According to the relevant statistics, the possibility of employee disclosure documents increased by 85% compared to the new crown epidemic. The fact is that before the new crown epidemic, data security risks are growing because the company is prioritized by the cloud computing. However, when we upload, download, send email, chat, and synchronous sharing, this is also a largest data security risk of enterprises.
The real problem is that the data security paradigm has not kept up, allowing the data security team to catch up with the increasing internal risks. At the same time, it is frustrated by the user because it hinders speed, originality and innovation.
Internal risk management: Risk-based method
Internal risks are any data exposure events (safety, compliance or competitive nature) to endanger the company and its employees, customers and partners’ financial, reputation or operational well-being. Although internal risks sound like a synonym of internal threats, it is not the case; important distinction must be made. Internal threats are concerned about a specific person or entity, while internal risks are concerned about data.
The core of internal risks is a data protection problem. Traditional, policy-based approaches, such as DLP, CASB, and UEBA, focusing on compliance, up to one can only provide a sense of protection. When the blockade is actually responded, the organization is affected in the internal reputation of the employee productivity and the internal reputation of the security team. It is inevitable that these methods have led to the risk of the risk of security teams – they try to maintain classification and policies, but they can never really reach only to block threats without preventing other goals. In contrast, internal risk management provides a data-centric approach, which ensures compliance with data usage policies, established a more risk awareness, and accelerates the realization of safety value.
Manage internal risks framework
More and more business organizations recognize that internal risks are a general problem, and traditional methods cannot be resolved. In fact, according to the Forrester’s data, 71% of security decision makers believe that the traditional data loss processing method is not possible. Internal risks are a complex and subtle problem, which is why policies-based approaches, need absolute knowledge to mark all valuable data and accurate predictions for all threat vectors, cannot keep up with the pace. You can’t explicitly block internal risks, you don’t want to do this. Instead, a smarter approach is designed to understand, measure and manage internal risks through five basic procedures.
(1) Identification: Where is the risk of organizational data and when it is exposed to internal personnel?
You can’t manage what you can’t see. However, traditional policy-based data security tools can only look for things you want to find, leaving huge and growing blind spots. The first step in internal risk management is to implement the correct tools and technologies in place. It is vital that you can monitor all data activities in three dimensions of risk: all files (not just controlled or classified files), all vectors (online and equipment under the network, cloud Applications, etc.), and all users.
(2) Definition: What data risk is unacceptable?
Until recently, the concept of risk tolerance is almost alone in the field of data security. Almost all organizations recognize that they must tolerate some degree of internal risks to achieve agility, speed and innovation required to survive and develop in today’s business environments. Once you have a comprehensive visibility and background for your data exposed, you need to adjust the internal risk tolerance of the entire organization – so your security team can begin to define a trusted and untrusted A list of events and scenes. Similarly, you can’t want to define all the possibilities – but to focus on the common internal personnel acting on behalf of the internal risk leading indicators.
(3) Priority Sort: When is the most concerned data?
The art that defines the risk of internal personnel tolerance to determine the priority of risk indicators. That is to say, the leading index of internal personnel is triangular measurement with a rich background around the data activity. With the right data security technology, your security team will have context visibility, enabling them to use these internal risk indicators to give priority to certain types of risks – such as source code leakage, suspicious file types do not match Synchronize to personal cloud storage and resigning employees – rather than incidents of lower severity.
(4) Automation: How to best deal with internal personnel?
As a package, the blockade policy cannot be applied to all users and all the data, there is no response to the internal risks. Your security team should work with business line leaders to create appropriate size responses for your preferred internal risk events. It may be that you need to implement the technology in place, enabling you to build a highly automated internal risk response workflow, combined with a series of manpower and technical response to the severity of the event, not too much to give the security team. burden.
(5) Improvement: Is it really effective?
This last step is obviously lacking in traditional policy-based methods. The internal risk paradigm acknowledges internal risks to evolve, will always exist, and cannot be completely blocked. This makes the tools and processes in place to measure (qualitative and quantitative), improve and optimize your overall insider risk situation – utilize risk intelligence and learning, becoming smarter and better over time, this is Guan. New style: uncompromising data security