[April 1, 2020]

CASB aren’t enough: How to Protect your Valuable Intellectual Property

Theft of IP is still a big problem, despite tools attempting to prevent it

21% of manufacturers were hit by intellectual property theft, The DOC estimates the domestic value of stolen intellectual property to be between $200 billion and $250 billion annually

Intellectual property and trade secrets continue to be extracted from organizations, in spite of the fact that most organizations have DLP and/or CASB installed. Experts say this proves these technologies are ineffective for protecting this type of data. 

Problems with data security today

Data is everywhere. By the nature of today’s collaborative work environment, data sprawl is becoming unmanageable, and you can no longer depend on point solutions such as CASBs to ensure data confidentiality.

Efficient usage of DLP or CASB tools depends on the ability to predict all the ways data loss can happen, and which IP will be lost - an effort that is labor intensive at best and practically impossible. 

Where today’s solutions fall short

CASBs face the same problems that traditional DLP point solutions have when trying to protect Intellectual Property.

  • IP is not easily recognizable: Most technologies were designed for recognizing text patterns and specifically compliance scenarios (such as preventing Credit Cards and Security Cards from leaking). Your smartest thoughts and those of others in your organization – your IP – do not resemble credit card numbers… The content structure of intellectual property varies greatly and it’s often impossible to recognize based on content and therefore very challenging to protect with strict DLP rules.
  • Blocking the Known vs. the Unknown: It is impossible to identify each and every data loss scenario leading to data that goes unprotected. The known keeps changing, tools are constantly added- new data, new collaboration apps and new storage options. We all share information on Slack and easily drop information where others can easily access it. A DLP- or CASB-based approach requires constant policy tuning for every change in information flow in your organization (just think how many such changes just occurred in the COVID-19 crisis).
  • No protection in movement between cloud services: How is data moved between services? A user downloads it to their working machine, and then uploads to a different service. The moment the data is stored on that user’s endpoint, the CASB loses all visibility to it, and loses the context that made it valuable. Unfortunately, risk doesn't stop when your data goes beyond the cloud service you are protecting with your CASB. 

Moreover, even a combination of those point solutions together leaves a big gap when data moves between silos, and loses the context of what makes it sensitive. 

Lets look at a common example- a salesperson exports a report from Salesforce and then sends it to her personal email. CASB won’t alert that the report is being exported, because that is acceptable behavior for that user. When the report is emailed, DLP can’t know the report originated in Salesforce and contains account data, resulting in an undetected data leak.

With the complexity and amount of services being used by an organization today, these scenarios are increasingly common, yet still aren’t detected by current point solutions.

A better model is needed – an ubiquitous IP protection paradigm

It is impossible to map and predict what data will be lost, and all the ways that can happen, and therefore IP protection needs a new paradigm: Data Behavior Analytics (DaBA).

The future of sensitive data protection is in being able to analyze the data behavior: 

  • Ubiquitous. Track all the data in your organization. All the time. Across all silos (endpoints, email, SaaS, custom and proprietary apps).  
  • Automated. can’t depend on end users or security teams to manually classify data or create dozens of rules beforehand
  • Easy to use, no maintenance. no complicated setup, quickly track down the extent of a breach by getting the chain of events that led to it from on e place with no policy configuration needed.
  • Full picture view. focus on intent of the behavior rather than a long log which requires sifting through

CASB Vendors and Cyberhaven

CASBs will protect data in the cloud, but won’t be able to control it after it has left a cloud service.
Similarly to DLP, they will only protect data that can easily be recognized based on text patterns, or require complex tagging projects that never succeed.

Cyberhaven’s Data Behavior Analytics (DaBA) will automatically trace your sensitive data and protect it on all your systems, even when it is moving between various systems or clouds.If you need to broaden your net to detect the leaking of Intellectual Property that is not pattern-based, such as drawings, diagrams, strategic plans and contracts then it is time to see the visibility that Cyberhaven provides and stop depending on traditional data protection point solutions.

Cyberhaven and CASBs work well together, but there are no specific product tie-ins or integrations required.

Get Data Risk Assessment

Topics: Insider Threat, DLP