Watch: The Implications of Data Leaks with Outsourced Communication Applications

Highlights from the November 24, 2021 webinar in the HBK Risk Advisory series, “Assessing Cybersecurity Risks,” hosted by William J. Heaven, CPA/CITP, CISA, CSCP, Senior Manager, HBK Risk Advisory Services, and featuring a presentation by Yasir Ali, CEO of Polymer.

Data Loss Prevention

The risk of data exfiltration and leaks

  • Ransomware and cyber attacks are becoming common for mid-sized businesses as well as the large businesses. Attackers find mid-size organizations easier to penetrate. Businesses need a cybersecurity posture that is resilient and capable of sustaining an attack.
  • Remote work is accelerating a shift to the cloud and SaaS applications. We’re seeing much faster adoption of applications that are for lease or rent.
  • Remote work makes the proverbial technology perimeter obsolete. The post-COVID security perimeter is more complicated with many applications sitting in the cloud or with the vendors themselves.
  • Shadow IT is defined as the implementation of IT resources without the knowledge of the IT department.
  • Historically shadow IT was managed by limiting the number of exchanges of data over those resources.

Data governance: privacy laws, types of sensitive data, implications of bad data compliance

  • Data governance involves knowing what sensitive data the organization has, where it resides, and how to control it.
  • It is the foundation of a good information security program; puts you in a good spot to become a secure organization.
  • Global privacy laws, like Europe’s GDPR, demand internal data controls; many other privacy laws are coming into play, based on GDPR.
  • Compliance is complex because customer data can be sitting in many different locations or applications. One challenge is know where data is found and how it is being used.
  • The more data you retain the higher the risk of exfiltration.
  • Groups within an organization need to work together to prepare for compliance with data privacy laws; you need to be proactive.
  • A breach of sensitive data, any leakage, can shut out a business from cyber insurance. Cyber insurance can be expensive—rates are increasing dramatically—and coverage can be limited for mid-size companies. You have to demonstrate that you have good data controls.

Sensitive data on SaaS applications

  • Sensitive data is any information that can tie back to the customer or patient, any information that you can use to identify that patient or customer.
  • In SaaS applications—chats, tickets, storage, email, codebases—users share information easily and existing controls are no longer effective. You can log into many SaaS platforms without a VPN.
  • Security and business teams have little visibility on types of data being trafficked in their SaaS platforms.

Polymer: how it can protect sensitive data

  • Can provide data loss prevention for SaaS platforms.
  • Can assess privacy risks, the third party programs installed over your network.
  • A fully automatic data mapping exercise baselines the traffic passing through your different platforms, the users of those platforms, then sees what policies are available and how to monitor the data.
  • The system is watching the traffic and taking remediation actions; allows you to create rules to automate your data governance.
  • Looks at security policies available to you to create what entities are sensitive to you and apply them across all your platforms.
  • Is a control mechanism for data governance and realtime remediation, to reduce the amount of surface area of sensitive data over these platforms, to see where users are, and create workflow reports on information sharing.
  • Is an appropriate solution for automated data governance, from small companies with no technical staff to large organizations.

Secure Technology Stack: Reducing that attack surface of any cyber attack

  • Removes sensitive data from public environments.
  • Provides visibility into sensitive data traffic across all assets of the organization.
  • Delivers autonomous security functions where risks can be mitigated if data is at risk.

Strong data controls can only be possible if everyone in the organizations takes data governance seriously.

About the Author(s)
Hill, Barth & King LLC has prepared this material for informational purposes only. Any tax advice contained in this communication (including any attachments) is not intended or written to be used, and cannot be used, for the purpose of (i) avoiding penalties under the Internal Revenue Code or under any state or local tax law or (ii) promoting, marketing or recommending to another party any transaction or matter addressed herein. Please do not hesitate to contact us if you have any questions regarding the matter.

RECOMMENDED ARTICLES