June 30, 2016|
The Definitive Guide to Data Security
Take a close look at how most companies approach information security, and you’ll notice a recurring theme. We’ve become experts at building castles, with towers, drawbridges, moats, sentries, and ever-more-complex locks. We secure our organizations like fortresses, building layers of walls around our networks, our applications, our storage containers, our identity, and our devices. This makes us feel safe.
But then one important email attachment accidentally leaves the citadel, forcing us to report a breach. An unhappy employee moves high-value designs onto a USB drive and takes it to a competitor. And just like that, the walls crumble. They fail us the moment we need them the most.
How does this happen? Haven’t we invested in data security?
No, not the way we should have. We know this because Gartner estimates we spent over $75 billion in IT security last year, and yet the number of breaches continues to increase. We’ve built higher, stronger walls, but neglected securing the information itself. That’s why these walls fail us – they can’t help after we share information or once others download our confidential data. Once it’s out, it’s out.
To help our customers better understand and diagnose their own blind spots when it comes to data security, we’ve built a useful guide – The Definitive Guide to Data Security – based on industry research and our own customers’ experiences prior to adopting Vera.
Most of our customers were operating with four critical gaps – four major blind spots – where sensitive data slips through the cracks of their walls.
Most companies have one, if not all, of these gaps. Take a look and see if they seem familiar:
- The Behavior Gap: You’ve made significant security investments but none of your employees use the tools because they’re too difficult or annoying to use. Employees bypass the secure FTP server, they copy and paste data from secured files into an unsecured document, or they send themselves sensitive attachments to their personal email account. 1 in every 4 breaches occurs due to employee negligence, according to Ponemon’s Cost of Data Breach Study (2015).
- The Visibility Gap: We lose information by not being able to see where, when, or how our sensitive information is being used. You don’t even know what you don’t know. The Visibility Gap is everything you can’t see – everything that happens in the life cycle of sensitive information after it leaves the fortress. How often have your clients forwarded information to unwanted viewers? What exactly are third-party contractors doing with information? What you don’t know can hurt you. If data is regulated, you bear responsibility for it, even when you cannot see it.
- The Control Gap: Once data slips through our walls, most security teams can’t lock down access to lost files or leaked information. They don’t have an Undo button or a Reverse Oops mechanism to revoke access or proactively lock down breaches. It’s the Control Gap that’s at the root of many cloud collaboration and storage fears, but this gap existed long before Box and Dropbox came along.
- Response Time Gap: Finally, we lose data because of the time lag it takes to understand and respond to new technologies brought to the workplace. In a reactive, perimeter-based world, you also have to account for the time it takes to build the new wall, dig the moat deeper, or build a better defense. When security is left to play catch-up, companies cede control over their valuable data.
Here’s the punchline: taller, stronger, higher walls aren’t the answer. Firewalls, Data Loss Prevention (DLP) tools, and secure file vaults are all part of this castle mentality. They’re all about keeping data “in” the citadel, and rarely work at the critical moment: when people have your sensitive data in their hands, when people download the spreadsheet and move it offline.
If our crown jewels are what we aim to protect, why not secure those directly? It’s time to put aside our siege mentality and start securing what really matters: the data itself. By adding an invisible and flexible layer of security to each of our crown jewels, we can close the security gaps. We can see where data travels through its entire life cycle, we can share information easily and fearlessly, and instantly pull it back if something goes wrong.
Ready to start closing the gaps? Download Vera’s Definitive Guide to Data Security now and start assessing how to protect your crown jewels today.