Data Protection Challenges

Welcome to the cloud generation where there are cloud applications to solve every problem.

We live in a world where individuals have multiple devices and work from virtually anywhere.

People are taking advantage of all these resources to work more efficiently and more collaboratively – which means they are adopting lots of cloud apps and using whatever device to access those apps whenever and wherever they may be.

This means there will be company data (some of it very confidential) being saved and shared in the cloud and moving back and forth between cloud apps, people and devices in traffic that may not be monitored by traditional enterprise perimeter security solutions. We call this Shadow Data.

We research trends in cloud application adoption and risks and our research on activity in the second half of 2016 shows that 25% of company data in cloud apps is broadly shared (that means shared to the public, to the entire organisation or to a party external to the organisation). This broadly shared data includes confidential and regulated data. It is a data breach risk and it is a compliance risk.

We also know that bad actors are targeting cloud accounts to steal credentials, hijack sessions or hack into accounts directly from the internet. These cloud accounts contain data to steal or destroy, offer a method to exfiltrate data, and are a path to infiltrate an organisation.

Shadow Data Report

The Symantec Shadow Data Report covers key trends and challenges organisations face when trying to ensure their sensitive data in cloud apps and services remains secure and compliant.

Cloud Access Security Broker (CASB)

Introducing Symantec CASB

Our CASB portfolios consists of many key components:

  • Securlets or API – for visibility and control of sanctioned apps
  • CASB Gateway – for visibility and real-time control of both sanctioned and unsanctioned apps
  • Audit – for analysing Shadow IT usage

CloudSOC provides a robust solution for understanding the risky cloud apps and services your users may be using.

It is so easy to collaborate using cloud apps which means it is also easy to over-share sensitive data as well.

With CloudSOC customers can prevent PII content from being shared outside the company.

They can prevent sensitive data from being uploaded to personal cloud accounts.

A robust CASB is also good at automatically identifying and tracking confidential content stored in the cloud.

CloudSOC gives customers an informative dashboard that identifies sensitive data in the cloud, if sensitive data is at risk of exposure, and users associated with sensitive data at risk.

CloudSOC includes a native DLP capability called ContentIQ, a data-science driven cloud DLP engine, that is better than other CASBs at automatically identifying and classifying sensitive content – from compliance related content such as Personally Identifiable Information to company confidential content such as source code. There is highly advanced machine-learning technology in ContentIQ.

Customers can control how data is shared, accessed, downloaded, uploaded, etc through granular policy controls.

Threat Protection

There are two major areas of concern:

1) “Front door” attacks, where malicious actors get a hold of an end-user’s account through a variety of approaches, and steal sensitive content.

2) Traditional malware, ransomware or crimeware that can infect content in a cloud apps, and readily spread to other parts of the organisation.

A major data breach can come down to a single user password being compromised. Whether due to a phishing attack or a broader password breach, it represents a single point of failure that can expose critical data.

A disgruntled employee may divulge sensitive data, download confidential information, or delete data prior to leaving a company.

CloudSOC leverages advanced data science and machine learning to provide monitoring of each and every user’s cloud account, looking for malicious or fraudulent activity.

Data Security

All of these capabilities come bundled in a powerful data-rich platform with an intuitive UI. Our UI is highly regarded in the market, not just for its good looks – but also its logical workflow, customisable dashboards and ease of drilling into needed information.

In addition to managing all aspects of cloud activity, we have also created deep links with other Symantec products to bring the power of CloudSOC to their environments as well.

CASB Data Sheet

The CASB data sheet illustrates in further detail the solutions available to your organisation.

Information-Centric Encryption

Data Protection Challenges

Organisations are moving sensitive data out of their physical perimeters and into the cloud where they can share it with users across multiple organisations and locations. But it’s difficult to keep data safe and usable once it leaves your traditional control.

Increased regulation, customer scrutiny, and risk awareness are driving the need to protect information. Data breaches continue to increase, with a cost of $4 million per breach, on average, according to a 2016 report from Ponemon Institute.

The damage is not only financial but also impacts customer trust and brand reputation and can result in fines and penalties for noncompliance.

Introducing a new approach to data security

Information protection that encompasses discovery, protection, and user authentication provides a complete approach. By integrating these capabilities in a way that follows the data, you get true information centric security. It protects your sensitive data, making it only visible to the intended recipient.

Information Centric Encryption delivers strong, simple protection that follows data wherever you store, use, or move it.

It protects data with enterprise-strength techniques through the integration with Symantec Data Loss Prevention, Symantec CloudSOC (Cloud Access Security Broker) or Symantec Information Centric Tagging technologies.

Using highly accurate data discovery engines, sensitive data is detected on-premises, in cloud and mobile locati0ns. Alternatively, users can identify and classify files and emails that contain sensitive data.

You can apply enterprise-grade encryption automatically by policy, ensuring consistent compliance. And this protection follows the data, regardless of device or location.

To access a document, the recipient uses a “one touch” process that protects data even if multiple users share a device.

Information-Centric Encryption

This data sheet illustrates in further detail the solutions available to your organisation.

Data Loss Prevention

Information is everywhere

Today, 36% of all business critical apps are housed in the cloud, but IT isn’t even aware of nearly half of them.

Around 30% of all business information is also stored in the cloud, but more than 1/3 of that information is not visible to IT.

Finally, nearly half of all employees are using their own personal devices to connect to the cloud and access business information.

These statistics highlight the fact that a whole lot of data is being stored in the cloud, undiscovered, unmonitored, and potentially unprotected.

Even when IT is involved, you can’t just assume that cloud vendors are providing the level of protection you need. When it comes to data security in the cloud, one size almost never fits all.

Cloud services and applications also increase your risk of a data breach by a factor of three.

Today, data breaches take a long time to discover and even longer to remediate.

Furthermore, an average of 10% of business information is completely out of IT’s visibility, so there’s no guarantee they can even know when a breach has occurred.

It’s also interesting to note that fewer than 25% of breaches are discovered by an organisation’s internal security team. In most cases, organisations are notified of breaches by a third-party organisation or law enforcement agency.

Can you answer these questions?

Where does your confidential data live?

  • On-premise: file servers, desktops, databases
  • Cloud: email, file sync and share apps
  • What data types are a priority for you to protect (regulated data, intellectual property, etc.)?

How is confidential data being used?

  • What is being uploaded to unsanctioned cloud apps or USB drives?
  • Who is copying data on the endpoint or sending it across the network?
  • Who owns this data?

How do you prevent data loss?

  • How do you stop confidential data from leaving your organisation?
  • How do you empower your business units to protect their data?
  • How do you educate employees and enforce data security policies? In most cases, organisations are notified of breaches by a third-party organisation or law enforcement agency.

Symantec DLP is ready to help you answer these tough data loss questions with an approach—backed by a family of solutions and technologies—that allow you to:

Discover where your sensitive information resides across all of your cloud, mobile, network, endpoint and storage systems

Monitor that data, so you can understand how sensitive information is being used, including what data is being handled and by whom.

Protect sensitive data by preventing it from being leaked or stolen. This includes consistently enforcing data loss policies across your entire environment and educating employees about safe data practices.

With Symantec, this is about much more than simply throwing cloud- and mobile-focused DLP technology at the problem.

All too often, this can create disparate data loss policies with multiple management interfaces, which only complicates the problem and requires additional IT resources to manage.

Symantec DLP allows you to combine comprehensive coverage across your on-premises, mobile and cloud environments with consistent policies and a unified management console.

This makes it possible to discover, monitor and protect all your data —no matter where it lives.

Symantec DLP gives you the ability to create, manage, and extend cohesive, effective DLP policies across your organisation.

Policies give you the power to implement and enforce data security consistently across your organisation, and they’re the main building blocks of every successful DLP implementation.

A policy is made up of two parts: detection rules and response rules. Detection rules tell DLP what data to look for and response rules tell it what to do once it finds that data.

Detection rules define the content you want to protect and the context that it’s being used in to determine if a security policy is being violated. DLP finds data using 3 categories of detection technologies:

Describing protects structured and unstructured data by looking for content matches on keywords, regular expressions or patterns, and data identifiers.

Fingerprinting protects structured and unstructured data by looking for exact or partial content matches on indexed data sources and documents.

Learning protects unstructured textual data by building a statistical model using sample documents and determining content similarity.

Response rules are used to define the actions to take when the system has detected an incident or policy violation. There are a number of different ways to remediate a data loss incident:

  • Notify an end user of a policy violation via email or an onscreen pop-up
  • Require a user to justify an action that violates a policy via an onscreen pop-up
  • Redirect an unencrypted email containing sensitive data to an encryption gateway for secure delivery

Prevent information from leaving the network by blocking web post or instant message; or from being wrongly exposed on your network by quarantining or relocating files containing confidential data to an encrypted folder on a secure server.

Data Loss Prevention

This data sheet illustrates in further detail the DLP solutions available to your organisation.

Enterprise Strategy

Symantec have developed an integrated solution that provides the optimal approach for extending DLP to the cloud.

Your can save time by applying the same carefully tuned policies they use for an existing DLP solution to your data in cloud apps.

An organisation can leverage the same workflow integrations used for other DLP channels and can manage DLP for cloud apps in the DLP Enforce console just like you manage other DLP channels.

The DLP engine runs in the cloud so unlike the ICAP integration offered by other CASBs, data does not have to travel back to the enterprise for analysis, all this work stays in the cloud – optimising bandwidth and latency. It leverages a native RESTful API between the cloud detector and CloudSOC, which allows us to empower the DLP console with rich insights from the CASB solution – such as new policy attributes, user ThreatScore’s and detailed cloud activity log information.

Only Symantec offers this comprehensive DLP solution.

Get in touch

Kontex Security Ltd

T: +353 (0) 62 43937

E: [email protected]

United States:

345 Park Ave # 1702, New York, NY 10154, USA

Ireland:

Maynooth Works, Maynooth University, Kildare, Ireland