After COVID in the last few years, hybrid working became a normal thing in our life. Employees started working from home. Even after that, when the company started their office, some employees were still working from home. Some were working remotely. Some were working on the contractor third party location and working from and outside India. The biggest problem we faced at this time in the process is that when the employee gets the laptop, desktop, and employer data, there is a lot of sensitive data on it. If the software is developed, then it will be source code. If the sales candidate or team member is there, then it will have sales data, customer data, if it is marketing, then marketing budgets will be there, marketing will be launched. R &D’s staff has recently developed data on their machines. If you track the last two years, every day, some data is breached. The biggest problem in the global system is the employee as the biggest reason. Any research report is taken by any big company, any consulting company, 75 -80% of it is clearly written that the internal threat is an employee. The employee we used to control, when he used to work in the organization, he was very secure, he had a lot of things in his hands, he had controls, because everyone was working from office. When the employee came home, he brought information as well as assets, he brought sensitive critical IP with him. Now the IP is so vulnerable, so exposed that it can be shared anywhere, for any benefit. We have seen that in the last few years, employees have come to cases where employees are working in 3 -4 companies.
Why are they getting jobs? Because they have skills, but they don’t get the same job. They get the same job, they get the same skills supported by some data, some information. So that information is read by their machines, which are not secure and they upload it to any services. The second thing is that we started the work from home, there are some convenience in life. Like we are in this virtual session, and you organize virtual sessions, we do virtual meetings. In this session, we have an option to upload a file. So I am sitting here, at home, with my laptop, source IP, code, any data I can share with you. So on the one hand, there is a convenience, that if you are sitting at home, it is not working. But at the same time, the effect that happened, this convenience controlled security. which means now employed can share anything on whatsapp, chat GPT, google messenger, google meets etc. When the hybrid culture moved, threat landscape also changed. Nobody steals from USB nowadays, it’s done through google drive or third party drive. The companies have balanced themselves with their operational needs like not impacting their revenue generation, business and satisfying the client but compromised their security due to convenince, Wherein data breach becomes the most important element.
Problem occurs when the company asset is handed over to the employee. But after work hours, the employee watches movies, does software downloading. One should learn how to segregate both their personal and professional documents while working on the company asset as DLP only looks into the sensitive information being leaked out of the company.
Since hybrid working is new normal, what challenges clients faces during work from anywhere model?
Data leakage has become critical for the companies especially in the HR domain to keep a tap on the employees. The intro for ISO 2700 has been added since the data leak has become very critical now days due to hybrid work mode. One cannot stop an employee from using whatsapp, chat GPT or any other software on machine, but here’s where DLP enters where it ensures no data leakage is happening even working from Hybrid mode.
Critical IP is everywhere across the organization, what are two good practices you suggest for the audience?
Critical IP is everywhere – source code, balance sheet, new marketing plan, R& D info, etc. There are a set of software’s provided to an employee according to their KRA’s but if extra softwares like whatsapp, etc are being in use which can help in leaking the data easily. They can access anywhere due to big landscape. Most organisation cannot track 90% of their employees data if scanned. Information value changes from an employee to the top most manager (hierarchy wise). IP leakage becomes very difficult if application asset and information asset both are segregated in the system.
What’s your view on the changing data leak threat landscape?
For a software development/manufacturing organisation are doing online business today. Github is the new application where in many software developers put their code as their personal asset and the company controls the data from being leaked. Many tools like flock or slack are good tools but when an employee downloads any information through whatsapp web from their home, wherein the new threat should also support the landscape. A CXO has to make sure that installing a dlp solution in a software development/manufacturing organisation co creates a use case for it.
Data Leak is an old wine in the new bottle, what’s your views?
When deployed a data leak tool, it interfaces with operating system, hardware development and drives. The baseline has changed with the above aspects since last few years.
Basic constituency still remains the same but the third landscape has changed.
How about success stories of Data Leak deployment, what worked?
Use case – when a customer is onboarded, it requires different parameters, process, operation, etc called data flow analysis. And so the parameters, use cases are defined. As a CXO it’s important to see whether the baseline, use cases meet which is very critical. No dlp is same, all are different and this is the reason why 90% deployment fails and use cases don’t match.
When use cases are matched, deployment takes place, important rule sets are to be customised which are called by default rule sets. We can also build custom rule set based on Threat landscape or IT information asset on machines.
DLP assessment is not done by 99% customers. Once DLP is deployed, profiling of application, data and software, customer rule set done, and the use cases matches, everything is done.
Printing is also very critical element of DLP. Today USB, Email and print. Although print is traditional but it’s the 3rd category where maximum data is being leaked. DLP comes in the picture where it can help take a shutterlog of the print proving machine, timestand, name of the user stored in the repository if the user does not understand what data is to be printed. It’s a tamperproof document which can be presented as the forensic report in the coufrt of law as a proof against the user if there’s breach that has taken place.