us, 80% of the typical company’s value lies in its IP — source code, design files, customer lists, proprietary market strategies, etc. Companies should be focused on their data during an M&A for three key reasons:
- The success of the deal depends on the integrity of the data: Data exfiltration — before, during or immediately after a deal is done — can cause the deal to fall apart completely. The more common and more sinister problem is that undetected data exfiltration leaves the post-M&A company struggling to reach its projected value — because some (or all) of its competitive advantage was leaked during the deal. Moreover, data exfiltration is more common during an M&A because of the next two realities.
- Increased turnover means increased risk: M&As often trigger staff turnover. Declining employee loyalty can influence workers to quit in the lead-up to or in the months after an M&A. In addition, role redundancies can lead to layoffs and overall uncertainty. Whether or not layoffs are involved, employees get nervous about job stability. They’re more likely to begin looking elsewhere — and even use company data to help them land a new job. The 2019 Code42 Data Exposure Report found that two in three departing employees knowingly take company data when they leave, and most companies do not have the tools and processes in place to protect data during this high-risk time.
- Executive turnover is particularly risky: An M&A deal often leads to a restructuring in the C-suite, as well. Departing executives are an extremely big risk, simply because these users typically have access to the most valuable and most sensitive data and files. We’ve all read headlines about a high-level executive taking trade secrets and jumping ship for a competitor.
How Code42 customers address these challenges: Monitoring acquired-company data
Companies are using Incydr to proactively mitigate data risk during M&A — giving them visibility into the data they are paying for so they can keep it and protect it if it is threatened. Buy-side companies silently roll out Incydr’s agent to all users in the acquired organization. As soon as the agent is deployed, the security team has visibility to where data lives and moves within the sell-side company environment. They are able to detect if someone on the development team moves source code to a personal cloud storage account, or if the vice president of sales puts a customer list onto a USB drive. With this insight into data risk, security can immediately work with HR and legal to determine the right response based on the situation.
3. Rapidly enabling remote workforces
Enabling remote productivity — giving users the ability to connect, create, share and collaborate, anytime, from anywhere — is both foundation and fuel for a successful collaboration culture within an organization. Forward-thinking companies simply can’t afford NOT to enable remote work — but this necessary and inevitable shift comes with its own set of unique risks. The global pandemic of 2020 has forced many companies to make the jump to a largely remote workforce all at once — creating a data security nightmare across multiple fronts:
- Many users may have moved important files from the company server to their desktop or personal cloud storage before beginning to work from home.
- Shadow IT applications may start to arise, indicating gaps in corporate tools or training.
- Corporate sanctioned cloud applications may be misused due to lack of training and a lack of awareness of the security risks.
- Conventional security tools leave security teams with little to no visibility into off-network data risk, such as web uploads and cloud sync apps.
How Code42 customers address these challenges:
Security teams are using Incydr to rapidly gain deep visibility into endpoint, cloud and web data movement, regardless of whether devices are on- or off-network. They’re leveraging the risk exposure dashboard, within Incydr’s data security solution, to get a near-real-time picture of risk indicators specific to remote workers, such as web uploads, and USB and cloud-sync activities. And they’re using this context-driven data risk intelligence to make smart, fast decisions about how to prioritize investigations and identify Shadow IT risks among their remote users.
Agile solutions start with agile tools
This last use case — enabling remote workforces — demonstrates the true difference of an agile, multi-faceted security tool like Incydr. Before 2020, no one in the world would have imagined that the majority of the global workforce would suddenly be forced to go remote in a matter of days. But the core principles of Code42 — empowering the collaboration culture in a world where all data matters — have led to a set of forward-thinking functionalities and capabilities that are readily adaptable to new, rapidly evolving and sometimes completely unforeseen data security challenges.