Prepare Your Organization’s Response to a Data Leak—Before It Happens

By Steve Gottwals, Technical Director, Security Solutions at Adobe

Security practitioners all agree: when you “assume the breach” will happen, you can provide better security. This assumption forces organizations to consider not only protection, but also detection and responses to breaches.

I think it’s time for a new frame of reference—assume the leak.

This subtle shift places more emphasis on the data and less on the network. That in turn provides even more powerful detection and response capabilities to potentially leaked data.

http://blogs.adobe.com/adobeingovernment/files/2017/11/Gottwals-Image-1.png

This is the world we live in now. Saying you’re sorry, and offering up free credit monitoring is not a winning business strategy. We need to start taking stronger precautions before a data leak even happens.

On top of that, we need to empower our staff with proactive tools that help detect and take action as quickly as possible after an incident has occurred.

Protecting your most important data at the file level is something I’ve been pushing in government. Most recently, I spoke about this topic at the Republican Lieutenant Governors Conference at a cyber security panel, as a representative of Adobe Government.

It was good to see the conversation on cyber security progress from just being a federal focus, to also include a focus on the local and state levels. There was real interest in understanding the means, motives and opportunities of an attacker. Additionally, our security approach has evolved to include layering mitigations from the perimeter, to the network, to the host, to the data.

With data-centric, or content security approaches, like enterprise DRM ( Digital Rights Management), you can expand beyond just protecting your data to actually detecting and responding to a data breach.

Not only can you audit document interactions in real time, you can choose to revoke access to information regardless of where it resides.

It’s Easy to Start DRM Today: Protect One File at a Time

“How do you start tackling all the sensitive information in one organization? It’s overwhelming!”

This is something we talked about at the event, and I see it more and more now. It’s the biggest objection that delays action. People get into this analysis paralysis mode, trying to do too much and not knowing where to start.

I’ll tell you where to start to get the most benefit fast: start small.

http://blogs.adobe.com/adobeingovernment/files/2017/11/Gottwals-Image-2.png

1. Choose your most sensitive information. Since DRM provides persistent protection of information by encrypting data at the file-format level, it’s best to focus on your most sensitive data first:

• • PII (Personally Identifiable Information)
  • PHI (Protected Healthcare Information)
  • IP (Intellectual Property)
  • Homeland Security Information

2. For your first project, start small. Choose a workflow that doesn’t impact a lot of users or use up large amounts of data. It should, of course, offer an appropriate business justification.
3. Then, go wider. As your organization gains maturity with DRM, larger and more complex projects can be implemented. For instance, many organizations move toward document protection automation when information scale is required. DRM audit events can also be leveraged inside continuous monitoring, incident response and insider threat programs.

Once the workflow is live in production, new projects can be chosen to leverage the existing system. For example, you may consider improvements to the implemented workflow in order to leverage automation. Essential audit information may also be mined and funneled to the continuous monitoring program. If there are information integrity requirements that need to be introduced by adding digital signature capabilities to the existing workflow, you can do that as well. But, more importantly, whole new workflows can now be considered. By following a similar plan already created, and by leveraging the existing system, you can conduct rapid deployments of DRM throughout your organization.

Big bad breaches are everywhere today, and frankly, they aren’t going anywhere. We shouldn’t be surprised by them. Instead, it’s our job to prepare our best reactions to them—if and when they occur.

Try a Pilot with Adobe

Protect your data to the file level with us. We’ll show you how easy it is to protect Adobe Acrobat, Word, Excel, and PowerPoint files.

here