When I was leading a team within the office of the chief information security officer of a global financial services organisation, I had several questions constantly running through my head. Whether it was during meetings with my operations teams or with the various auditors or regulators who I got to know very well, the questions were generally the same:
- How long does it take our security teams and technologies to identify data threats within our organisation?
- What effect does this have on our ability to quickly respond to an evolving threat landscape?
I spent most of my time attempting to answer these questions and address the issues that their answers raised.
I now work on the other side of the fence, for Qush Security, whose primary aim is to empower organisations to not only answer these questions consistently but have the confidence to answer the greater overarching question: what specific data security issues should I be focusing on and how effective have our teams been in reducing our risk?
Qush Security was founded in 2016 to bring some much-needed innovation to the data protection and insider threat market.
So, what is so hard about keeping data safe?
Data loss and insider threat activity are some of the hardest-to-spot cyber risks. After all, much of this activity is conducted by legitimate users accessing data to which they have equally legitimate access. Another factor is the apparent dichotomy of an increasing focus around privacy and regulatory requirements for robust and auditable data protection. This leaves many organisations feeling like they are trying to work with one hand tied behind their back. I certainly did at times!
Data loss prevention is broader that one might first think
Organisations of all different sizes handle sensitive data. So, virtually every company needs some form of data loss prevention strategy. Despite sharing this fundamental need, organisations of different sizes will express different requirements. They will also have vastly different risk perspectives, and consequently take different routes in their data protection strategy.
The concept of data loss prevention has evolved considerably over the last decade. DLP is still a primary strategy to protect an organisation’s data assets and minimise the human attack surface. Increasingly, modern data loss protection solutions need to respond to rapidly and ever-changing needs. Rarely are static rules enough to fulfil organisational and business requirements.
Most of all, data loss strategies need to work while not impeding business operations, and this is where many of the legacy solutions have fallen short.
Who is to blame?
Much has been written in recent years about “the user” being the root of all cybersecurity problems. While it has always been true that computers will only do what users instruct them to do (either on a live system or in the way they are designed in the first place), is it really fair to place the blame solely at their feet?
Admittedly, there are cases of data loss via malicious insiders, but most data loss incidents involve users trying to do their jobs under extreme external pressure while exposed to risks of which they are either unaware or don’t fully understand.
This situation had led, for many, to an adversarial relationship between the business and security. Security teams believe users are needlessly reckless and users feel that security teams do not fully understand real-word operational requirements. Businesses have taken great strides to address this, such as cybersecurity awareness campaigns and the instigation of mandatory training. But for many, the problem remains. Security still feels like something that is done to users as opposed with them.
Human-centric data loss prevention
Qush Security takes a new approach to this legacy problem. Rather than regarding users as potential risks that require robust mitigation, it takes an approach of partnering with them to ensure that both the business and security win.
Qush’s Reveal platform meets businesses and users where they are. For businesses it offers unparalleled visibility and control, enabling them to put guardrails around their users and their most sensitive data. For users, it prevents them for taking actions that would unnecessarily put company data at risk while at the same time educating them as to the correct (safe) way to do things. Organisations are left with granular and robust protection around their data and their users.
Qush Security in South Africa
Organisations need a data security solution that works consistently, one that is easy to implement and is equally easy to manage. This is what Qush has delivered in its Reveal platform.
Qush has recently expanded its presence into the South African market and has already partnered with organisations who are seeing the benefit of a human-centric approach to data security.
Reach out to Qush Security for a pragmatic and straightforward conversation about how we can help you significantly improve your data security posture. You can find out more about us or contact us via the links below:
Follow Chris Denbigh-White and Fallon Steyn on LinkedIn.
- The author, Chris Denbigh-White, is director of global customer success at Qush