Gartner 2020 Market Guide for Insider Risk Management Solutions | Get the report →
  • Partners
    • Technology Partners
    • Reseller Partners
    • Partner Portal
  • Customer Toolkit
  • University
  • Support
Code42 Logo
  • Products
    • Incydr™ Data risk detection and response for insider threat Product Overview right arrow icon
      • Features
      • Detection
      • Investigation
      • Response
      • Use Cases
      • Remote workforce monitoring
      • Departing employee monitoring
      • IP theft detection
      • View All
      • Information
      • Product Plans
      • Deployment
      • Integrations
      • Developer Portal
      • Trust & Security
      • Services
    • CrashPlan Cloud Endpoint data backup & recovery for the enterprise
  • Solutions
    • Insider Risk
    • Data Exfiltration
    • Incident Response
  • Company
    • About
    • News
    • Careers
    • Leadership
  • Resources
    • Resource Center
    • Reports, eBooks, Videos
    • Events & Webinars
    • Customer Stories
    • Product Resources
    • Integrations
    • Developer Portal
    • Trust & Security
    Data Protection: Code42 vs. DLP Leave DLP behind with a better, risk-based approach to protect data. Learn more right arrow icon
  • Blog
  • Get Started
  • Partners
    • Technology Partners
    • Reseller Partners
    • Partner Portal
  • Customer Toolkit
  • University
  • Support

INSIDER THREAT

Faster Unstructured Data Discovery: 4 Steps to Greater Visibility & Faster Response


7 MIN READ

SHARE

Unstructured data poses new challenges for security and legal teams

When it comes to responding to major incidents or risks to the company, security and legal teams have always worked closely. Security manages day-to-day risk in the organization — and relies on legal to add another layer of protection for the business in the event of more serious risk. Legal relies on security to provide relevant details to expedite response.

But here’s what’s throwing a wrench in that coordinated response: the most valuable information most organizations have is now unstructured data — source code, design files, customer lists, market strategy and other trade secrets that drive competitive advantage. And the biggest threats to that unstructured data are now internal — their own colleagues.

The Changing Risk Environment Graphic

Investigations are too long — response is too slow

Security teams are increasingly realizing that their existing security tools and processes fail to give them the immediate visibility they need to investigate users’ risky activity and answer the critical questions around who, what, when and where. They’re resorting to ad hoc investigations that take too long and cost too much — and ultimately leave legal without the ability to respond in time to stop potential damage to the business.

This guide outlines four simple steps for accelerating and enhancing your search for the relevant needles in the exponentially growing digital haystack of unstructured data. Arming your security and legal teams with a smarter approach to seeing and investigating risky activity is a powerful strategy for mitigating the growing insider threats facing your organization.

To Continue Reading…

Share a few pieces of information and we’ll personalize your experience with us

Structured data — structured protection

Traditionally, the most valuable and sensitive data in an organization existed in structured formats — things like customer records, patient records, payment information, etc. For security and legal teams, the approach to protecting structured data is very, well, structured. Structured data has defined formats that can be easily recognized — so its movement can be easily monitored and controlled. Because of this, the scope of protected, structured data is also easier to define. Conventional data security tools are built for this task — and modern DLP and CASB products are incredibly smart, sophisticated and just-plain-good at providing a structured approach to protecting structured data.

The problem with unstructured data

Protecting unstructured data requires a much more flexible and comprehensive approach. You’re dealing with a much bigger digital haystack than you ever imagined, thanks to three key factors:

It’s hard to define.It lives everywhere.It’s user-controlled.
There aren’t neat and tidy formats, definitions or boundaries around what your valuable, unstructured data is, where it lives and how it moves. Moreover, those definitions and boundaries evolve in real time. A file can go from early-stage, work-in-progress to highly sensitive trade secret in a matter of weeks or even days.Unstructured data lives everywhere — not just within structured internal networks. More and more of it is created, iterated, shared and stored in the cloud — and sometimes that data never touches an internal network or device.Unstructured data is both the fuel and the product of modern productivity, collaboration and innovation. It’s the work that your employees are doing — and the value they’re creating — every day. And that means it’s fully controlled by your users. They need to be able to create, move and share unstructured data — or work, as we know it today, simply doesn’t happen.

Conventional security tools aren’t built for flexibility

The same functionalities that make conventional security tools like DLP and CASB so good at protecting structured data mean that they are fundamentally not built for the kind of flexible, comprehensive approach needed to monitor and protect unstructured data. 

HOW CONVENTIONAL SECURITY TOOLS FALL SHORT:

They only look for what you tell them to.Their rules are rigid.They can’t see into the cloud.
Conventional security tools are built around prevention. But they only protect what you tell them to protect, and they only prevent what you tell them to prevent. The evolving nature of unstructured data and the creativity of your users mean that you simply can’t think of everything — leaving gaps in your prevention policies.Conventional security tools use rigid if/then logic to block risky user activities. They’re unable to consider the context surrounding an activity, so they leave security teams choosing between alert fatigue or a laundry list of policy exceptions that present their own risks.Conventional security tools weren’t built for the modern cloud- and web-driven world of work. Their visibility and blocking capabilities are largely limited to on-premises data and activities — leaving a huge gap for cloud activity.
You don’t know when you’ve been beaten.You’re overwhelmed by noise.You’re flying blind.
When a user does something you weren’t watching for — whether it’s a creative workaround, or just a file you hadn’t considered — you’re left unprotected.Your users are constantly moving, sharing and iterating on valuable files — and you’re trying to find the signal of risk amidst the incredible noise of legitimate everyday productivity.A user can create and share a highly valuable file — a product roadmap presentation, for example — entirely in the cloud in minutes. And you have zero visibility.

Result: Security can’t answer the big questions

Applying a conventional, structured approach to unstructured data leaves dangerous gaps in visibility and control — and leaves security unable to quickly answer the big questions that drive a coordinated security and legal response to risk:

  • What happened?
  • Who tampered with data?
  • Who accessed files?
  • Did they modify the files? When?
  • Did they move files? When and where?
  • If they moved them, who else had access in that new location?

4 steps to finding — and protecting — the needle in the haystack

The amount of unstructured data is growing exponentially in the typical organization, rapidly expanding the digital haystack that security and legal teams must contend with. Having the immediate visibility required to rapidly answer these questions – quickly unravel the full story around risky activity – is critical to enabling a rapid response that effectively mitigates risk to the data and the business. Here are four actionable steps to begin building an insider threat program that delivers the capabilities you need to quickly find and protect the valuable needles in your expanding digital haystack:

1. Focus on comprehensive visibility. Visibility is the foundation for smarter, faster investigation and response. That’s why the first step is to put tools and processes in place that give your security team comprehensive visibility of all data — both structured and unstructured, on-premises and in the cloud, on local devices and mobile devices, etc. Because your most valuable unstructured data can change from day to day, month to month and year to year, you need to build your program around the premise that all data matters.

2. Identify your valuable data. While the bounds and definitions of your most valuable unstructured data are fluid, that doesn’t mean it’s not worthwhile to at least identify your known valuable unstructured data as it exists today. Security teams should work with line-of-business (LOB) leaders to make lists of the most valuable — and most vulnerable — data and files owned by each department or team. Where possible, implement measures to make it easier to segment or identify this known valuable data — such as naming conventions, designated file storage locations, etc.

3. Put your data in context. Looking at the entire digital haystack is overwhelming — and nearly impossible. But you don’t have to — and you shouldn’t. Just as it’s worthwhile to identify your known valuable data, it’s important to start by identifying the biggest data loss risks in your organization. For most companies, this list starts with the following scenarios:

  • Departing employees
  • Onboarding employees
  • M&A and company reorganizations
  • High-risk employees/high-value data access

Once you’ve identified your biggest risks, you can use your security tools and processes to put unstructured data movement in context — differentiating user activity that’s associated with high-risk scenarios from activity that is not.

4. Focus on the data — not the people. It seems obvious that data security should focus on the data. But it seems just as intuitive that an insider threat program would focus on the insiders themselves. The reality is people are unpredictable — and insider threat risks can come from anyone, anywhere in the organization. Moreover, at the end of the day, you don’t care what your users do — you care what your data does. It’s your valuable data that you want to see and protect — so that’s where your insider threat program should focus. If you can see if and how your data moves, then you can:

  • Know exactly what risky actions have been taken — and hold users accountable.
  • Be prepared to answer any legal inquiries — from competitors, regulators or your own legal team — with total confidence.
  • Protect your business’ most valuable information.

See. Investigate. Respond. Quickly.

Both security and legal teams know that their job isn’t just to prevent risk — it’s to effectively respond to risk to mitigate damage to the business. Yet the conventional approach to data risk has been extremely prevention-centric. This approach worked well enough when the data Security and Legal were protecting was neatly structured, easily defined and conveniently contained within internal networks and devices. But as the focus shifts to unstructured data that’s hard to define, constantly evolving and dynamically moving well beyond internal networks, coordinated Security and Legal teams need to expand their approach beyond conventional prevention tools alone. The first step is recognizing that all data matters — and working to put tools in place to gain visibility into the expanding haystack of unstructured data living inside the network, on user devices roaming the world, and in the cloud. It’s no small challenge — but forward-thinking organizations are already building advanced insider threat programs that make a big impact by starting relatively small: Building simple workflows around seeing, investigating and responding to their biggest data loss risks — faster.

Code42 logo
Code42 logo

Code42

  • About Code42
  • News + Events
  • Awards
  • Investors
  • Leadership
  • Careers
  • Contact Sales

Learn More

  • Insider Risk Ecosystem
  • Reseller Partners
  • Federal Solutions
  • Higher Education Solutions
  • CrashPlan for Small Business
  • Customer Stories

Support

  • Help Center
  • Code42 University
  • Professional Services
  • Twitter Twitter
  • Facebook Facebook
  • LinkedIn LinkedIn
  • YouTube YouTube
  • Terms of Use
  • Privacy Statement
  • Impressum
© 2021 Code42 Software, Inc. All rights reserved.
Get Started with Incydr™
Contact Salesright arrow icon
We'll have an insider threat expert reach out within 24 hours
Start Free Trialright arrow icon
Try Incydr at no cost for 30 days to quickly uncover your data blindspots
Interactive Demo
Take Incydr for a spin in our free sandbox environment.
Launch the demo right arrow icon
Explore the deeper functionality of Incydr™
Contact Salesright arrow icon
We'll have an insider threat expert reach out within 24 hours
Interactive Demo
Take Incydr for a spin in our free sandbox environment.
Launch the demo right arrow icon

This website uses cookies to improve your user experience and to provide content tailored specifically to your interests. Detailed information on the use of cookies on this website, and how you can manage your preferences, is provided in our Cookie Notice. By clicking I Agree or continuing to use this website, you consent to the use of cookies. Learn more.

Code42
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

Strictly Necessary Cookies

Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.

If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.