Cyber Hygiene
Security Risks From Employees Working From Home
Audits Don't Solve Security Problems
Is 'Discover, Classify, Protect' Wrong In Cybersecurity Today?
Breadth Vs. Depth: Cybersecurity Industry Has Been Focusing On The Wrong Thing
Third Party Vendors
The Rise Of DASB, Sunset Your DLP
How to Prevent Source Code Modification & Leaks
End Source Code Theft
Why Isn't DLP Preventing Data Breaches and Data Leakage?
SecureCircle Data Access Security Broker (DASB) Selected By Quanta Storage To Eliminate Insider Threats
Organizations Should Bulk Up Cybersecurity In Case Of Iranian Cyber Attack
The Evolution of Data Protection
Ransomware stealing data before encrypting
Insider Threats Infographic
Who collected 4 billion records on 1.2 billion users?
Cisco Systems - Target of Malicious Insiders
New Yorks SHIELD Act
Insider Threat at Lion Air (Update)
How to Prevent the Lion Air Databreach
CIO IT Taiwan | SecureCircle 控管檔案讀取 權不怕合作生變造成洩密
How to Prevent the Mastercard Data Breach
Capital One Hacker Breached 30 Companies Through a Single Cloud Provider
Government Organizations Are Not Ready for Cyberattacks
How to Prevent the Boeing Data Leak
End Insider Threats Without Impacting Users Or Business Workflow
Singapore Overhauling Data Protection Practices
SecureCircle available on Taiwan Government CloudMarketplace
SecureCircle placed on UK Government Framework Catalogue
The New Federal Data Strategy
SecureCircle announces United Kingdom and EMEA Distributor, Care21
Quest Diagnostics and LabCorp in Trouble
Insider Threat in the Air Force
Disruptor Daily | What trends are shaping cybersecurity in 2019?
Disruptor Daily | What is the future of cybersecurity? Experts share their insights
How to Combat the Business Email Compromise Scam
How to Prevent Government Data Breaches
Availability Bias in Cybersecurity
How to Minimize Your Exposure to Employee Mistakes
A Look Inside Toyotas Second Data Breach
Four Keys to Data-Centric Data Protection
Asymmetric Information Causes Data Breaches
SecureCircle Introduces Send Secure for Agentless Protected Data Sharing
The Financial Consequences of a Data Breach
Insider Threats Can Happen to Anyone
Federal Data Privacy Laws Are Coming
Forget Collection 1: Here comes Collections 2-5
Forbes | 10 Industries On The Cusp Of Technological Disruption
Collection 1: Not a Big Deal?
It All Adds Up: Better Cybersecurity is a Necessity in 2019
Why New Year Resolutions Fail
9 Costly Security Mistakes
Security InfoWatch | The Last Mile Security at the Edge
2019 Security Predictions(Infographic)
Security Today | Rethinking Access Control
We love what we do - 2018 Review (Infographic)
Holiday Hacks Are Not Going Away
Solving Multi-Cloud Security
A better solution than web bugs for internal visibility
Why File Encryption is not enough - A Customer Conversation
Security, Visibility, and Control
SecureCircle Introduces Enhanced Cybersecurity Offering for Cloud-First Enterprises
Healthcare Needs a Change
What is old is new: Cold Boot Attacks
Inside Information - Data that should NEVER leave the organization
CTimes | SecureCircle and Netbridge Distribution Partnership (Chinese)
SecureCircle Announces Asia Pacific Distributor, NetBridge Technologies
Insider Threats
CSO | The hidden security problem we all need to know about
Opt-Out is more than blocking SPAM
What is Opt-Out Data Centric Protection? And why is it so important
Digital Hygiene in a GDPR World
Security Info Watch | Enterprises Beware: Cybersecurity Challenges in the Cloud
GDPR Readiness (Infographic)
The Lost Laptop
Strategic Finance | Security in a World of Zero Trust
Reading Between the Lines - The Real Impact of Insider Threat (Infographic)
Protecting Internal Data
Press & News Embargos
CSO | GDPR: Where are we now?
SecureCircle @ CIAB FEBRABAN, Sao Paulo Brazil - The Recap
California Consumer Privacy (The next generation of GDPR)
I am safe. My data is encrypted. Right?
University of Texas MD Anderson Cancer Center ordered to pay $4.3 million in HIPAA violations
Is my Air Gapped Computer Safe?
The Broken 80/20 Rule
SecureCircle and Fiandeira Tecnologia Showcase Unstructured Data Solution at CIAB FEBRABAN
SecureCircle will be exhibiting at CIAB Sao Paulo Brazil June 2018
Throw Tech Away - The Rise of a New Generation of Data Security
GDPR Compliance Tips: The Top Experts Speak
Are you ready for a password-less world?
CSO | The Impact of Human Behavior on Security
Account compromised? What about your file content?
Age old discussion: Convenience versus Security
SDxCentral | Four Security Myths You Need to Shake
Security Today | Digital Security in a Zero Trust World
MegaMinds AIthority Interview with Jeff Capone
2018 Govies Awards
Data Protection needs to be agnostic like Switzerland

Need Zero Trust for a Remote Workforce? There's a Missing Link.

Written by 
October 7, 2020

Think you've secured every part of your remote employee's access? Think again. Here is what typical remote workforce security looks like:

  • the employee logs in to your network through the secure VPN - check.
  • employee uses cloud services and manipulates data, protected by the SaaS vendors - check.
  • employee access to data in the SaaS apps is limited by access controls - check.
  • employee exports data from the cloud service, and now has unfettered access to share or leak that data - OOPS!

Many enterprises have perimeter security, identity and access management, and contracts with SaaS vendors to protect their data while it is in the cloud. The weak link is the moment that data is exported by a user from a cloud service - whether Box, Dropbox, Salesforce, Github, AWS folders, SAP, etc. From the moment of export, the SaaS app vendor is no longer responsible for the data or its security, and other security tools like CASB do little to protect the data that has been exported. This allows ordinary users to accidentally share the data where it doesn’t belong, and malicious users to purposefully extract data with ease! 

This problem has been referred to as "last mile security", suggesting it is a minor edge case to be addressed down the line. However with the explosion of remote workers, contractors and 3rd party vendors working for most enterprises, and the fact that most data is now hosted in cloud services - this problem is now anything but "last mile". Securing data as it’s being exported into the user’s hands - data at the point of egress, in other words - is now front and center as the big challenge of enterprise data protection today.

What Security Tools Exist to Protect Data Exported From Cloud Services?

There are technologies that are commonly used to protect data exported from cloud services and SaaS applications, however as we will see, the problem with these technologies is that they do not work at scale. This is why cloud data leaks are so rampant, and only increasing in today's world of remote work. 

Cloud Access Security Brokers, or CASB, are installed by enterprises to filter data that passes to and from the cloud. 

By default, they allow all data to pass through unfettered, but run algorithms to attempt to identify and classify sensitive data and block the sensitive data from being shared, based on a rule set. Unfortunately, the automatic identification of data is highly error prone, often blocking data that should not have been blocked, while missing highly sensitive data that is allowed to pass without a word. 

CASBs have some practical uses. They can be useful to identify "shadow IT" - unsanctioned cloud services that employees are using. CASBs can apply classification to data that passes in and out of the cloud, which can be useful for enterprise data management and analytics, privacy and compliance programs. But as a way of solving the last mile problem, CASB does not begin to protect data accurately, and imposes a heavy burden on productivity along the way. 

Digital Rights Management, or DRM, is another technology that traditionally attempts to protect data exported from cloud services. DRM manipulates the data that has been exported from the cloud, encrypting files and embedding access control information into the header such that any attempt to access the file requires a callback to the enterprise server to allow the file to be decrypted. Unfortunately, this technology still relies on identification and classification to accurately identify what files to encrypt, which is highly error prone. And files that do get encrypted impose a heavy usability burden. Only certain file types can be encrypted, they can only be read by certain applications, they require special access credentials, there is no interoperability between DRMs, and access rights are often too restrictive, just to name a few limitations - rendering DRM-protected data unusable at scale. In practice, there are virtually no real-world examples of DRM deployments in the enterprise.

DASB Provides Zero Trust Data Protection, at Scale

Data Access Security Broker (DASB) is the missing link to protect data exported from cloud services, and more generally, to protect any data. 

There are 3 keys to the DASB paradigm:

  1. Data is protected by default. Much like a firewall that protects by default and allows by exception, DASB protects all data exported from cloud services by default. This is very different from CASB that is heavy and error-prone data classification techniques. 
  2. DASB is completely transparent to the end-user. DASB is able to protect by default because it can do so without the end-user even knowing that it is working behind the scenes. 
  3. DASB protects any type of data. Not just office files, but all formats including source code, specialized CAD, MOV and other formats, even home-grown and legacy data formats. 

When you can protect all data by default, any data type, and do that in a way that is completely transparent to the end-user, you have a paradigm that scales

With DASB, enterprises are now able to achieve zero-trust data protection, even on data exported from their SaaS apps into the hands of remote workers, contractors and third-party vendors. At scale, this means the largest enterprises enable productivity of their remote workforce with total protection. That data remains persistently protected wherever it goes, only accessible to those who have permissions to access it. However, DASB is completely invisible to end-users. This is true for any data type, without modifying applications or the data itself.

In today's work-from-anywhere world, there is a missing link. Controlling data once it is exported out of your perimeter and out of your SaaS apps. This is a rampant source of data leaks because no technology exists that can solve the problem at scale - until now. Welcome to DASB.

Zero Trust for a Remote Workforce

Prevent Data Breaches

Let’s discuss your unique cybersecurity challenges and needs.

Contact Us

If you want to notified when we post the newest content about mitigating insider threats, data breaches, protecting source code, and DASB, please subscribe to our SecureCircle newsletter.