Blog

Browse our blog to see what our experts are talking about, and for insights on the latest cyber security trends impacting your business.

Why Data Classification Should Not Depend On UsersWhy Data Classification Should Not Depend On Users
April 12, 2021

Why Data Classification Should Not Depend On Users

If your company is manually classifying any data, you've already lost the data security battle. Data security is reliant on classification, but data classification is unreliable today because it relies on users.

Users tag or label files with common values like "public," "internal," "confidential"and "highly confidential," and solutions like data loss prevention, rights management and information protection all rely on some form of tag. This type of classification is very fragile because data is always in motion. What is important today might not be important tomorrow. What is not sensitive today might become sensitive in the future.

To get a sense of this problem, let's walk through a simple data classification workflow with manual user-based classification. An employee creates a generic project template and classifies it as public. There is no confidential data within the template. Another employee starts to use the template for a client and populates it with customer-specific information. The employee should change the classification to"internal."

Maybe the classification change occurs. Maybe it doesn't. The risk to the company is low at this point, but not zero. As time passes, employees could add more and more data to the file, including login credentials and account numbers. Has the file been reclassified as Confidential? If there are multiple versions of the file, have all instances of the file been reclassified correctly? There are too many opportunities for classification to fail. The risk to the company is now high.

The weakest link in the classification process is employees. Even diligent employees make mistakes. Many companies implement different security processes for files with "confidential"or "highly confidential" tags, such as not allowing them to be sent via email or stored in the cloud. These processes create additional workflow friction for employees. Employees do not have the incentive to classify data correctly.

Removing employees and the human element from security is the answer. Instead of relying on employees to follow procedures and evaluate data correctly, companies should consider security solutions based on automated classification. A popular marketing term for these types of solutions is data-centric. Like most marketing terms, companies bend the definitions as needed to fit their positioning and solution.

Regardless of what you call it, companies should look for data security solutions that do not require end users to be part of the security process. Authorized users should continue working without knowing security has validated their actions, while the system blocks unauthorized users from accessing secured data.

Security solutions need to focus on the data. Instead of relying on users to update classification based solely on the perception of what type of data is in a file, you should base security decisions on immutable values such as data content itself.

The employee still copies and pastes login credentials and account numbers from a previously secured and confidential file from our previous example, but the security recognizes the original data from a confidential file in this case and automatically changes the second file classification to confidential — all without any input from the user.

Even if the employee copies the file or creates a new version via "save as," the resulting file will be classified automatically. Now security is working automatically without any input for users.

In short, to win the data security battle, companies must first classify data correctly. Here are some tips to ensure your data security is successful:

• Remove end users from the security process. Users should not be deciding on data classification.

• Security needs to be transparent to authorized users. If not, they will find alternative workarounds to stay productive.

• Base classification on immutable values such as the content of files. As the content changes, the classification or label needs to change automatically.

• Do not rely on filename or metadata for classification.

• Look for data security that identifies content such as regulated data types and sources. Types can be personally identifiable information (PII), Payment Card Industry (PCI) and personal health information (PHI). Sources can be all data that originates from a SaaS service like Salesforce or Workday or from a centralized file server.

• Ensure classification occurs in realtime and not a nightly rescanning of the computer.

By adhering to these tips, companies can ensure that the data classification is credible and reliable. Classification decisions are critical to the data security process, and data classification historically has let companies down.

Why Data Classification Should Not Depend On Users

Original Forbes Article

Read Article
Blog
Surviving A Modern Ransomware AttackSurviving A Modern Ransomware Attack
March 24, 2021

Surviving A Modern Ransomware Attack

Surviving a modern ransomware attack such as Maze or Sodinokibi/REvil

The most recent ransomware headline occurred a few days ago when the Sodinokibi/REvil ransomware group hit technology manufacturer Acer with a $50M attack. According to published reports, confidential internal data was made public as proof of the attack.

As ransomware attacks become more frequent and the ransom amounts continue to grow, what can companies do to survive a ransomware attack?

1.  Maintain an effective data backup and restoration program

2.  Stop ransomware attacks early by monitoring file system activity

3.  Secure all data that should never leave the company

Data Backup and Restoration

One of the reasons malicious actors attack manufacturers, local governments, and hospitals is that the downtime cost to restore normal operations is high. It is a lot easier for these organizations to pay the ransom rather than restore data from backups. Often the backups are local and have also been compromised during the attack.

Organizations need to ensure backup data is isolated from the production environment so the attack cannot impact the backup. Organizations also need to test their restoration process to have confidence in the restoration process and the amount of time required to restore critical systems.

Early Detection of Ransomware

Ransomware attacks are focused on files and data. All of the actions ransomware needs to succeed need to be monitored. File system events such as file creation, deletion, rename, modification, and volume mount and unmount should all be monitored. 

SecureCircle's agent monitors all file system activity to detect when to secure data automatically. Regardless of the decision to encrypt data, the file system logs are available for early anomaly detection.The records can alert and stop ransomware threats before the attack is successful.

Secure all Data

Complex ransomware attacks encrypt data within the organization and steal a copy of the data to release it. Organizations pay the ransom if they can't accept the outcome of either attack. While a comprehensive backup and restoration program can limit the impact of downtime, companies still need to address the threat of data leaking to the public.

Again, hackers have chosen their targets wisely since hospitals and government agencies have compliance requirements to meet, such as PHI (Personal Healthcare Information), CCPA (California Consumer Privacy Act),GDPR (General Data Protection Regulation), and more. The technology and manufacturing companies have valuable intellectual property worth $ millions.

Typically organizations have used DLP (Data LossPrevention) solutions to keep confidential information from leaving. But legacy DLP is challenging to operationalize and leads to additional operational overhead with marginal success. As a result, only a small subset of data is secured. 

SecureCircle enables end-users to operate without obstacles while data is continuously secured against breaches and insider threats. Instead of relying on complex reactive measures, SecureCircle persistently protects data in transit, at rest, and even in use. Most important, SecureCircle allows the organization to secure all their data since there is no impact on the end-user behavior or business workflows, no additional administrative overhead, and no impact on applications or technical workflows.

Following these three guidelines will minimize the impact of a ransomware attack.

Surviving A Modern Ransomware Attack

Read Article
Blog
The Zero Trust Approach to Data SecurityThe Zero Trust Approach to Data Security
March 15, 2021

The Zero Trust Approach to Data Security

Ordinarily, our data is going to continue to move around from place to place. Most of us need to have our data distributed in different locations, which can be risky. One of the top ways to protect our data and keep it secure at all times is having Zero Trust. Zero Trust is a newly implemented model that is now being used for more effective security. Many security experts believe that it is the best way to prevent data breaches.

Zero Trust simply implies that there is no trust in anyone. However, your data remains secure at all times. Zero Trust requires all users, even those inside the organization's enterprise network, to be authenticated, authorized, and continuously validating security configuration and posture before being granted or keeping access to applications and data. Even though Zero Trust requires authentication, it does not impact an organization’s workflow. SecureCircle’s Zero Trust solution is transparent to users and workflows. Users continue to use the same applications without any knowledge an additional security layer is active. There is no change in file names or extensions, and SecureCircle has no limit to file size. Due to the transparent nature of security, SecureCircle can secure all data by default. 

With Zero Trust, security is persistent. Your data is remained secure at all times, whether it is at rest, in transit, or in use. Security is also applied to any application or file type. Zero Trust allows you to have limitless protection over your data, so it bypasses many other security solutions out there. Another benefit of Zero Trust is that it will enable you to have complete visibility and control over your data. Granular logging and reporting should allow orchestration tools to look for anomalies and suspicious behavior. Proper logging will allow orchestration tools to detect potential malware and suspicious user behavior while also creating audit and compliance reports.

The strategy around Zero Trust boils down to don’t trust anyone. Many organizations should implement Zero Trust if they have not already done so. SecureCircle’s Zero Trust solution will finally prevent data breaches. SecureCircle Zero Trust data security for endpoints doesn't impact users and workflows and protects data by default.

The Zero Trust Approach to Data Security


Read Article
Blog
Data Loss Prevention's Classification To Security GapData Loss Prevention's Classification To Security Gap
March 10, 2021

Data Loss Prevention's Classification To Security Gap

Clearly, (555) 123-1234 is a phone number from the United States. Identifying critical data such as personally identifiable information (PII), credit card information (payment card industry or PCI data) or personal health information (PHI) is not a problem. Both users and artificial intelligence/machine learning (AI/ML) can locate names, addresses, account numbers and other personal information. If we can identify the critical data, why doesn't data security prevent data breaches and dataloss?

Data loss occurs because traditional security such as data loss prevention (DLP) doesn't secure data on the endpoint. DLP will discover and classify data on the endpoint, but it will not secure it. Instead, DLP will rely on blocking sensitive data as the data attempts to leave the device. 

The reason is security is not transparent and impacts users and workflows. To accomplish this, DLP requires admins to create and maintain an extensive list of rules that identify what is allowed and what is not.

Example rule: If the user is sending PII data via Outlook/Exchange and the recipient's domain is Acme.com, block the action by removing the PII attachment. Now, the example rule makes sense. But what happens when we introduce three layers of users: limited, corporate, executive. Each has a different outcome.

What happens if a user tries to send the file via WeirdAppOffInternet.exe? Or what happens if Acme.com also has a team in Japan with the domain Acme.co.jp? The number of rules and the ongoing maintenance to keep up with applications is nearly impossible.

Why do legacy solutions insist on not securing classified data on the endpoint? Because, until now, all solutions available impact users and workflows.

Securing data today stops work from happening. For example, when PII data is in a PDF file, DLP encrypts the PDF to protect the PII data. But now, users can't easily view or edit PDF files. Previews and thumbnails stop working. Users need to either decrypt the PDF file to edit or view. Alternatively, the DLP solution could provide some encrypted PDF viewer (or plug-in). At a minimum, users have to learn a new behavior to view and edit the secure data. More common is users pass a speed bump multiple times a day while trying to perform their job.

DLP has found ways to reduce the speed bump for common file types like PDF and Microsoft Office files. But PII and regulated data are also found in other file formats. Audio, compressed files, images, videos, source code/engineering files, databases and more are commonly used in business today. DLP is a significant speed bump for these and any custom file type. Users have to encrypt and decrypt the file before using and storing it. We can debate the end-to-end security of solutions that decrypt entire files as part of the standard workflow separately. (Hint: I will argue that any solution that decrypts the whole file is inherently flawed.)

Organizations should evaluate DLP solutions based on two criteria:

  • Data security needs to be transparent to end users and workflows. Solutions need to include securing data of any file type and compatibility with any application. Users will find workarounds to security if security impedes their ability to work.
  • PII and other regulated data sets need to be secured as soon as possible on the endpoint. Securing data on the endpoint protects from accidental and malicious insider threats and external threats such as ransomware.

The industry needs to change its approach. DLP solutions must secure the data on the endpoint and not just contain the data to the endpoint. This small difference is significant. There are too many inadvertent and malicious ways for data to leave the endpoint. The ongoing rule management burden DLP places on organizations is too high.

Data Loss Prevention's Classification To Security Gap

Original Forbes Article

Read Article
Blog
How is CDPA Different from GDPR and CCPA?How is CDPA Different from GDPR and CCPA?
March 9, 2021

How is CDPA Different from GDPR and CCPA?

CDPA (Virginia Consumer Data Protection Act) goes live January 1, 2023. The law follows other high-profile data protection and privacy laws such as GDPR (General Data Protection Regulation) that went live on May 24, 2018, and CCPA (California Consumer Privacy Act) that went live on January 1, 2020. 

While all of the laws have the same general intent to protect users' personal data, CDPA has a few unique requirements.

· CDPA grants users the right to view and obtain their personal data by the covered entity. GDPR allows users to request the data be deleted 'right to be forgotten,' and CCPA enables users to grant permission to sell their data. This will increases companies' obligations to allow users to view, edit, and delete personal data.

· CDPA also grants users the ability to opt-out of processing personal data for targeted advertising purposes. GDPR and CCPA do not cover this.

Virginia will give businesses that violate CDPA 30days to correct behavior before they are fined up to $7,500 per violation. Consumers cannot take legal action directly against a business. CDPA contains no private right of action.

Consumer Data Protection Act
Read Article
Blog
The Future of Password Security | The Cybrary Podcast Ep. 54The Future of Password Security | The Cybrary Podcast Ep. 54
February 28, 2021

The Future of Password Security | The Cybrary Podcast Ep. 54

Joining the Cybrary Podcast this week is Jeff Capone, CEO & Co-founder of SecureCircle. In this episode, Jeff, Mike, and Jonathan discuss zero-trust policies, why people use encryption, and what it would mean for data access, privacy, and security if we could make the need for passwords obsolete.

Podcast Links:

Cybrary

Apple

YouTube

Spotify 

Google

The Future of Password Security


Read Article
Blog
Zero Trust DLPZero Trust DLP
March 17, 2021

Zero Trust DLP

Zero Trust Data Security is a prevalent security architecture that is being adopted by many organizations today. A zero-trust solution requires the owner of the data to always be in control at all times. Before Zero Trust protection was even in the picture, DLP was the leading data security solution. There were many flaws within organizations using DLP, and because of that, data was still not fully secure. SecureCircle’s Data Access Security Broker changed this whole paradigm of having to classify whether the data is sensitive, medium, or public. With SecureCircle, this concept does not matter anymore because all of your data is protected no matter what. SecureCircle takes on a Zero Trust Data Security approach to ensure that data is secure at all times without any limitations. 

At SecureCircle, we believe that frictionless data security drives business value for customers. The top four reason why customers trust and choose SecureCircle are :

  1. We remove users from the security process.
  2. We are transparent and frictionless to users and applications.
  3. We reduce costs and complexities.
  4. We are a rapid and simple deployment.

SecureCircle secures the data right at the source so that it is secure throughout the whole journey. Throughout it, the data is encrypted regardless of whether it is a rest, in transit, or in use. Unlike DLP, at no point during this process, the user has to identify whether the data is important or sensitive. Even though classification is important, it should not interfere with how your data is being protected. With Zero Trust protection, everything is always protected no matter what. With Zero Trust being completely transparent, there is no interference with the user behaviors or applications. Visibility is key when protecting data, and it is something that DLP did not have. 

Another advantage of DASB is that our solution is very cost-effective. Many organizations believed that DLP was a very expensive solution that did not guarantee data security. DASB reduces many of the complexities that came with DLP. Setting up all of the policies of DLP could be a massive time and money investment. Unlike many traditional solutions, SecureCircle works on a simple cloud to agent delivery model, which means a fast and straightforward deployment.

SecureCircle’s Zero Trust Data Protection solution covers everything DLP was able to solve and more. Companies worldwide spent billions of dollars on DLP technology, hoping that it would answer their intellectual property protection. However, this is not the case because there were many flaws and evidence that it just did not work. DASB is the “new new” when it comes to data protection because it simply protects your data no matter what.

Zero Trust DLP


Read Article
Blog
Microsoft AIP Doesn’t Measure UpMicrosoft AIP Doesn’t Measure Up
March 17, 2021

Microsoft AIP Doesn’t Measure Up

Data security is a measure twice, cut once type of activity. Mistakes in data security are expensive. IBM's recent Cost of a Data Breach report states that the US's average data breach costs companies $3.84 million. Many data security solutions have a fatal flaw that creates a risk for data loss. (see Move Beyond DLP's Failures). What are Microsoft's Azure Information Protection (AIP) failures? AIP fails in three ways:

· Security is only transparent for Microsoft Office applications.

· Data classification relies on users.

· After identification or classification, AIP doesn't protect data immediately.

Security is only transparent to Microsoft Office or RMS-enlightened applications.

Securing data in the Microsoft walled garden works. The real world, however, is made up of applications beyond Microsoft. Like DLP, AIP only supports native Microsoft applications or applications that have the Microsoft RMS SDK integrated. Once you introduce external applications and file types, security looks more like file encryption. File encryption can keep data safe in transit or at rest. The flaw with file encryption is that users must decrypt the file for use. And once the user decrypts the file, security relies on the user re-applying encryption after using it.

Data classification relies on users.

Similar to DLP, AIP requires users to become part of the security process. People are fundamentally prone to make mistakes. Even the most diligent employees will still classify based on their best interpretation of the data. As discussed previously on Forbes.com “Data Loss Prevention’s Classification To Security Gap”, data is in constant motion. The only way to correctly classify information is to monitor the data and automatically label and secure it based on content.

Security not applied during classification

Microsoft's AIP documentation recommends that confidential and highly confidential data tags are secured immediately while internal and public tags are not. By not securing data during classification, data labeled Internal or Public today could evolve to confidential information while the label remains Internal. Eventually, users can accidentally or maliciously send files outside the company. Why not secure all data by default?

Companies should not worry about measure twice and cut once. By removing employees from the security process, securing all data immediately on the endpoint regardless of classification tag, and ensuring security can protect all types of data from any application, companies can finally reduce their data loss risk.

SecureCircle is compatible with all file types and applications without any modifications to workflows or applications. Custom enterprise applications with unique file types are secured in the same way as a Docx Microsoft Word file.

Unlike AIP or other DLP tools, SecureCircle does not require any security decisions from the user. Data is automatically secured using content and contextual information. Securing data by content includes protecting data similar to previously protected data or securing a specific class of data such as PII, PCI, or PHI. Examples of contextual security:

· Securing data downloaded from Salesforce.com

· Applying security to locations such as the Finance folder on a central file server

· Automatically securing all output from Excel orVisual Studio

Because SecureCircle is transparent to users and workflows, SecureCircle secures data immediately upon detection. Unlike legacy solutions, which only apply security when users try to transfer data from the endpoint, SecureCircle's persistent data security works at rest, in transit, and in use.

SecureCircle - no measuring required - transparent continuous automated data security.

Microsoft AIP Doesn’t Measure Up
Read Article
Blog
HIPAA & NIST 800-111HIPAA & NIST 800-111
March 17, 2021

HIPAA & NIST 800-111

What is HIPAA?

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that required the creation of national standards to protect sensitive patient health information from being disclosed without the patient's consent or knowledge. The US Department of Health andHuman Services (HHS) issued the HIPAA Privacy Rule to implement HIPAA requirements. The HIPAA Security Rule protects a subset of information covered by the Privacy Rule.

The Privacy Rule standards address the use and disclosure of individuals' health information (known as "protected health information") by entities subject to the Privacy Rule. These individuals and organizations are called "covered entities." The Privacy Rule also contains standards for individuals' rights to understand and control their health information usage. The Privacy Rule's primary goal is to ensure that individuals' health information is adequately protected while allowing the flow of health information needed to provide and promote high-quality health care and protect the public's health and well-being. The Privacy Rule strikes abalance that permits essential data uses while preserving the privacy of people who seek care and healing.

The following types of individuals and organizations are subject to the Privacy Rule and considered covered entities:

·  Healthcare providers

·  Health plans

·  Healthcare clearinghouses

·  Business associates

HIPAA requires data at rest to be secured according toNIST 800-111 and data in motion to be secured by NIST 800-52, 800-77, or FIPS140-2. Standards-based Transport Layer Security (TLS) secures data in motion, so organizations don't have to decide how to implement transit security.Organizations have multiple options for meeting 800-111.

What is NIST 800-111?

NIST 800-111 is a Guide to Storage EncryptionTechnologies for End User Devices. It is a dated standard that describes the encryption technology options available. SecureCircle's Data Access SecurityBroker (DASB) didn't exist in 2007 when NIST created the specification. DASB has helped numerous organizations meet their HIPAA requirements.

While meeting the requirements may not be a challenge, ensuring an organization receives value on their implementation is. All the solutions listed below can help companies secure data from threats involved in lost or stolen devices. Some of the options can also prevent OS and application layer threats such as malware and insider threats.

Some solutions offer a portable encryption solution compliant between devices when sharing files across operating systems such asWindows and Mac.

SecureCircle is the only solution that allows for customizable data encryption scope based on the customer requirement. Customer scan select to secure data files only or all data. 

SecureCircle is also the only fully transparent solution that provides portability. End-users use existing applications and workflows without any change. There are no additional steps to decrypt files before working with the data. Any application, any file type, and any file size is supported. Customers deploy SecureCircle quickly since no end-user training is required.

Contact SecureCircle to find out how DASB helps organizations meet compliance requirements such as HIPAA.

HIPAA & NIST 800-111
Read Article
Blog
The Zero Trust Data Journey (0 to Zero Trust in 2 steps)The Zero Trust Data Journey (0 to Zero Trust in 2 steps)
March 10, 2021

The Zero Trust Data Journey (0 to Zero Trust in 2 steps)

The Zero Trust Journey (0 to Zero Trust in 2 steps)

What is Zero Trust?  Many companies have adopted Zero Trust as their security framework.

Zero Trust requires all users, even those inside the organization's enterprise network, to be authenticated, authorized, and continuously validating security configuration and posture before being granted or keeping access to applications and data. The simplified explanation is 'Trust no one and secure everything, including data by default.'

Zero Trust has four key pillars that map directly to Zero Trust solutions: People, Networks, Workloads, and Devices. But what about Data?

Legacy endpoint DLP (Data Loss Prevention) solutions don't secure data by default and should never be considered Zero Trust. Legacy DLP solutions only block or encrypt data that tries to leave the endpoint/device. External attacks such as the Palmerworm take advantage of the lack of security. Another large security gap is internal users avoiding security because protection such as legacy DLP hurt their productivity. Employees will find ways to work around security to improve their productivity. Employees discover workarounds because legacy DLP requires an extensive library of rules and policies which need to be continuously updated. Security administrators play whack a mole with new applications, SaaS vendors, and more.

To deploy Zero Trust Data Security, companies need a solution that doesn't impact users and workflows and protects data by default. The only solution in the market that meets those requirements today is SecureCircle.

SecureCircle is transparent to users and workflows. Users continue to use the same applications without any knowledge an additional security layer is active. There is no change in file names or extensions, and SecureCircle has no limit to file size. Due to the transparent nature of security, SecureCircle can secure all data by default.

Zero Trust Security Model Explained

Data security from Zero to Zero Trust in 2 steps

1.  Deploy SecureCircle agents to all your devices similar to AV (Antivirus), EDR (Endpoint Detection Response), or any other software update.

2.  Apply security policies to users, devices, datasources, data types, applications, networks, and more. (examples below)

·  Data Source: secure all data downloaded fromSaleforce.com and only allow users from the 'Sales' group in Active Directory or OKTA to access the data

·  Data Source: automatically secure source code from GitHub and only allow users from the 'Engineering' group to access the data.

·  Content: select data sets to secure when detected, such as PII (Personally Identifiable Information), PCI (Payment Card Industry),and PHI (Protected Health Information).

·  Application: create a list of applications that are allowed to access secured data

·  Application: automatically secure any output from git.exe

·  Network: Block Microsoft Word from saving unsecured data to OneDrive or SharePoint.

Let employees continue their work without any change tot he workflow and remove employees from the security process.

Deploying legacy DLP takes months to set up and requires significant resources to upkeep. With SecureCircle, companies see value within days or weeks. Since SecureCircle's security is transparent, there is no training needed for employees. Ongoing maintenance doesn't require creating new and updating existing DLP rules. SecureCircle policies only need to change when data egress policies need to change. SecureCircle Zero Trust data security for endpoints doesn't impact users and workflows and protects data by default.

Start your Zero to Zero Trust journey by contactinginfo@securecircle.com.

Read Article
Blog
Where's Your Data? Who Cares!Where's Your Data? Who Cares!
March 17, 2021

Where's Your Data? Who Cares!

Discovering and classifying data to protect it is challenging. Many of us tend to wonder, “Where is our data?” However, what many of us do not realize is that it does not matter where our data is, but how it is being protected. By having a Zero Trust Data Security solution in place, such as SecureCircle, your data will persistently be protected no matter where your data is. 

Having all of your data protected can be very beneficial to an organization. Human error is one of the most unfortunate causes of data breaches. Protecting data at all times removes the human element.  It can be challenging for many organizations to continually ensure that the data does not egress to the wrong parties. One of the most significant flaws that many organizations have gone through relies on people to do the right thing. Many of us may take out data without even realizing its value or extending the proper protections. Secured data removes the need to know where the data is.  Data is always encrypted regardless of whether it is at rest, in transit, or in use. At no point do users need to or should be able to decide what data is important or sensitive because the data is simply protected by default.

What we mean by “Where’s your data? Who Cares!” is that, as humans, many of us just do not care. An organization’s employees may just want to get their job done and not worry about a data breach or their security decisions. With SecureCircle, the organization can transparently secure their data without any interference in their workflow. When data moves onto endpoints, SecureCircle transparently encrypts the data in a way that is invisible to both users and applications. This transparent approach means that user behavior does not need to change, and applications do not need to integrate in any way to take advantage of the control and security that SecureCircle delivers. This approach also takes a burden away from the employee and allows them to focus more on getting their job done rather than constantly worrying about protecting their data. 

Organizations are better off leaving the human element behind when it comes down to protecting their data. The majority of employees are not security professionals, and because of this, it can cause disruption if the correct security measures are not in place. SecureCircle’s Data Access Security Broker allows organizations to have frictionless protection over their data at all times. No matter where data is stored, it will always be secured.

Where's Your Data? Who Cares!


Read Article
Blog
Move Beyond DLP's FailuresMove Beyond DLP's Failures
April 6, 2021

Move Beyond DLP's Failures

Move Beyond DLP’s Failures

DLP (Data Loss Prevention) solutions haven’t stopped data breach growth. IBM reports the average total cost of a data breach reached $3.86 million USD in 2020. DLP solutions only block or encrypt data that tries to leave the endpoint. Hackers have used malware and ransomware like the Palmerworm to take advantage of the lack of security. Data security should focus on persistently securing data wherever it goes. Data should be secured regardless of location. Which means data must be secured by default.

Another large security gap for DLP is internal users will find ways to work around any security solution that impacts their ability to work effectively. Workarounds are possible because DLP requires an extensive library of rules and policies which need to be continuously updated. Security administrators play whack a mole with new applications, SaaS vendors, and more.

SecureCircle’s Data Access Security Broker (DASB) addresses DLP’s faults. Data is secured without impact to users and workflows while securing data by default.

SecureCircle is transparent to users and workflows. Users continue to use the same applications without any knowledge an additional security layer is active. There is no change in file names or extensions, and SecureCircle has no limit to file size. Because of the transparent nature of security, SecureCircle can secure all data by default.

Move Beyond DLP's Failures

SecureCircle corrects the failures of DLP

• DASB doesn’t require extra discovery or classification tools.
• Users are entirely unaware security is in place since there is no change to user workflow.
• DASB’s secure by default posture allows aminds to focus on exception policies only.
• SecureCircle’s security continues regardless of data location.

DLP Pain Points:

Discovery & Classification

• DLP requires additional tools, such as Discovery and Classification, to work. Relying on other products increases cost and complexity.

Operations

Operational success can be measured by the amount of friction introduced into the work environment on users and administrators.
• Because DLP is so complicated, companies often hire DLP deployment consultants to configure the DLP to work correctly. The Symantec DLP version 15.5 Administration Guide is 2560 pages.
• Companies never operationalize DLP within a company because DLP requires so much maintenance. Admins must continuously create and update new rules to cover policy changes, additional applications, additional cloud/SaaS applications, etc.
• Companies either continue paying their DLP consultant to maintain their solution, or the effectiveness of DLP begins to degrade.

Failed Architecture and Technology

• DLP doesn’t secure data on the endpoint. Instead, DLP tries to limit data egress from the endpoint. By doing this, users are blocked from everyday tasks such as copying data to the USB drive. For files and workflows that can’t be emailed due to size, portable drives and cloud storage may be the only option to transfer large files and data sets. DLP security coverage is limited to a small set of business applications and file formats.
• DLP requires users to be an active participant in the security process. Users do not have an interest in doing this. They will secure the least amount of data because it makes their work easier. Also, even diligent employees will make mistakes.
• DLP is based solely on regex pattern matching, which is very fragile. Creating lots of data escapes.
• Specific vendors such as Symantec have limited cross-platform support.

Security versus Friction

Endpoint DLP

• High Friction: Admins need to create and maintain a massive list of DLP rules. Admins cannot keep up with changes in the network, endpoint applications, etc. so
over time, more and more holes are introduced. DLP asks users to be part of the classification process. Users are also limited to the applications and file types that can be used.
• Moderate Security: The fundamental security model is flawed since data is not secured by default. Security is only applied when data attempts to egress from the device. Ransomware and malware take advantage of this because once the malicious application is running on the device, the application can try many methods to get data off the device.

Data Access Security Broker

• No friction: DASB is completely transparent to users. Users continue with the same workflow as before. Admins integrate with existing authentication solutions and manage exception policies only. Exception policies do not change often.
• Complete Security: Data is secured by default, including at rest, in transit, and even in use. When secured data is transfered off the device, the data remains encrypted and only authorized users will be able to access the content. This allows for use of cloud storage and file sync and share to be used as secure transport methods.

Download DLP Failures Datasheet

Read Article
Blog
Zero Trust Data SecurityZero Trust Data Security
March 17, 2021

Zero Trust Data Security

Even with costly and complex data protection programs in place, data breaches and insider threats are still continually occurring. A reimagined approach to data security needs to be taken to mitigate these threats. Zero Trust is a security concept that requires the owner to have full control over every aspect of their data. To protect data from leaving the cloud, the owner must isolate and control all aspects such as other users, devices, and networks. The combination of controlling all aspects allows you to have control over your data and is the key to achieving Zero Trust. 

One of the main factors of Zero Trust is that the protection is persistent with the data no matter how or where it moves. At one point in time, data protection meant backing up data. Because of this, many of us did not discover and classify what we wanted to keep and chose to back up everything. Data security should protect everything because what you might not think is important today may still be important another day. If all of the data is secured, it doesn't matter where the data lives because it will never be vulnerable without access or keys to the data. 

With Zero Trust protection, when encrypting a file, only allowed applications and users of those applications are able to read the data without decrypting the file. Zero Trust ensures the data will always be protected because the owner will still have full control over everything. The Zero Trust protection automatically inserts a transparent layer between the read and write processes of applications and the application storage systems, whether running on endpoints or in the cloud. When an authorized user accesses, protected data, device, process, or application, the access control policy will allow the user, device, process, or application to read the encrypted bytes.

Zero Trust data security is the most fluid and valuable to an organization when it comes to protecting and being in control of your data. Being able to protect an organization’s source code with Zero Trust implies that your organization has won in a way. A whole barrier over the organization has been lifted because it enables the developer to do their job without releasing control over their data. By protecting source code data persistently and transparently, SecureCircle’s DASB is ideal for today’s zero-trust world. SecureCircle offers the most innovative method of protecting source code from insider threats and data breaches. DASB empowers organizations to enable secure access and full data control with no impact to applications, workflows, overhead, or end-user experience.

Zero Trust Data Security


Read Article
Blog
Conditional Data Access for EndpointsConditional Data Access for Endpoints
March 17, 2021

Conditional Data Access for Endpoints

Many people think about using Conditional access for SaaS applications or access to specific data sources. However, once that data is accessed, how do you continuously enforce conditional access "to the data" on an endpoint? When your data is kept in a SaaS service, it is generally kept secure by the provider. Once your data leaves the service, that is when your responsibility comes into play with protecting your data. SecureCircle provides a Zero Trust Data Protection solution to ensure that your data is protected with conditional data access for endpoints.

Zero Trust implies that you have absolute control over your data and allows you to have the ability to change your access control at any given point in time. Conditional data access is all about allowing access to users without giving up any control, maintaining control, and adapting based upon telemetry. For instance, if a former employee had access to the organization’s data, you can sort of go back in time to revoke access as long as you did not give up control. When access to data is disabled, the data is no longer accessible to the user, group, or device, regardless of where the data resides. Attempts to access the data on a device that had access revoked will be denied, and these attempts will be logged. 

To detect any risky behavior while possessing control, SecureCircle works in conjunction with your identity provider. SecureCircle becomes part of the device’s compliant posture while your identity service can detect if the device attempting access is compliant before issuing access. SecureCircle always keeps data in an encrypted state and only allows approved applications to access and modify it. If any risky behavior is shown from the analysis of user behavior, SecureCircle enables you to change the posture of what the user is allowed to access. 

Ultimately, when having absolute control over your data, you start to think of the world differently. Zero Trust security is one comprehensive approach that allows you to have conditional data access for your endpoints. Even though data is secure, at one point or another, you are going to have to allow access. When doing so, SecureCircle will be there to eliminate these vulnerabilities.

Conditional Data Access for Endpoints


Read Article
Blog
Cybersecurity 2021 ConferencesCybersecurity 2021 Conferences
March 17, 2021

Cybersecurity 2021 Conferences

Which will be the best 2021 Cybersecurity Conferences?

2020 was undoubtedly a year of change for everybody. People had to adapt and shift rapidly to new habits because of Covid-19. Cybersecurity conferences were not an exception: while some of them were cancelled, others took place in a virtual environment instead of the traditional way. 

Regular attendees are expecting to join the main Cybersecurity Conferences to be held this year even though they will mostly be held virtually. SecureCircle lists here the top 10 conferences that you cannot miss: 

  1. RSA CONFERENCE 2021, SAN FRANCISCO: this year the event will be fully virtual taking place the week of May 17. The topic will be Resilience. You can get the tickets on their website.
  2. GARTNER SECURITY & RISK MANAGEMENT SUMMIT: the event will be a virtual experience happening on March 23 and 24. Check tickets and pricing on their website. 
  3. DEF CON: the conference will be virtual, starting August 5 and finishing August 8. The event will be free. 
  4. RSA CONFERENCE 2021, JAPAN: last year the event took place in July and was free for everybody. For this year they haven't announced anything yet, so we are still expecting relevant information from them. 
  5. ATLANTA CYBERSECURITY CONFERENCE: This conference will be live streamed, taking place on February 24. Pricing and registration on their website. 
  6. NATIONAL CYBERSECURITY SUMMIT: the venue of the conference will be in Von Braun Center, Huntsville, AL. A three - day event from June 8 -10. For further information and pricing check their website.
  7. INFOSEC WORLD: one of the few in person conferences that will take place in Disney's Contemporary Resort, Lake Buena Vista on September 27 - 29. For registration and tickets check their website.
  8. SECURE360 TWIN CITIES: the committee of this event has decided that it will be fully virtual taking place on May 11 and 12. Registration on their website.
  9. THE HUMAN HACKING CONFERENCE: at the moment the only event that gives us the opportunity to attend virtually. The venue will be at Rosen Centre Hotel, Orlando, FL or by the virtual component of the event having access to some exclusive online workshops. The conference will take place on March 11 -13. For registration and more information visit the website. 
  10. CIO´S FUTURE OF WORK SUMMIT: virtual event taking place next month, February 16 - 18. Attendance is free but registration is necessary on their website.

 We will be there.  Are you going to join us? 

Cybersecurity 2021 Conferences


Read Article
Blog
2021 Cybersecurity Predictions2021 Cybersecurity Predictions
April 6, 2021

2021 Cybersecurity Predictions

As the calendar turns to a new year and we gladly put 2020 behind us, here are a few predictions for the new year.

1. Data breaches and privacy violations will continue to grow in 2021. Despite regulations like GDPR (General Data Protection Regulation) and CCPA (California Consumer Privacy Act), the average data breaches cost impact will rise again. Per the Ponemon Institutes latest Cost of a Data Breach Report, the average cost of a data breach in the US grew to a record $8.74 million per infringement.


2. More regulations. CMMC (Cybersecurity Maturity Model Certification) went live in 2020, and lawmakers only have one option to regulate industries that are unable or unwilling to prevent breaches independently. Last month, California passed Proposition 24 (California Privacy Rights and Enforcement Act or CPRA). CPRA will take effect on January 2023 and will create a new privacy enforcement agency. The agency will provide new definitions and protection for sensitive consumer data, expand and clarify the use and sharing of consumer data, and expand liability for data breaches. Without a national regulation, California law will become the defacto standard in the US. CCPA remains in effect until CPRA starts. The EU is working to reconcile PECR (Privacy and Electronic Communication Regulation) with GDPR to remove inconsistencies. The Phillippines will update the PDPA (Personnel Data Protection Act). The UK will formally leave the EU, and the UK Data Protection Bill will replace GDPR.


3. Cybercriminals will continue to focus on remote workers. Even as some companies will return to office work in 2021, other companies such as Twitter, Shopify, Nationwide Insurance, Siemens, Slack, Square, and Zillow have adopted policies to allow permanent work-from-home. The FBIs Intenet Crime Complaint Center (IC3) reported online crimes have quadrupled since the beginning of the COVID-19 pandemic.

SecureCircle's recommendation for 2021 is to adopt a Zero Trust Data Security posture that secures all data by default without relying on end-user involvement.

2021 Cybersecurity Predictions

Read Article
Blog
Protecting Data That Egresses From Cloud Services & SaaS ApplicationsProtecting Data That Egresses From Cloud Services & SaaS Applications
March 17, 2021

Protecting Data That Egresses From Cloud Services & SaaS Applications

For a true Zero-Trust environment, it isn’t enough to think about data in cloud services and SaaS applications. We also must protect, control and audit data that egresses from these services onto endpoints. SecureCircle is  Zero Trust security for data.  SecureCircle enables having full control over data including authenticated users, networks, devices, and applications that have access to secured data. At one point in time, the cloud was sort of the bad guy, and we would want to find all the data that was leaving the premise going into the cloud. However, overnight a transition between the cloud being the bad guy and the good guy took place. Since the cloud is now the good guy, we are trying to protect the data leaving the cloud while using zero trust models. 

When you think about how data Data Processing Agreements (DPA) are all written with your SaaS providers, they control and secure the data that is in the SaaS service. For instance, for Salesforce & Workday, they'll control and secure the data when it's inside their SaaS application but where your responsibility comes into play is once you open that front door. The front door is open once the user and devices are authenticated, and the network is secure. With the front door open, the data is unleashed, leaving you exposed to either unwanted users accessing the SaaS environment or users egressing data from the SaaS application to their local device. With data constantly egressing from the cloud, data must be secure at all times. 

A new approach to protect data is required for organizations to control their data and map to modern compliance requirements. At SecureCircle, we tie into that Zero Trust model and protect the data again because we don’t have to scan for PII. Since SecureCircle is working at a scale without limitations, when the data inevitably leaves the service, you have control over the data that is on the endpoint. SecureCircle has bridged the shared security model between the SaaS provider and your local devices. Everything that is coming out of a Saas service is now protected because SecureCircle is part of the device’s compliance posture. 

With SecureCircle, all of the services are protected and most importantly, so is your data. For instance, when downloading data from a SaaS application such as Salesforce and trying to copy it onto a USB drive to take home, SecureCircle identifies binary similarities. 

SecureCircle is able to determine if the downloaded data is similar to previous secured data.  If so the data is automatically secured with the same access permissions as the original data.  With SecureCircle, security decisions are automated and newly downloaded data can be differentiated between similar to secured data or not.  This prevents securing non-confidential data. 


If the data is similar and is secured, transferring the data to a USB will only transfer the secured (encrypted) data. If the USB is plugged into a device that is not authenticated, it will receive a bunch of encrypted bytes. Without access to rights or decryption keys to read the data, it will be protected no matter where it is. SecureCircle’s DASB is the only solution that will empower you to enable secure access without giving up control of your data with no impact on applications, workflows, or end-user experience.

Protecting Data That Egresses From Cloud Services & SaaS Applications
Read Article
Blog
2020 Recap2020 Recap
March 17, 2021

2020 Recap

Read Article
Blog
Is Zero Trust Data Security Possible?Is Zero Trust Data Security Possible?
March 17, 2021

Is Zero Trust Data Security Possible?

Read Original Forbes Article : Is Zero Trust Data Security Possible?

Some enterprises I've worked with that have deployed a zero trust (trust no one) model have still experienced data breaches. With zero trust implemented correctly, data breaches can be eliminated or minimized to small datasets. I believe breaches still occur because organizations do not rely on zero trust data security solutions. After all, most options I've seen are not zero trust compliant.

Data loss prevention (DLP) requires discovery and classification. DLP doesn't secure by default. Endpoint DLP typically allows data on the device to remain unsecured while locking down the egress of data off the device.

Solutions like information rights management (IRM) and file encryption aren't zero trust. Those solutions only secure the initial transfer of data. An employee can encrypt a file and send the data to an external partner. But once the partner has decrypted the file to consume the content, the partner — not the employee or company — has control of the data.

I believe the use of these data security tools has contributed to data breach after data breach and headline after headline. What enterprises need to do is implement zero trust data security principles.

Here are four core principles of zero trust to implement when deploying a zero trust data security solution.

Use Microsegmentation

It is challenging to implement zero trust without granular controls. Instead of a carte blanch "allow or deny" permission, permission should be extremely granular. Identity providers can authenticate on more than username, name and password. They can also use device, device posture, location, time and others as additional authentication factors.

Data security should have similar granular controls. Besides basic authorization for users and devices, your security team should use controls over endpoint applications, networks, SaaS or cloud applications, and data usage such as copy and paste. Make sure they don't allow unauthorized or unknown processes to access data. New or unauthorized applications that access data can cause ransomware attacks. Whether it's in the cloud or the corporate data center, you should also secure data from centralized sources.

Enforce Policies Everywhere

Data security has previously focused largely on data access. But once data is accessed, the user typically has broad rights to use and transfer the data without additional security controls.

Some solutions claim to be data-centric solutions. That often turns out to be a file-centric approach. With zero trust, the goal is to be as granular as possible.

Security needs to be persistent. You should secure your data at all times: at rest, in transit and in use. Security needs to apply to any file type and any application. Identify solutions that are not zero trust, such as any tools that publish a list of supported applications. A supported application list implies that there are unsupported applications whose data the tool will not secure.

A widespread use case for zero trust security today is downloading sensitive data from a SaaS or cloud service. Make sure you're securing data exported from SaaS services and that it remains secured throughout its entire life cycle.

The most granular data security approaches apply security to the data itself, not the file. As users create new content, compare that content to previously secured content. If the content is similar, automatically secure the new content with the same permissions as the previously secured data. Make sure to monitor small data segments as they move from file to file and apply permission accordingly.

Provide Identity Beyond Identity And Access Management (IAM)

Authorization based on basic credentials such as username and password is not enough. Enable access policies for applications, networks and system tools such as clipboards.

By enforcing application policies, IT can allow only authorized applications to access secured data — no more Word-to-PDF converters downloaded from unknown sources. Enforce application-level network rules, such as only allowing file transfer protocol (FTP) applications to send data to corporate IP addresses. Enforce clipboard policies to block or allow secured data to move between secured and unsecured applications.

Introduce Visibility And Automation

Visibility and automation are two of the cross-functional principles of zero trust. Granular logging and reporting should enable orchestration tools to look for anomalies and suspicious behavior. Log all data access attempts, regardless of whether you allow or deny the action. Your log should include user, application, device, location, time and other metadata. Proper logging will allow orchestration tools to detect potential malware and suspicious user behavior while also creating audit and compliance reports.

By following these zero trust principles when deploying data security solutions, enterprises can finally start to eliminate data breaches.

Is Zero Trust Data Security Possible?
Read Article
Blog
Companies Need to Protect Trade Secrets Companies Need to Protect Trade Secrets
March 17, 2021

Companies Need to Protect Trade Secrets

The road to a granted software patent continues to be a long, frustrating, and expensive process. In just a few years, old software can be replaced even before a patent application is complete. Typically, patent applications take about four years to complete, which is very time consuming for most companies. 

Many companies choose not to patent software because of how difficult it can be. Under the current patentability law in the United States, software patent applications must meet specific requirements to be patent-eligible. The software may be patentable if it improves computer functionality somehow or solves a computing challenge unconventionally. Additionally, software patent applications must be written carefully. The patent may only be eligible if written with a clear focus on the software solution’s technical merits. 

Since patents are becoming harder to obtain, companies turn to trade secret protection.  There are laws to protect trade secrets. To have legal protection, the company must meet specific standards. There are many steps that companies must take to protect their trade secrets, including identifying what needs protection, monitoring where the information is stored, securing computers, providing adequate security, maintaining secrecy with outside vendors, and training employees regarding security policies. 

Throughout the past few years, trade secret litigation in the United States courts has significantly increased. In 2018, Apple was alleged to have stolen trade secrets from Qualcomm and shared them with Intel Corporation after Qualcomm allowed Apple access to its source code and tools for LTE modem chipsets. Last year, Ahead Engineering attempted to sue former employees claiming trade secret misappropriation under state and federal law. Ahead Engineering ended up facing more penalties because instead of putting in its best efforts to protect their trade secrets, they went on an external fishing expedition on its employees. Companies must use their best efforts to protect trade secrets and show these best efforts in court to be protected. 

 


SecureCircle enables companies to meet the various trade secret requirements for legal protection.

Trade secrets such as source code can be automatically protected as part of the developer workflow without developers, even knowing additional security was implemented.  As source code is checked out of the central repository such as GitHub, the data will automatically be secured.  Data remains secure regardless of location.  Only authorized users, devices, and applications will be able to access the source code.

Every attempt to access secured source code is monitored.  Compliance and audit teams can see in real-time which users, devices, and files have been accessed.  Unauthorized devices or unknown devices will not be able to access secured source code and will not even be able to download source code from the central repository.

Companies can utilize outside vendors without giving up control.  Typically in other security solutions, the data is left unsecured while the data is being changed.  With SecureCircle, the data is persistently secured: at rest, in transit, and even in use.  Derivatives are automatically secured, including Save-As and copy-paste.  Even as outside vendors are working on source code, companies have the ability to revoke permissions at any time.  If the vendor had copied secured data to a USB drive, the contents would remain secure.

Because SecureCircle works transparently in the background, there is no user training and on boarding required.  Developers work just as they would with insecure data.  Companies can deploy SecureCircle in days.

Review the SecureCircle Securing Source Code on the Endpoint Whitepaper or view the Demonstration video to learn how to:

  • Secure source code on the endpoint
  • Allow access to source code on the endpoint
  • Secure source code within the clipboard
  • Secure newly created and derivative source code
  • Check source code into the repository
  • Revoke access to source code
Companies Need to Protect Trade Secrets

SecureCircle delivers a SaaS-based cybersecurity service that extends Zero Trust security to data on the endpoint. SecureCircle’s Data Access Security Broker is a reliable and straightforward security architecture that enables customers to secure source code on the endpoint without impacting developers from doing their job. Instead of relying on complex reactive measures, we simply secure data persistently in transit, at rest, and even in use. SecureCircle also reduces cost and reduces complexity by avoiding the need for multiple products, software integrations, and ongoing security controls administration. Unlike many traditional solutions, SecureCircle works on a simple cloud-to-agent delivery model, which means fast and simple deployment, allowing our customers to implement security for their most sensitive data rapidly.

Read Article
Blog