Protecting Data and Promoting Collaboration During Times of Change

Originally published by Lookout.

Written by Hank Schless, Senior Manager, Security Solutions, Lookout.

When it comes to the way we work, change is now the status quo — and it often happens so quickly that security teams have a tough time keeping up. Organizations that try to keep using their perimeter-based security solutions are hindering their workers’ ability to collaborate while also losing a handle on their data.

The cloud and SaaS apps brought productivity and collaboration from anywhere to a new level, and it was in your organization's best interest to embrace this change in order to boost productivity and agility to stay competitive. In order to keep that edge, you also need to be running an equally progressive security strategy in parallel.

A critical piece of that strategy is data protection. Leveraging a platform that ensures your data stays secure no matter where it resides or who’s accessing it is key to keeping up with the way your employees need to work.

This blog delves into three achievable ways to evolve your thinking so data security and employee productivity can progress at an equal pace. I’ll explain how you can help your employees stay productive in a way that doesn’t introduce new risks, and what you can do to improve your security posture so you don’t get stuck in the past.

Embrace shadow IT, including BYOD, and unmanaged networks

Users are going to gravitate towards the apps that they find most convenient and useful. The problem is, those apps might not be the ones your organization has vetted and approved, which could put data at risk. This same problem is now occurring with the devices and networks being used as employees work from anywhere.

The idea of shadow IT has expanded considerably. If you're using traditional security tools, you will have minimal visibility into what happens to data once it’s shared with those unsanctioned apps or unmanaged devices. It might even be impossible to see which apps and devices are being used in the first place.

However, the best solution isn't to clamp down and stop employees from using those apps, devices, or networks as that will just hinder productivity. Instead, embrace what people are using and take proactive measures to identify and protect data against the risks associated with shadow IT.

If you find that lots of employees are using a particular app, it might be worth the time to run a security review and approve that app for use. By bringing it on as a sanctioned app, you can regain control of your data while granting freedom and flexibility to your employees. To do this, you need a security solution that can detect when data is being moved to unsanctioned apps. And if you have a bring-your-own-device (BYOD) program or let employees connect using any network, apply that same freedom of control with endpoint security.

By deploying a comprehensive security platform, you should be able to enforce your corporate policies across all apps, devices, and networks — including unsanctioned apps and personal devices.

Keep data accessible and protected

When it comes to your data, context matters. In the past, information was stored in data centers confined by a corporate perimeter, making it easy to understand how your data was being used. But the context is harder to understand when data is sprawled across dozens of apps and being accessed by unmanaged devices from outside networks.

That data still needs to stay secure, but putting it under lock and key isn’t the answer. If data isn’t easily accessible, your employees won’t be able to do their jobs and productivity will crater. Instead, there needs to be a middle ground that uses contextual information to keep data secure while ensuring it stays accessible to the people who need it.

To manage data protection in such a complex environment, modern data loss prevention (DLP) and advanced enterprise digital rights management (EDRM) will help you identify, protect, and even encrypt sensitive data when necessary. While these aren’t fundamentally new technologies, legacy DLP and EDRM solutions can’t keep up with today’s data complexity. Modernizing these solutions will give users access to the information that they need while keeping data protected from unauthorized users or risky activity.

Stay alert to insider threats

In addition to preventing data leakage, it’s also important to be able to identify risks to data from the inside — especially when that risk is posed by a supposedly trusted insider.

As your employees go about their days — accessing cloud apps, responding to authentication requests, and uploading and downloading data — slight anomalies in behavior can indicate that something isn’t quite right. But identifying those anomalies is like looking for a needle in a haystack.

Your IT and security teams are already busy enough, and asking them to try to identify this anomalous activity on their own only puts more on their plate. To find those needles without creating a backlog of work, your organization can rely on user and entity behavior analytics (UEBA). By monitoring user behavior, UEBA can identify patterns and spot deviations from those patterns, enabling you to stop attacks before they can do significant damage.

A zero-trust mindset provides flexibility and protection

The way employees access data is dynamic, so the way your organization approaches security should be, too. Stay secure while encouraging collaboration by adopting a zero-trust mindset. This means verifying users and understanding the potential risk they pose by taking into account contextual risk factors such as location, the risk level of their device and network, and the sensitivity of the data they seek to access.

To do so, you need a unified solution that enables a zero-trust mindset. A data-centric security service edge (SSE) platform that combines the power of secure web gateway (SWG), cloud access security broker (CASB), zero trust network access (ZTNA), and endpoint security with advanced data protection capabilities is the best way to reach that outcome.