This is the third installment of the From Arthur’s Desk series discussing such topics as data loss prevention, compliance and governance and more.
One of the challenges of the CISO has been measuring success. Standards have been the benchmark for years. If you meet the standard, you’re successful. But it is becoming clear that standards don’t necessarily tally to a safe data usage environment, particularly when the biggest threat is from insiders, or from outsiders posing as insiders. The best practice in security has shifted to risk-based models, which require measurements of risk based on behavior and activity, and a capability to take action when risks rise above a historical norm. It is precisely this ability to measure and take action based on the measurements and trends that makes the cloud an inherently secure computing environment.
Google Apps and CloudLock are a good examples of this. Usage metrics such as files per user, sharing patterns, and storage consumption are indicators of risk and security and give the enterprise powerful tools for information governance, complement the on-premise data protection frameworks, and provide a pathway to lower risks and more meaningful compliance with privacy and other regulatory requirements.
What can you do with the data from CloudLock and why does it matter?
- Build a risk profile at the enterprise, organizational, and end user levels
- Design policies that are appropriate for the sensitivity of data and impact on the business
- Instill an organizational and individual culture of data protection
To build a profile of the enterprise, discovery of data and users in the domain is key. Knowing what, with whom, and how information is being shared will provide the both an overview of the sharing and risk profile, at a glance, as well as show where the quickest and most meaningful wins are. In many cases, CloudLock has helped enterprises lower theirs risks of exposures by as much as 70% with a single, simple, non-intrusive policy directed at unconscious but risky behavior of end users. In such instances, CloudLock metrics are used to characterize the severity of risk, set priorities, define policies, measure success, and sustain gains.
Exposure metrics set the stage for policies. Knowing the number of public, external and internal exposures of enterprise documents helps set the risk baseline and and is one of the inputs for critical data containment and domain compliance policies, such as prevention of data sprawl or personal stockpiles of enterprise assets.
In my next post, I’ll provide some examples of data containment and domain compliance policies and how they have been used by security leaders to safeguard digital assets as part of a risk-based strategy.