Many IT and Security professionals are spending time this July preparing for GDPR, communicating changes in their information and privacy policies, and instituting different processes around handling personal data. Conversation on those teams often turns to the challenges with managing personal data in a way that protects privacy while still conforming to organizational policies and technologies.
Furthermore, concurrent with the challenges of having to grow a business or to increase how you serve and service your current customer base, the workload around personal data is increasing. I’m fortunate to have worked on a technology at Forcepoint that directly focuses on avoiding data exfiltration and keeping personal data safe, while driving efficiency through automation. And I’m pleased to share that Dynamic Data Protection is available today.
DDP starts with understanding and modeling the baseline behavior of your organization. From there, you can detect when credentials are compromised, or when someone may not be aware of safe data handling practices.
For instance, if IT has enabled a cloud-based collaboration tool to manage sensitive data between approved team members, the best practice is to manage and store that content via the cloud. The approved team members can access the latest file and can collaborate within it over time. Let’s say a new team member joins the group who travels frequently, managing many local copies on their endpoint, and repeatedly attempting to move copies onto removable media. Perhaps they never learned how to utilize and access the cloud application. In this case, traditional solutions would respond by either restricting data movement onto endpoint or media, or sending a bunch of alerts that security teams have to triage and resolve.
Where Dynamic Data Protection changes the game is by calculating risk scores for individuals with access to the data on this cloud-based application. When risk levels are low, data protection permissions can be more open, and when risk levels elevate, data protection permissions can be more restrictive. This can allow the right security policy to be applied to the right person at the right time, automating enforcement and reducing data protection alarms. In the example of the new employee above, it may allow him to copy information to his endpoint, but become restrictive about moving materials to removable media, preventing exfiltration – and informing security of this high risk behavior.
This can fundamentally change how a security group manages data protection, help them detect anomalies earlier, and drive efficiency with fewer alerts to manage. It also can help IT organizations train and coach employees on how to safely handle and manage data. This, in turn, gives your team the balance they need to protect critical data, enable the organization to grow, and maybe even take your team out for breakfast.