Now that summer is approaching, it’s time to go outside and play. Outside is where all the fun happens, or that’s what I keep telling my boys. Pay no attention to those addicting video games - the real action is outside on bikes, trampolines, or electric scooters. Of course with these activities, the risk increases dramatically. But we put up with the occasional bump and bruise because outside is important and it helps build a well-rounded child that feels confident in their abilities to handle whatever comes their way. When it comes to data protection, you should think of your organization the same way. Outside is just as important as inside, and helps build a well-rounded data protection strategy. With me, or lost? Let me explain.
Take a moment to think about where the risk of data loss resides in your organization. Is it an inside threat or an outside threat? One of the biggest misguidances in the industry is that data protection is too heavily focused on insider threats. This partially comes from the popularity of CASB and cloud apps, which are squarely focused on the employee and their actions with cloud data. While this is important, we must not lose sight of the bigger picture. Data is the lifeblood of any organization, and it’s often what the adversaries are after. Additionally, when data is lost, outside breaches are usually far more impactful than smaller events attributed to individual user loss. With that, a data protection strategy cannot be complete without a well-thought-out plan that unifies protection around malicious data breaches and accidental loss. Are you fully prepared to address outsider threats to your data?
Before we get into the details, let's explore what defines the difference between an inside or outside threat. The big difference is identity. An insider threat is carried out by an entity with a valid identity. An external threat is a risk from an adversary that does not have a valid identity (yet). Let’s now explore both concepts and what you should be thinking about when it comes to unifying data protection.
Great outside and inside data protection starts with inline visibility. If you can’t peel back SSL to get visibility across all your user connections, you’ve got nothing. Remember, most of your data is headed to either a sanctioned cloud app, or worse yet, completely off the grid to the internet or risky app locations. All these destinations require inline SSL inspection that can scale across all users and devices, on- or off-network. This is where Security Service Edge (SSE) comes in.
Delivered from a security cloud, your inline SSL inspection can go everywhere with ease. But most importantly, if you don’t have a proven, scalable way to do this, you’re going to run into problems down the line, from business interruptions and downtime to scalability issues. Get this one fundamental building block right, and you’re on your way to fantastic control over external breaches and internal data loss.
Once you have that foundational component of scalable inline SSL inspection, you're ready to start thinking about outside threats. With the right SSE service, you can feel confident that adversaries, state-sponsored attacks, and all the other crazy stuff currently going on in the outside world are easily controllable. SSL inspection lets you find threats where they live, and cloud-delivered policy ensures every user gets consistent protection, regardless if they’re on or off the network. Pair this with a strong secure web gateway, cloud-delivered sandboxing, and other advanced threat protection approaches like AI, ML, and browser isolation and you’ve got a recipe for success—everything in one place, with a unified policy and drastically reduced complexity. Remember though, to properly stop unknown threats and ransomware, your security platform must be able to inspect all ports and protocols, inbound and outbound across every connection, on- and off-network.
Now, what about insider threats? If a bad actor compromises an identity, you certainly have an insider problem, but the casual employee can often be your worst enemy. Your organization is rife with all kinds of accidental dangers. Users often mean well, but inadvertently share data in dangerous ways or utilize risky apps, which ultimately puts your sensitive data at risk. Even IT administrators on your own team can configure clouds improperly that leave your security posture open to exploitable issues. While often accidental, these insider events required focused attention.
But worry not, because SSE comes to the rescue again. Integrated into this must-have architecture are all the technologies you need, including:
- Full inline inspection with cloud DLP to help secure and block sensitive data that shouldn’t leave the organization, including off-network connections.
- Integrated multi-mode CASB to help you quickly identify and block risky apps, personal apps, and email. With a fully multi-mode CASB, you can also ensure data at rest in SaaS apps is shared properly, by governing users as they collaborate across your sensitive data.
And what about the compromised identity from the outside? One of the great things with the right cloud platform is you can bring User and Entity Behaviour Analytics (UEBA) to the equation to quickly identify anomalous exfiltration activities like impossible travel logins, unusual upload patterns, or encrypted uploads.
So, now that we’ve recalibrated our perspective on data protection, does outside sound like where all the fun is? Certainly, the risk outside is greater, but you can’t stay inside forever! A great data protection strategy knows that outside is just as important as inside and understands the right approach to tip the scales in your favor. So, go outside with confidence and embrace the elements!
If you want to hear more about insider and outsider threats, watch our LinkedIn Live that explores the topic in depth.