SaaS Holes – Part 3: Data Leakage
In my last blog I discussed the importance of visibility and monitoring for suspicious activities within your cloud apps. Make sure you give it a read. This blog will address a topic that is all over the news these days. Data leakage.
We all read the news. Whether its Twitter, Reddit, our favorite news website or the good ol’newspaper. It feels like every week there is a major data loss event. Target, Home Depot, JP Morgan (76 million households, 7 million SMBs affected and the prime example of data leakage via employee devices) and now possibly Dropbox. Here’s an interesting (and recent) chart that shows the percentage of public awareness of top breaches when 4,235 adults in the U.S. were surveyed (expect Dropbox to be on the updated version).
The Hole: Data Leakage
The holy crap/Who to blame?/This just got real face
When an employee has next quarter's financials on their mobile device, loses the device, and the information ends up in the hands of a hacker, reporter, or their high school arch enemy (still holding some silly grudge) you can’t blame Office365. Cloud apps can’t stop employees from downloading mission critical information onto their device. Because of this, data leakage takes place.
I’m not saying you shouldn’t trust your employees; I’m just saying you should be aware of the situation. Forrester Research surveyed 2,000 IT professionals in North America and Europe and found “enterprise insiders” accounts for 36% of all data. And it’s not like this is a regional-specific issue. In Malaysia, insiders are said to make up 71% of all data breaches! Crazy right?
The Fill: Control, Lock Up & Track
Here are the 3 things you need to do to prevent data leakage from happening to your enterprise:
1. Control who can access data – Your company’s security policies are CRUCIAL here. Decide who can do what inside your cloud app. Set up rules that automatically enforce your security policies. You want to control access based on: app, group, type of device and geo location.
2. Lock up important data – Decide what data is most sensitive. This is an important step because not all data is created equal. Deploy a solution that automatically removes (via encryption or redaction) highly sensitive info from emails and attachments before they can be downloaded onto an employee's mobile device from your cloud app.
3. Track your data –You can now digitally watermark corporate data and track its movements anywhere on the Internet. Yes, I really just said that. By placing hidden identifiers on all highly sensitive data, you’ll know every time it was downloaded, who accessed it, and when it took place. You just have to find a solution that can do this (wink wink).
Look out for my last blog in this series. I will be discussing lost mobile devices and what you can do to protect your company's data when this occurs. Follow @Bitglass to hear more about cloud and mobile security.