Newsroom

Blog

Hacked? Here’s How to Report It

Knowing how to properly share information around cyber events like data breaches can help warn other organizations and prevent them from falling victim to a similar attack.

HelpSystems to Acquire Alert Logic to Enable Customers to Address Cybersecurity Skills Shortage with Hybrid IT Approach

MINNEAPOLIS (March 09, 2022)—HelpSystems announced today it has signed a merger agreement to acquire Alert Logic, a well-known leader in managed detection and response (MDR) services. Alert Logic works as a seamless extension of security teams, augmenting existing cybersecurity resources and technology to safeguard on-premise, cloud, SaaS, and hybrid infrastructures. The company’s MDR solution...
Blog

Five Ways to Improve Security and Prevent Third Party Data Breaches

So far this year, the majority of data loss incidents have had one thing in common: they revolved around third party data breaches. It’s certainly not a new risk vector, but in our hyper-collaborative economy, it’s rapidly rising in its significance. Whether you’re in financial services, telecommunications, manufacturing, or Hollywood, your greatest risk to data loss occurs when content moves outside of your direct control. But, we can’t afford to stop collaborating. What companies need is a way to keep control over this valuable information without paralyzing their ability to do business. In other words, it’s time to rethink the way companies address vendor security. As more stringent data protection regulations go into effect (GDPR, the New York DFS cyber-security requirements, etc.), it will be up to every company to keep pace. Companies need strong preventative controls that protect their data as it leaves their hands, especially when it’s stored with third parties. The bigger, stronger walls we’ve built are excellent at keeping attackers out, but they can’t protect data we’ve entrusted with others. But, by applying security and identity-based access controls directly to the data, companies can mitigate the risk of human errors that occur when employees accidentally autocomplete an external email address, forward a file they shouldn’t, or move sensitive data off of controlled systems. While people will always be a weak link in the information security process, by applying encryption to sensitive data by default and setting automated policies and controls, IT can take the human decision making out of the security equation. To accomplish this task, we’ve compiled five recommended practices that can help organizations move to a more proactive, data-centric security model. First, take a data-centric approach By taking a data-centric approach, organizations can enable their employees to confidently collaborate freely with whomever they choose, all while ensuring the highest levels of security, visibility and control. Encrypt more data by default Another mistake companies make is putting complete trust into their employees to do the right things. Let IT make it easy for them and set policies that will automatically be applied when data is created or shared externally. Plan for auditing and compliance now With all the new regulations in the US and abroad, almost all companies are now required to provide a paper trail or audit log of what happens to their data. While it’s a requirement, taking steps to plan for these audits today will make you incredibly prepared in the event of a third party data breach. When you can see who has tried accessing your data, and where, you can mitigate the risk of having to issue a notification, and can take steps to minimize future issues. Make identity a central component of security Tying access control to identity gives you control over who has access to your data by making users authenticate to you directly using an email alias. This can prevent forwarding information to unauthorized users or accidentally fat-fingering an email address. Giving data owners the ability to control who can access your data and limit what they can do with it once it’s accessed provides an extra layer of security. Don’t just monitor: take direct control of your data In the event of a third-party data breach, or if your data accidentally finds itself in the wrong hands, you need to be able to kill access to it at a moment’s notice. No matter how high or how strong we build protective barriers, we’re always going to be at risk of a breach, and a hacker’s biggest win is gaining access to your data. Proactively locking down any data they may get their hands on is a huge advantage. By taking a data-centric security approach, you can protect your team against data loss, even for files that have left your physical control. Moreover, you can proactively prevent unauthorized access, and track precisely who should (and who should not) have access to your data. This approach will let you secure files and communications throughout their entire lifecycle, and you’ll be confident that even if your data is sent externally, you can still verify that it was used appropriately. To see how Digital Guardian Secure Collaboration is helping companies across the Fortune 1000 tackle these issues and how you can adapt your team to a more data-centric strategy, check out our Definitive Guide to Data Security.
Blog

Encryption and Rights Management for Every Application: Announcing IRM-as-a-Service

From the start, our mission at Digital Guardian Secure Collaboration was to build the trusted platform for securing and sharing any kind of business information. By taking a data-agnostic and storage-independent approach to information security, we’ve built a product that helps hundreds of thousands of people working on critical enterprise content work more confidently and safely. Today, we're excited to announce that we’ve launched into the second stage of that journey with the introduction of our newest products, the Digital Guardian Secure Collaboration API and SDK. Through these tools, we’re giving our enterprise customers and developers access to our Information Rights Management (IRM) and data security platform as a service, empowering them to build encryption, tracking, policy enforcement, and access control into their applications. By delivering IRM as a cloud-based service, we’re making it possible to protect any data, generated by any application, inside and outside of an organization. In the past, attaining this vision was very difficult, because IRM was designed as an add-on, an application- or file-specific implementation. Because data controls could only be applied to specific file types, in specific locations, and inside managed networks, it severely limited the value and adoption of legacy IRM tools. Now, that’s all changed. With our IRMaaS platform, businesses can operate more confidently and securely, backed by the knowledge that Digital Guardian Secure Collaboration is there, serving as the standard security fabric connecting users, devices, applications, and critical business properties. Delivered as both a client-based SDK for endpoint- and server-based applications and a REST API for access from any platform, Digital Guardian Secure Collaboration IRMaaS gives our customers the ability to add seamless, invisible security to sensitive information without impacting the process or employee productivity. “It’s our job to ensure that our customers can protect any kind of information, within any application, anywhere it travels. And even more importantly, we need to make sure that working with that secure data is as simple and seamless inside any application.” – Ajay Arora, CEO. Our customers and partners are already building some very compelling applications on top of this new platform. From server workflows that generate millions of PDF files for external consumption, to integrating Digital Guardian Secure Collaboration into custom engineering and design applications, they’re establishing our product as their de facto standard for protecting sensitive files, managing access to proprietary information, and tracking the flow of data across their organizations. It’s IRM-as-a-Service, and we’re excited to have customers and partners like Skyhigh Networks and Dropbox weave our IRM and data security into a fabric connecting their entire ecosystem. The opportunity this creates is to expand access of strong, invisible data security across more kinds of information, making new use cases and business processes secure in the process. This is a project we’ve been working on since before we launched Digital Guardian Secure Collaboration publicly early last year, and we intentionally built our own products on top of this same secure, scalable platform. I’m excited to invite you in to review the API, experiment with the SDK, and share your ideas for integrating security across your own applications.
Blog

Friday Five 1/28

The Linux PolicyKit bug, $770 million lost in social media scams, and more - catch up on the infosec news of the week with the Friday Five!