How Manufacturing and Financial Services Firms are Reinventing their Data Protection Programs
Data protection is a big topic, but it is no secret that DLP has been one of the main technologies tied to data protection. It is also no secret that DLP has been stagnant for years, and this has forced organizations to constrain their data protection programs based on the limitations of their DLP tools. Cyberhaven is in the process of changing that. While our technology can certainly address the traditional DLP use cases, we have taken a fundamentally new approach that lets organizations approach data protection in fundamentally new ways where policies are simple and all data is monitored and controlled regardless of where it is in the enterprise or how many times it is shared or modified.
Recently, I had the opportunity to sit down with two enterprise security leaders who are in the midst of this journey and using Cyberhaven to transform their data protection programs. Raghu Valipireddy, CISO at Axos Financial, and Mike Kraft, IT Security Manager at Vermeer Corporation were generous enough to share their time and insights on the past, present, and future of data protection. It was really interesting to see not only the differences in how organizations from different industries approach protecting their data, but also how similar some of their challenges have been. I highly recommend that you check out the full recording here. However, if you are pressed for time, I’ve highlighted some of the points that really stood out to me.
Thinking Outside the Checkbox
DLP was designed for when only a portion of employees had access to data and not everybody, and the data was in one place and wasn’t moving around. It was a very simplistic model…so when you put a legacy DLP technology in a modern environment it’s no surprise that it doesn’t do well. The only benefit it provides, is one can claim in a questionnaire that one has a DLP technology.
– Raghu Valipireddy
Despite coming from different industries, Mike and Raghu both quickly honed in on the lack of innovation and some of the fundamental limitations of DLP solutions. They rightly noted that while most security tools have gone through a renaissance in recent years, DLP has not. For instance, firewalls evolved into next-generation firewalls, and signature-based antivirus migrated to more behavioral and analytical models found in EDR. Yet DLP has largely remained bound to the content-based signatures and tagging that has defined the technology for more than a decade.
And as Raghu’s comment above notes, this lack of innovation has led to a situation in which DLP simply serves as a regulatory checkbox. Organizations may be able to say that they have a DLP during an audit, but in reality it doesn’t provide any real security.
Mike echoed this need to find new tools that are actually effective at protecting data. At Vermeer it is critically important to protect technical drawings that contain the company’s critical intellectual property. For him, he judged DLP based on how well it could deal with an actual malicious insider who was willing to try and evade detection by doing simple things such as changing a file’s extension.
In both cases, Cyberhaven was able to provide a truly new approach that was able to get to the heart of the issue of protecting data. By continually keeping track of all actions, across all devices, while seeing across user devices and SaaS applications, Cyberhaven was able to provide a simple way to protect data in even the most dynamic and complex environments.
Building New Visibility Into Data
Visibility is the first thing that you have to have. DLP does no good if it can’t see something… That (visibility) was our main initial reason for purchasing Cyberhaven. We wanted to know what we don’t know. And it’s great for this… You can paint the picture – is it internal to external, external to internal, to the cloud, websites, email, removable media, all these things… we wanted to make sure can we see it, and using that information can we get a better understanding for how business works… and it’s been a great tool for that.
– Mike Kraft
Visibility was another key point for both Mike and Raghu. However, they had different journeys in how they got there. Mike’s team at Vermeer really started out looking for something that could give them insight into their environment and their business. And unlike traditional DLP that needs to be told where data is in order to protect it, Cyberhaven is able to trace and analyze all their data by default. This unbroken context was able to illuminate the inner workings of the business so that they could build policies and protections based on the real needs of business and the ways that their users worked.
Raghu’s team came to visibility a little bit differently. They already had a long history with some of the biggest DLP brands, and were initially just hoping to find something a little bit better. Raghu put it this way:
Based on DLP’s track record, we weren’t being too optimistic… and when we ran into Cyberhaven and they were talking about visibility, it took us some time to understand. But then being able to see it in our environment was completely transformational…
Now we weren’t blinded by what we were not seeing. We could see everything… It was like (previously) you were in a dark room throwing darts and hoping something will stick. The visibility put a light on everything and said ok what do you want to do now.
So even though each team came to the issue of visibility in different ways, they ultimately arrived at very similar answers. Having full insight into how all their data moves and is transformed and shared let them reset their perspective on data protection. Instead of things being constrained by the limitations of DLP, the focus shifted to what is actually happening in the business, and what makes the most sense for enabling and protecting the business.
Using Lineage to Solve Problems
At Cyberhaven we often talk about the provenance and lineage of data. These are big words to basically say we want to always know where a piece of data is from, and what has happened to it over time. Once again Mike and Raghu had some great concrete examples about how this technology can solve problems for them in the real world.
For Mike, understanding the full lineage of a piece of data and an incident is critical because it provides proof of truly malicious behavior. He noted again that in the past, malicious users could get past a DLP by changing file extensions or dropping technical drawings into a zip file. Cyberhaven not only can detect and prevent the loss of data in these scenarios, but it also provides the supporting forensic narrative to show malicious intent. This helps keep data protected while arming HR teams with the proof of a user’s bad behavior.
Raghu had a different but equally interesting perspective. As a financial organization, Axos tightly controls PII such as social security numbers. However, in the past, it was common for DLP tools to trigger false positives during tax season as employees received their W-2s and subsequently send them out of the network. Cyberhaven provided a way to avoid these issues. The system could recognize that if the social security number came from ADP and not an internal source, then it was likely the employee’s personal data and could avoid blocking the data unnecessarily.
In the end, it was great to see how both organizations are in the midst of reinventing their approaches to data protection. They both have different backgrounds and different industry-specific needs, yet share remarkably common perspectives. Again, if you have the time, check out the full video here or if you have any questions or would like to learn more about Cyberhaven, reach out to the team here.