Recently I read a report from Ponemon Institute on data protection and information security, “Closing Security Gaps to Protect Corporate Data,” I was struck by the study’s most significant finding: 3 out of 4 companies have experienced loss or theft of important data. Three out of four?!
That means that at recent meetings I’ve attended with other business leaders that almost everyone has faced this significant challenge to their business and reputation! And that’s companies of all sizes, not just the big guys you hear about in the news. How did we get to a place where data insecurity is the norm?
To start, the pace of business today requires information to flow quickly and efficiently to those who need it to do their jobs; we need the data now! This critical flow of data is expedited by the rise of cloud collaboration apps like Office 365 and Google Apps. Now Jim in Finance in Boston can access key customer purchase data from Susan in Operations in Chicago, and Diane and George in Patient Accounts can work together on a report that shows a correlation between account delinquencies and insurance providers. In fact, Ponemon found that 88% of end users say their jobs require them to access and use proprietary information. If everyone’s doing it, it must be ok, right? What could possibly go wrong?
Healthcare providers are no exception. I recently spoke with a CIO of a regional provider who said “we have zero visibility into Shadow IT or what’s being shared from our Google G-Suite”. Why is this?
Well, we all know the answer to that. Now that the data is so easily accessible, it’s also easily abused. And usually not with malicious intent. In fact, Ponemon found that it’s more than twice as likely to be due to innocent employee behavior than a crafty cybercriminal. A simple user error, like uploading a sensitive file to the wrong folder in Dropbox, can result in the accidental disclosure of client data, trade secrets, and even health records. So aside from removing all access to the cloud or firing all employees, what can you do to protect your company?
Cloud Access Security Brokers (CASBs) are the answer. This new segment of cloud security products provides visibility into the use of those collaborative cloud apps that, unmonitored, can wreak havoc with your company’s confidential data and reputation. CASBs can tell you who is using which apps and on what devices, even if they’re outside of the corporate security perimeter.
But that’s only half the equation. To be truly confident in your cloud security and determine if you are at risk, you need to know what data is being shared too. Is it credit card or social security numbers? Patient case info? Proprietary development code? To answer that you need a CASB with audit and control features that use cloud-native APIs to see deep into the shared data. Our CASB product, Cloud Access Monitor, provides these critical features, with APIs to Office 365, Google Apps, and other popular cloud collaboration apps. So you can detect suspicious data behavior before your company becomes another statistic.
The cloud doesn’t have to be a scary place, and in fact, with the right partner, it can be easy to embrace and do so securely.
David joined ManagedMethods in 2014 and is responsible for all revenue operations including marketing, sales and business development. Previously, David was the sales & business development leader at Confio Software, joining the new startup in 2005. At Confio, he leads revenue generation and partnerships resulting in Confio’s record growth and successful acquisition by Solar Winds, Inc. in 2013. Prior to that, David held executive positions as VP of Sales & Marketing at Incat / Cadpo (acquired by Tata), Director of Sales at Informix (acquired by IBM), and Manager of Business Development at Platinum Technology (acquired by CA). David earned a BS in Marketing from the Professional Sales Institute at Illinois State University.