If you haven't heard already, welcome to the collaboration age. Collaboration tools are great and data has never been more portable. In an open, collaborative work environment, employees are not chained to their desk from 9:00 to 5:00, Monday through Friday. They have flexible work schedules and flexible work locations. Employees can upload files to the web, sync data to personal cloud accounts, email file attachments and even share files publicly from corporate cloud storage accounts. And therein lies the risk.
While great for productivity, collaboration tools decentralize the data that's traditionally created, secured and backed up in the data center. And the risks to that data is magnified because the very tools that workers use to collaborate are now some of the most popular exfiltration vectors for moving data out of an organization. On top of that, the influx of dual use personal and business products like Gmail, Slack, Google Drive and OneDrive only increase the complexity of this issue. And sure, you could try to block them all, but when security teams block one vector, users simply find another. And how do you distinguish between sanctioned and unsanctioned OneDrive behavior? How can you block personal Gmail if the corporate email product is Gmail?
Regardless of insiders are acting maliciously or putting data at risk accidentally, an insider threat program will need to take these vectors into account. And where traditional cyber security focused on prevention, that's no longer enough. Instead, a robust cyber security program needs to focus on detecting and responding to risk from everywhere, outside and inside.
Oh, in case you were wondering, the traditional exfiltration vectors – yeah, those are still there. However, exfiltration vectors aren't the only consideration for a modern insider threat program.
Check out our other videos to learn more about the whys and what's before we tackle the how's.