Using the cloud has become second nature for today’s organizations, and in most cases, cloud enthusiasts report an overall security improvement. However, data loss prevention (DLP) remains an issue. The issue is that while cloud providers have bolstered security in recent years (which helped lead to widespread adoption of cloud technology), they have very little power to govern what end users actually use the cloud for, like sharing sensitive information.
In reality, only 30% of cloud-using organizations have DLP policies that extend “across employee devices, the corporate network, and the cloud.” Meaning that in 70% of cases, organizations have little to no oversight of end-user cloud usage. Ironically, this lack of oversight is largely due to the improvements made to cloud security (by the providers), as it has created a tendency for customers to think that cloud security is not their concern. What we are now learning is that the cost of this security smugness is lost data.
Most of the time DLP issues are actually data classification issues, and when they’re not, they’re usually privacy-related issues. The good news is that both can be solved with a simple prioritization exercise: get a group together to brainstorm which data repositories hold the most sensitive information and then proceed to evaluate just how sensitive that data is and what kind of protections it needs. For example, if sensitive data is stored on a cloud-based file sharing platform, make sure to configure that platform to prevent unauthorized sharing or downloads.
Qualys VMDR and Ivanti have announced a new partnership dedicated to improving the detection and patching of vulnerabilities. Announced July 30, the Qualys and Ivanti Partnership have already gone live as an integrated component of the VMDR solution.
Microsoft recently previewed the specific features to tackle data security and risk management for end users with Microsoft Endpoint Data Loss Prevention (DLP) and Double Key Encryption. The reason for the launch? The increasing shift towards a remote work environment and a need to mitigate the accompanying risks.
IBM is changing the terms of its ubiquitous Passport Advantage agreement to remove entitled discounts on over 5,000 on-premises software products, resulting in an immediate price increase for IBM Software & Support (S&S) across its vast customer landscape.
RiskSense announced on July 13 its new version of the cloud-delivered RiskSense risk management platform. The main draw of the program is its holistic risk calculation across CVEs and CWEs.
To bolster and broaden its data privacy capabilities for end users, cyber and data protection vendor Acronis has acquired DLP player DeviceLock. The acquisition aligns with the increasingly prevalent role that data privacy plays in cybersecurity.
Cyberthreats are omnipresent for any enterprise. Monitoring ingress and egress points while still conducting business is a balance security professionals attempt to strike. Couple this with the continued security issues around remote work during the pandemic, and security teams have their hands full.
On May 26, Kenna Security released its new Prioritization to Prediction Benchmark Survey. This free tool provides organizations with the ability to compare their vulnerability management programs to industry averages Kenna Security has compiled over the years.
COVID-19 has changed a great deal about how businesses operate. From a security perspective, however, COVID-19 caught many businesses off guard. The shift from working in the office to working from home has made it difficult for security measures to keep pace. Specifically, how are businesses meant to maintain the same secure networks when their employees are no longer working in the office? Outside of the security of the IT departments, IT and security have a tough time ensuring that patching and vulnerability management remain at the forefront of a business’s priorities.
GTB Technologies, a smaller vendor known for dedicating itself solely to DLP solutions, has introduced a new multi-tenancy feature for its SDK that aims to improve quality and efficiency for DLP-integrated application development.