Resources

Blog

What is Data Breach Insurance?

Learn about data breach insurance, why it's important, how it works, and what to look for in a policy in the latest Data Protection 101, our series on the fundamentals of information security.
Blog

What is Cyber Insurance?

What is cyber insurance? Get a definition, learn why it's important, how it works, best practices, and more in this week's Data Protection 101, our series on the fundamentals of information security.
Blog

Protecting Manufacturing’s Trade Secrets

The Crown Jewels of Manufacturing Trade Secrets Maintaining a competitive edge in manufacturing demands protecting R&D, product designs, specifications and supplier contracts. But like it or not, manufacturing trade secret intellectual property leaks. The nature of manufacturing necessitates sharing highly confidential information throughout the supply chain and to employees who may not necessarily be with your company forever. In the course of doing their work, those who touch confidential data continually use email, collaboration platforms, managed and unmanaged mobile devices, Slack, and even USB drives, making virtually every manufacturing enterprise porous. Unfortunately the rate at which employees share outpaces the security team’s ability to patch the perimeter, block or quarantine information, and stop confidential data from leaving a company’s control. Realistically, manufacturing security teams must often balance protecting intellectual property with enabling high-speed production efficiency. Common Tools Fall Short For help, they frequently rely on some common tools that, while offering some valuable benefits, all share the same limitation: locking data down. Data Loss Prevention (DLP): Scans and quarantines confidential information traversing the network. Once it leaves that environment, security teams can’t see, audit or control what others are doing with mission-critical data. Cloud Access Security Broker (CASB) – Enforces security policies and blocks information leaving cloud applications (e.g., Box, Salesforce). However, when data is downloaded or moved offline, security teams lose all control of what happens next. Digital Rights Management (DRM): Attempts data-centric security, but cumbersome user experience prevents enterprise-wide adoption and scalability. Classification: Tags and classifies sensitive information shared from your business. A classifier can’t prevent an employee from downloading trade secrets and taking them to his/her next job. These tools rarely work at the most critical moment, when people are working with the information. They can’t prevent an external supplier in Europe from saving a copy of proprietary designs and forwarding it to a competitor. And, once data moves past the DLP fence and CASB proxy, it’s in the wild, exposed. Digital Guardian Secure Collaboration Keeps Manufacturing Trade Secrets Secure Truly protecting data crown jewels requires shifting the security strategy to protect the data itself ―through its entire life cycle, everywhere it travels, no matter who has it or where it’s stored. The ideal data-centric security solution is characterized by five capabilities: Securing all forms of data Providing 360-degree visibility Supporting dynamic data protection Integrating with the existing IT ecosystem Providing an invisible user experience At Digital Guardian, we see how manufacturing security teams are leveraging data-centric security to automate their jobs and become value-driven enablers to the core business, by: Automating secure trade secrets emailed to third-party suppliers. One of the most common workflows our manufacturers leverage is automatically securing all trade secrets sent to third-party suppliers over email. Using the products smart rules engine, all attachments sent to a supplier are automatically secured without requiring employees to take any manual steps. If data is ever forwarded to a third party that doesn’t belong to the intended domain, they’ll never be able to access it. Preventing leaks, even after IP is downloaded from a manufacturer’s systems. Manufacturers store sensitive patents, trademarks, customer information and processes across multiple storage platforms: local file shares, Box, Dropbox, SharePoint, OneDrive, and more. Our secure collaboration functionality has built out-of-the-box integrations to automatically secure any file uploaded or downloaded from those platforms. That way, employees work exactly as they normally would, and Digital Guardian Secure Collaboration works seamlessly behind the scenes to protect the IP everywhere it moves. If data ever leaks or is downloaded, our solution's security stays with the file, making sure only authorized parties can access it. Tracking proprietary R&D throughout the supply chain. Manufacturers leverage the products audit capabilities to understand exactly who is accessing R&D throughout the supply chain, to track all access attempts (authorized or not), and to get granular metrics on usage and adoption. Even if the file is removed and duplicated, security controls always stick to the data. Revoking access to data kept by departing employees. Employees come and go. Sometimes they’re tempted to take proprietary designs to their next venture. Manufacturers employ the products Dynamic Data Protection to revoke access to any data a departing employee has appropriated throughout his/her employment—even when it’s moved to a personal account. In one click, all copies of secured designs are shut off. Securing IP generated from home-grown apps. The products SDK enables automatic securing of machine-generated files and custom designs that are uploaded and shared from home-grown systems or third-party apps. That provides manufacturers with a powerful data security fabric for their entire ecosystem and extended enterprise. With the innumerable ways precious IP can leak, securing it at the data level is really the only path to ensuring that the heart of any manufacturer’s core value and competitive viability remain intact. Keep your most sensitive data in the right hands​ SCHEDULE A DEMO
Blog

Why Effective Security Extends Beyond DLP

Network perimeter erosion is a challenging reality for modern IT and security teams. Unfortunately, the erosion is a symptom of a more fundamental challenge. If that challenge isn’t properly addressed, an organization runs a high risk of building a new, costly perimeter with the same problems as the old one. Practically speaking, perimeter security typically does a very good job under the right circumstances―at a specific point-in-time and when content traverses a specific point of control. The challenge lies in sharing data beyond the perimeter’s boundaries, a requisite in today’s business dynamic of continuous productivity, collaboration across companies and services, and productive mobility. Data Protection Challenges and Requirements Data Loss Prevention (DLP) products are often evaluated as an option to securing enterprise data in a “post-perimeter” architecture. They can be either network- or endpoint-based, each model having its own unique benefits and challenges. However, DLP technologies are traditionally prone to yielding false positives. Consequently, their best use-cases are mostly limited to controlling very predictable and structured content in very specific situations. For example, DLP might be used for ensuring that credit card numbers do not leave the Cardholder Data Environment of the network. As content and locations get more complex, DLP can develop problems very quickly. It simply doesn’t solve the fundamental problem of keeping data secure in the real world where content moves and is always accessible. Positive vs. Negative Controls A core challenge of DLP is that it is based on a negative control model. In many ways, you can think of DLP as an Intrusion Prevention System (IPS), where instead of trying to match malicious exploits coming into the environment, DLP tries to match sensitive content going out. In InfoSec parlance, this is called a “negative control,” where the goal is to detect something bad and block it (and conversely let everything else go through). While there are some related activities such as warning the user that data is suspect, or requiring approval for certain content, the end result of using DLP is still going to be either allow or block. This model is why DLP has earned the reputation for being both slow and prone to false positives. It must analyze all content and try to match it to ‘blocked’ lists. That requires lots of analysis; what’s more, the matching can be wrong because enterprise content is constantly changing. The counterpoint to the negative control model is the positive control model. For example, in the network model, a firewall is an example of a positive control. Security specifies exactly what should be allowed (e.g., port 80) and everything else is denied by default, making policy much simpler. >Beyond false positives, DLP carries a number of additional challenges. As previously noted, it makes a point-in-time decision. Users can also evade DLP either intentionally or accidentally. For instance, data moved on a USB drive would be invisible to the DLP. An employee accessing their webmail on an unmanaged device could easily circumvent a host-based control. A user (or malware) encrypting the content or sending it through encrypted channels could also evade DLP controls. Once data leaves either the endpoint or the network, the DLP no longer has control over it. If that data is forwarded, copied, stolen, or accidentally exposed, there is nothing that a DLP product can do. Realistically, to effectively protect any kind of data, organizations need a way to secure it at the point of origin, then track, audit and manage the policies securing it in real-time, no matter where it travels. The Data-Centric Approach A data-centric security approach solves this problem. Instead of trying to control everything around the data, the Digital Guardian Secure Collaboration platform extends control to the data itself. Our Secure Collaboration functionality also allows DLP administrators to relax stringent rules around unstructured data, which provides a better experience for users. When security tools are actually used by employees, the security posture of the organization increases. Our product also ensures that policy is checked and enforced whenever data is accessed regardless of where or how the access takes place. Trust can be defined down to an individual and controlled in terms of what a specific user is allowed to do with the data. Access is also adaptive and can be revoked at any time, whether for an internal or an external user. This logical approach protects data in a modern way that DLP just can’t accomplish. Data and content can move, but IT and Security teams remain in control and can adapt as situations change. Truly protecting an organization’s ‘crown jewels’ in the modern, collaborative environment demands nothing less. Keep your most sensitive data in the right hands Schedule a demo