Paul Stringfellow, Author at Gigaom

GigaOm Key Criteria for Evaluating Ransomware Prevention Solutions

Paul Stringfellow — Mon, 16 Dec 2024 18:17:26 +0000

Ransomware continues to be a high-priority threat for all organizations, and as with all cybersecurity challenges, the threat continues to evolve as the sophistication of attackers and the tools they use evolve as well. Attacks are now more complex than ever, carried out by organized and well-financed criminal gangs. The malware deployed is more intelligent and sophisticated, as is the way it is deployed. Increasingly, we see double and triple jeopardy attacks, with data not only encrypted but stolen, as attackers look to ensure they get the biggest return on their investment. The use of AI is as prevalent among these attackers as it is in any other part of the IT industry and is being used to find novel ways to evade ransomware prevention tools, to better target victims, and to automate attacks more effectively.

IT leaders must ensure their ransomware prevention strategies can effectively deal with modern threats. Tools that rely on spotting known malware are no longer enough, and neither are tools that only identify threats and mitigate them. A ransomware strategy must be comprehensive, from identification of a threat to stopping attacks quickly, to the inevitable recovery from damage caused by such an attack, and this requires a holistic approach. This is why ransomware tools are often part of broader solutions. Endpoint detection and response/extended detection and response (EDR/XDR), cloud security, threat intelligence, risk assessment, data protection, and user training all are typically part of a solution. The tools that bring this range of capabilities together most effectively will be the most effective in helping a business protect itself from ransomware attacks and their impact.

Business Imperative
For businesses, the impact of a ransomware attack remains significant. An attack will likely cause major system outages and disruption, which will have a direct financial impact. It will lead to loss of revenue, recovery costs (whether in paying a ransom or the cost of recovery services), potential fines from regulators, and, of course, the impact on reputation and customer relationships. The effect of a successful ransomware attack should not be underestimated, and preventing it must be seen as a business priority, not just a technical one. Ransomware has been so often and so widely discussed that it is easy to assume that it has been “dealt with,” but nothing could be further from the truth. Ransomware continues to pose a significant threat with rapid and regular evolutions that organizations must understand and ensure they are sufficiently protected against.

Sector Adoption Score
To help executives and decision-makers assess the potential impact and value of deploying a Ransomware Prevention solution, this GigaOm Key Criteria report provides a structured assessment of the sector across five factors: benefit, maturity, urgency, impact, and effort. By scoring each factor based on how strongly it compels or deters adoption of a topic solution, we provide an overall Sector Adoption Score (Figure 1) of 4.6 out of 5, with 5 indicating the strongest possible recommendation to adopt. This indicates that a Ransomware Prevention solution is a compelling candidate for deployment and worthy of prompt consideration.

The factors contributing to the Sector Adoption Score for Ransomware Prevention are explained in more detail in the Sector Brief section that follows.

Key Criteria for Evaluating Category Solutions

Sector Adoption Score

Deters
Adoption

Discourages
Adoption

Merits
Consideration

Encourages
Adoption

Compels
Adoption

Figure 1. Sector Adoption Score for Ransomware Prevention

This is the second year that GigaOm has reported on the ransomware prevention space in the context of our Key Criteria and Radar reports. This report builds on our previous analysis and considers how the market has evolved over the last year.

This GigaOm Key Criteria report highlights the capabilities (table stakes, key features, and emerging features) and nonfunctional requirements (business criteria) for selecting an effective ransomware prevention solution. The companion GigaOm Radar report identifies vendors and products that excel in those decision criteria. Together, these reports provide an overview of the market, identify leading ransomware prevention offerings, and help decision-makers evaluate these solutions so they can make a more informed investment decision.

GIGAOM KEY CRITERIA AND RADAR REPORTS

The GigaOm Key Criteria report provides a detailed decision framework for IT and executive leadership assessing enterprise technologies. Each report defines relevant functional and nonfunctional aspects of solutions in a sector. The Key Criteria report informs the GigaOm Radar report, which provides a forward-looking assessment of vendor solutions in the sector.

The post GigaOm Key Criteria for Evaluating Ransomware Prevention Solutions appeared first on Gigaom.

GigaOm Radar for Data Security Platforms

Paul Stringfellow — Fri, 13 Dec 2024 16:00:22 +0000

Poorly managed and inadequately secured data leaves organizations at risk of a data breach and increases the costs of storage and protection. Organizations have traditionally tackled this issue via “point” solutions—individual applications or solutions— for data loss prevention (DLP), governance, data protection, encryption, and threat detection. However, as data volumes and complexity continue to grow, so does the complexity of managing multiple solutions, further increasing costs and risks to a business’s data assets.

The risks presented by ineffective or overly complex data security solutions are considerable, as are the risks posed by insecure and unmanaged data. A data breach or the denial of access to data can have significant implications for an organization, from loss of productivity to financial penalties and reputational damage that can lead to loss of future business. Therefore, having effective data security measures in place should be a priority for all organizations, as the penalty for failing to do so is potentially severe.

Data security platforms (DSPs) have emerged to address this challenge. They bring together a range of disparate capabilities into a single solution to help organizations reduce the complexity of data security while improving the efficacy of the overall approach. DSP solutions aggregate data protection features such as:

Discovery and classification: The ability to find data, determine its content and sensitivity, and apply classifications where necessary.

Access security: The ability to monitor and control who should have access to data, ensuring it is protected appropriately.
Auditing: The ability to find insights into data usage—who accessed it, when, and with whom it was shared.

Usage and risk analysis: The ability to develop an understanding of data usage and identify situations when usage and usage patterns present a risk to data security.

Secure sharing: The ability to share data appropriately, which may include using encryption, rights management, anonymization, and masking techniques to ensure data is protected.

It’s important to realize that data security is not an IT problem alone. It’s a business challenge as well. Successfully adopting a DSP solution thus requires buy-in from the entire organization, especially senior leadership. It involves carrying out a sizable project that recognizes data risk and responsibilities, identifies data owners, and builds policies around data classification, usage, and governance that are understood and adopted business-wide.

It’s not always clear what a DSP is, especially in comparison with data security posture management (DSPM) tools. For clarity in this report, DSP solutions are those that can enforce security settings relating to a given data set to protect it from potential threat and risk. In contrast, DSPM solutions primarily report on data security risks and how to address them rather than enforcing security controls on a data set. Only solutions that can enforce controls are considered for this report.

This is our second year evaluating the DSP space in the context of our Key Criteria and Radar reports. This report builds on our previous analysis and considers how the market has evolved over the last year.

GIGAOM KEY CRITERIA AND RADAR REPORTS

The post GigaOm Radar for Data Security Platforms appeared first on Gigaom.

GigaOm Radar for Ransomware Prevention

Paul Stringfellow — Thu, 05 Dec 2024 16:00:24 +0000

Ransomware remains a high-priority threat for all organizations, continuously evolving alongside the growing sophistication of attackers and their tools. Attacks are now more complex than ever, carried out by organized and well-financed criminal gangs. The malware used is more intelligent and sophisticated, as are the tactics deployed. A rising trend involves double- and triple-jeopardy attacks, where data is not only encrypted but stolen as attackers look to maximize their return on their investment. The use of AI is as prevalent here as in any other part of the IT industry and is being used to find novel ways to evade ransomware prevention tools, better target victims, and automate attacks more effectively.

For businesses, the impact of a ransomware attack is significant. An attack will likely cause major system outages and disruption, leading to direct financial losses. This includes lost revenue, recovery costs (whether in paying a ransom or the services cost to recover), potential fines from regulators, and, of course, the impact on reputation and customer relationships. The consequences of a successful ransomware attack should not be underestimated and must be a business priority, not just a technical one. Despite widespread discussion about ransomware, it is easy to assume it has been “dealt with,” but nothing could be further from the truth. The threat remains substantial, with rapid and regular evolutions that organizations must be aware of and ensure they are sufficiently protected.

IT leaders must ensure their ransomware prevention strategies can effectively deal with modern threats. Tools that rely on spotting known malware or identifying and mitigating threats are no longer enough. A robust ransomware strategy must be comprehensive, from threat identification and stopping attacks quickly to the inevitable recovery from damage caused. This requires a holistic approach, which is why ransomware tools are often part of broader solutions. Key components typically include endpoint detection and response/extended detection and response (EDR/XDR), cloud security, threat intelligence, risk assessment, data protection, and user training. The most effective tools are those that combine these capabilities, offering businesses stronger protection against ransomware attacks and their impact.

This is our second year evaluating the ransomware prevention space in the context of our Key Criteria and Radar reports. This report builds on our previous analysis and considers how the market has evolved over the last year.

This GigaOm Radar report examines twelve of the top ransomware prevention solutions and compares offerings against the capabilities (table stakes, key features, and emerging features) and nonfunctional requirements (business criteria) outlined in the companion Key Criteria report. Together, these reports provide an overview of the market, identify leading ransomware prevention offerings, and help decision-makers evaluate these solutions so they can make a more informed investment decision.

GIGAOM KEY CRITERIA AND RADAR REPORTS

The post GigaOm Radar for Ransomware Prevention appeared first on Gigaom.

GigaOm Radar for Insider Risk Management

Paul Stringfellow — Mon, 21 Oct 2024 15:00:00 +0000

Insider risk management is the process of identifying, assessing, and mitigating the potential threats posed by organizational insiders. Insiders are people such as employees, contractors, vendors, or partners who have authorized access to the organization’s assets. They may intentionally or unintentionally misuse their access to harm the organization, its customers, or its stakeholders. They may do this via data theft, confidentiality violations, insider trading, fraud, or regulatory compliance violations. A failure to identify and mitigate such risks can greatly impact an organization. These impacts include business disruption, financial losses, damage to customer relationships, and regulatory non-compliance, all of which can negatively affect any business.

A successful insider risk management program should be a high priority for diligent businesses. However, a successful approach should not rely on technology alone. An effective program involves implementing policies, procedures, and controls to prevent, detect, and respond to insider incidents. It requires creating a culture of trust and accountability that makes insiders aware of their responsibilities and the consequences of their actions. It is also not a function of IT alone; it is a multidisciplinary effort that involves collaboration among various functions, such as human resources (HR), legal, security, IT, and compliance.

However, successful insider risk management for any organization will need technology, as the threats are too complex for policies and human management alone. This gap has led to the development of insider risk management solutions. While insider risk management may be an evolving or even new term to some, it brings together a number of well-known mature technologies such as asset discovery, user behavior analytics, and data loss prevention with supporting services such as alerting, reporting, and case management in a cohesive approach that allows security teams to deter, detect, and disrupt insider behavior that poses a risk to important business assets.

This report will focus on technologies that allow organizations to gain insight into insider risk by studying the activities across their technology platforms. These signals are then consolidated to alert organizations to threats, enable their investigation, and take enforcement actions to protect key information assets.

Insider risk management is essential for protecting an organization’s reputation, assets, and competitive advantage. It can help an organization comply with regulatory requirements, enhance its security posture, reduce its operational costs, and improve its customer satisfaction. The threat posed to an organization by insider risks, whether posed by intentional malfeasance or not, is significant and cannot be left unaddressed.

This is our first year evaluating the insider risk management space in the context of our Key Criteria and Radar reports. This GigaOm Radar report examines 15 of the top insider risk management solutions and compares offerings against the capabilities (table stakes, key features, and emerging features) and nonfunctional requirements (business criteria) outlined in the companion Key Criteria report. Together, these reports provide an overview of the market, identify leading insider risk management offerings, and help decision-makers evaluate these solutions so they can make a more informed investment decision.

GIGAOM KEY CRITERIA AND RADAR REPORTS

The post GigaOm Radar for Insider Risk Management appeared first on Gigaom.

The Impact of GenAI on Data Loss Prevention

Paul Stringfellow — Tue, 01 Oct 2024 17:41:36 +0000

Data is essential for any organization. This isn’t a new concept, and it’s not one that should be a surprise, but it is a statement that bears repeating.

Why? Back in 2016, the European Union introduced the General Data Protection Regulation (GDPR). This was, for many, the first time that data regulation became an issue, enforcing standards around the way we look after data and making organizations take their responsibility as data collectors seriously. GDPR, and a slew of regulations that followed, drove a massive increase in demand to understand, classify, govern, and secure data. This made data security tools the hot ticket in town.

But, as with most things, the concerns over the huge fines a GDPR breach could cause subsided—or at least stopped being part of every tech conversation. This isn’t to say we stopped applying the principles these regulations introduced. We had indeed gotten better, and it just was no longer an interesting topic.

Enter Generative AI

Cycle forward to 2024, and there is a new impetus to look at data and data loss prevention (DLP). This time, it’s not because of new regulations but because of everyone’s new favorite tech toy, generative AI. ChatGPT opened a whole new range of possibilities for organizations, but it also raised new concerns about how we share data with these tools and what those tools do with that data. We are seeing this manifest itself already in messaging from vendors around getting AI ready and building AI guardrails to make sure AI training models only use the data they should.

What does this mean for organizations and their data security approaches? All of the existing data-loss risks still exist, they have just been extended by the threats presented by AI. Many current regulations focus on personal data, but when it comes to AI, we also have to consider other categories, like commercially sensitive information, intellectual property, and code. Before sharing data, we have to consider how it will be used by AI models. And when training AI models, we have to consider the data we’re training them with. We have already seen cases where bad or out-of-date information was used to train a model, leading to poorly trained AI creating huge commercial missteps by organizations.

How, then, do organizations ensure these new tools can be used effectively while still remaining vigilant against traditional data loss risks?

The DLP Approach

The first thing to note is that a DLP approach is not just about technology; it also involves people and processes. This remains true as we navigate these new AI-powered data security challenges. Before focusing on technology, we must create a culture of awareness, where every employee understands the value of data and their role in protecting it. It’s about having clear policies and procedures that guide data usage and handling. An organization and its employees need to understand risk and how the use of the wrong data in an AI engine can lead to unintended data loss or expensive and embarrassing commercial errors.

Of course, technology also plays a significant part because with the amount of data and complexity of the threat, people and process alone are not enough. Technology is necessary to protect data from being inadvertently shared with public AI models and to help control the data that flows into them for training purposes. For example, if you are using Microsoft Copilot, how do you control what data it uses to train itself?

The Target Remains the Same

These new challenges add to the risk, but we must not forget that data remains the main target for cybercriminals. It’s the reason we see phishing attempts, ransomware, and extortion. Cybercriminals realize that data has value, and it’s important we do too.

So, whether you are looking at new threats to data security posed by AI, or taking a moment to reevaluate your data security position, DLP tools remain incredibly valuable.

Next Steps

If you are considering DLP, then check out GigaOm’s latest research. Having the right tools in place enables an organization to strike the delicate balance between data utility and data security, ensuring that data serves as a catalyst for growth rather than a source of vulnerability.

To learn more, take a look at GigaOm’s DLP Key Criteria and Radar reports. These reports provide a comprehensive overview of the market, outline the criteria you’ll want to consider in a purchase decision, and evaluate how a number of vendors perform against those decision criteria.

If you’re not yet a GigaOm subscriber, sign up here.

The post The Impact of GenAI on Data Loss Prevention appeared first on Gigaom.

“Gone Phishing”—Every Cyberattacker’s Favorite Phrase

Paul Stringfellow — Tue, 01 Oct 2024 17:30:07 +0000

Phishing—how old hat is that as a topic? Isn’t it solved for most of us by now? Can’t we speak about AI instead? That may be your response when you hear a security analyst talk about phishing and phishing prevention, but those assumptions couldn’t be further from the truth. Phishing continues to be one of the primary threat vectors any organization needs to protect itself from.

How Phishing Has Evolved

Phishing, sadly, remains a persistent threat, continually evolving and attacking more users across a broader array of channels. It is no longer relegated to email messages with suspect spelling and grammar. Instead, phishing will target anywhere a user communicates: email, collaboration platforms, messaging apps, code repositories, and mobile devices. It is also increasingly accurate, making malicious communication more difficult than ever to identify. Its more sophisticated messaging is not always focused on stealing credentials or deploying malicious software and instead seeks to encourage users to carry out malicious activity unknowingly.

This is where AI plays its part. AI is at the forefront of modern attacks, having increased the efficacy of phishing campaigns by enabling criminals to study a target’s online habits and craft more convincing phishing attempts. Modern attacks can recognize the usual communication patterns of organizations and users, and the language used in those communications, and are using this ability to great effect across new channels such as messaging apps, SMS messages, and even audio and video.

Packing the Defense

Many organizations have, of course, invested in anti-phishing tools and have done so for a prolonged period. However, with an attack methodology that evolves so quickly, organizations must continue to evaluate their defenses. This does not mean they must rip out what they currently have, but it certainly means they should evaluate existing tools to ensure they remain effective and look at how to address gaps if discovered.

What should you consider when evaluating your current approaches?

Understand the attack surface: If your phishing protection is only focused on email, how are you protecting your users from other threats? Can you protect users from phishing attempts in Teams or Slack? When they access third-party sites and SaaS apps? When they are accessing code in code repositories? When they scan a QR code on their mobile? All of these are potential attack vectors. Are you covered?

AI defense: AI is rapidly accelerating the efficacy of phishing-based attacks. Its ability to build effective and hard-to-identify phishing attacks at scale presents a serious threat to traditional methods of spotting attacks. The most effective tool to reduce this threat is defensive AI. Understand how your tools are currently protecting your business from AI-based attacks and decide if the methods are effective.

Multilayered protection: Phishing attacks are broad, so defenses must be equally broad and layered. Modern tools should be able to stop basic attacks in a way that reduces the impact of false positives, which impact workflows and user efficiency. Solutions must ensure that phishing detection is accurate, but should also properly evaluate threats they don’t know using tools like link protection and sandboxing.

User education in phishing prevention: User education is a key component of phishing prevention. Organizations must determine the type of education that best serves their needs, whether it’s formal awareness training, phishing education exercises, or subtle “nudge” training to improve usage habits. Are your current tools as effective as you need them to be?

Catch you later: Increasingly, phishing threats are retrospectively activated. They are not triggered or malicious on delivery but are weaponized later in attempts to evade security tools. Ensure your solutions are capable of addressing this and can remove threats from communications channels when they become weaponized after delivery.

Don’t Let Them Phish in Your Lake

Phishing remains the most likely attack vector for cybercriminals. The impact of a successful phishing attempt can be significant, causing loss of business, reputation, financial impact and potential legal action.

Phishing is not a static threat; it continues to evolve rapidly. Organizations must continue to evaluate their phishing protection stance to ensure they remain effective against new and evolving threats.

Fortunately, cybersecurity vendors continue to evolve too. So, ensure you continue to monitor your defenses and don’t let a cyberattacker catch you hook, line, and sinker.

Next Steps

To learn more, take a look at GigaOm’s anti-phishing Key Criteria and Radar reports. These reports provide a comprehensive overview of the market, outline the criteria you’ll want to consider in a purchase decision, and evaluate how a number of vendors perform against those decision criteria.

If you’re not yet a GigaOm subscriber, sign up here.

The post “Gone Phishing”—Every Cyberattacker’s Favorite Phrase appeared first on Gigaom.

GigaOm Radar for Data Loss Prevention (DLP)

Paul Stringfellow — Wed, 11 Sep 2024 15:00:07 +0000

Data is a precious resource for today’s enterprises, and preventing its loss is of paramount importance. The cost of data loss is significant, and its impact wide-ranging: it can be technical (with loss of services impacting operations), reputational (impacting relationships and future business opportunities), or financial (both loss of business and regulatory fines).

At the same time, organizations can’t just lock their data away. Data needs to be in the right location at the right time. It must be portable and remain available for internal use and external collaboration. However, any location that makes data available is a potential vector for data loss.

The tension between the demand for using data and the potential impact of its loss present significant challenges, and those challenges continue to grow. Adding to the evolving threats and changing regulations faced regularly by organizations is the mounting use of AI inside organizations, especially generative AI. ChatGPT, Gemini, and Microsoft Copilot have become everyday tools, creating new places where sensitive data can be shared. Add the rapid adoption of AI solutions that are scanning business data repositories, and it becomes clear organizations must adopt new controls to ensure that only the correct data is shared with these platforms.

To face these challenges, organizations must focus on three areas: appropriate data usage policies, awareness training for employees, and technology to help enforce policies and secure data.

Data loss prevention (DLP) solutions are one way to meet these challenges. These tools are not new, but they continue to evolve to tackle the broad range of threat vectors, from internal repositories and endpoints to the cloud and rapidly developing AI services. DLP solutions have moved from complex, primarily on-premises tools to cloud-based solutions that can work seamlessly with existing infrastructure via integrations and APIs. They can also be part of broader security tooling such as firewalls and developing technologies such as secure access service edge (SASE).

Data loss impacts the entire business, and IT leaders must find the right balance of people, processes, and technology to ensure that doesn’t happen. While people and processes are an essential part of protecting data from compromise, it is technology such as DLP that underpins this effort.

This is our fourth year evaluating the DLP space in the context of our Key Criteria and Radar reports. This report builds on our previous analysis and considers how the market has evolved over the last year.

This GigaOm Radar report examines 15 of the top DLP solutions and compares offerings against the capabilities (table stakes, key features, and emerging features) and nonfunctional requirements (business criteria) outlined in the companion Key Criteria report. Together, these reports provide an overview of the market, identify leading DLP offerings, and help decision-makers evaluate these solutions so they can make a more informed investment decision.

GIGAOM KEY CRITERIA AND RADAR REPORTS

The post GigaOm Radar for Data Loss Prevention (DLP) appeared first on Gigaom.

Are We Taking Enterprise Password Management Seriously?

Paul Stringfellow — Mon, 19 Aug 2024 17:39:26 +0000

Passwords are the keys to your digital assets: it’s how we access applications and data, as well as infrastructure and systems. Often they are characters we type in as part of a logon prompt, but they can also be hidden in code, as an application makes a call to other resources to carry out its tasks.

The management of passwords is a complex process for both operations teams and users. Unfortunately, that complexity often leads to poor password practices, making passwords a high-priority target for cybercriminals: they know that gaining access to the right credentials can give them the keys to an organization’s data kingdom. And that can lead to data breaches that compromise security, productivity, and reputation.

With the complexity of the challenge and the risk that poor password management introduces, you’d think that all IT leaders would have either found ways to address the problem or have it high on the priority list. But is that the case? Recently, I worked on the third iteration of GigaOm’s Enterprise Password Management report, and one of the things that struck me is that not everyone is taking this challenge as seriously as they should and spending time to understand why password management is hard and what tools are available to help.

Why Is Password Management So Complex?

Why is password management such an issue? There are a number of reasons.

The volume of passwords that must be managed and remembered is at the heart of the problem. Users have dozens of passwords, each of which typically needs to be changed regularly, often with increasing complexity, resulting in poor password practice, like weak passwords, password reuse, and poor password security.

Password management is tedious and time consuming. It involves dealing with forgotten passwords, discovering where there is risk, and defining and applying robust password policies. Moreover, policies and controls may need to be configured in multiple applications and systems, increasing the overhead further.

Password policies are difficult to enforce. Organizations need to know how good their password policies are and where they are at risk. The distributed nature of passwords makes this very difficult to grasp and difficult to address.

Password sharing is a common practice. When access is required to common entities—such as infrastructure, machines, and applications—for maintenance or other purposes, passwords may be shared by operations teams. Other teams may share passwords to marketing and sales tools, and users may need to gain access to resources in the event of another user’s absence. This creates headaches around practicality and security.

Benefits of Password Managers

Password managers can offer significant advantages to organizations. Benefits include:

Storing passwords securely: These solutions provide a secure, encrypted vault into which all passwords can be placed, enabling easier and more effective management.

Improving reporting: By bringing passwords under the control of one application, a password manager can assess the effectiveness and security of the passwords and whether they meet the organization’s policies. It can warn of potential risk and help guide users and operations teams to apply better controls.

Centralizing policy management: With a view of overall password health, a password manager can help an organization to understand the types of policies it needs to deploy and provide a central location from which to apply them. Operations teams can also gain insight into how well policies are adopted and where there may still be risk when policies are not followed.

Making the lives of users easier: Enterprise users often have to interact with a variety of systems and resources, potentially requiring a number of passwords for access. The use of a password manager obviates the need for multiple passwords, or at the very least, it makes using them less onerous. Password managers take the complexity out of password generation and ensure passwords meet company policy. Though enterprise password managers are typically more concerned with work-related security, some provide users with access to personal password vaults, which enables them to improve password security for themselves and their families.

Challenges of Password Managers

Despite the obvious advantages of password managers, there are potential issues to consider.

Eggs in one basket: This is a common concern and not unfounded: with all of an organization’s credentials in one place, compromise could be devastating. The security of the vault is hugely important, requiring robust access controls, vault encryption, resilience, and protection. Keep in mind, though, that the risk of the password manager being breached may be less than the impact of poor password management practices.

Change is hard: As with most changes, the move to a password manager can be difficult, typically requiring organizations to mandate change in policy and user interaction with passwords and applications. IT leaders will not only need to gain leadership buy-in to password managers but also help users to effectively use them to improve the organization’s security and their own experience. This will take time and effort—but probably less time and effort than recovering from a breach caused by poor password practices.

Questioning the likelihood and risk of a breach: Password theft is still one of the most common ways cyberattackers gain access. It’s why phishing attacks remain so prevalent and why there is such an investment in their continued evolution. The dozens of passwords, held by hundreds or even thousands of users, across their personal and business life, all present a potential security risk. It only takes one password breach and a bad actor can gain access to sensitive applications and data.

Without a doubt, password management is hard, and finding ways to address it is critical. If you’ve never considered adding a password manager to your security arsenal, go check out some of the vendors in the space and see what they can do for you.

Next Steps

To learn more, take a look at GigaOm’s enterprise password management Key Criteria and Radar reports. These reports provide a comprehensive view of the market, outline the criteria you’ll want to consider in a purchase decision, and evaluate how a number of vendors perform against those decision criteria.

If you’re not yet a GigaOm subscriber, sign up here.

The post Are We Taking Enterprise Password Management Seriously? appeared first on Gigaom.

SaaS Security Posture—It’s not you, it’s me!

Paul Stringfellow — Mon, 19 Aug 2024 15:34:56 +0000

In business, it’s not uncommon to take a software-as-a-service (SaaS)-first approach. It makes sense—there’s no need to deal with the infrastructure, management, patching, and hardening. You just turn on the SaaS app and let it do its thing.

But there are some downsides to that approach.

The Problem with SaaS

While SaaS has many benefits, it also introduces a host of new challenges, many of which don’t get the coverage they warrant. At the top of the list of challenges is security. So, while there are some very real benefits of SaaS, it’s also important to recognize the security risk that comes with it. When we talk about SaaS security, we’re not usually talking about the security of the underlying platform, but rather how we use it.

Remember, it’s not you, it’s me!

The Shared Responsibility Model
In the terms and conditions of most SaaS platforms is the “shared responsibility model.” What it usually says is that the SaaS vendor is responsible for providing a platform that is robust, resilient, and reliable—but they don’t take responsibility for how you use and configure it. And it is in these configuration changes that the security challenge lives.

SaaS platforms often come with multiple configuration options, such as ways to share data, ways to invite external users, how users can access the platform, what parts of the platform they can use, and so on. And every configuration change, every nerd knob turned, is the potential to take the platform away from its optimum security configuration or introduce an unexpected capability. While some applications, like Microsoft 365, offer guidance on security settings, this is not true for all of them. Even if they do, how easy is that to manage when you get to 10, 20, or even 100 SaaS apps?

Too Many Apps
Do you know how many SaaS apps you have? It’s not the SaaS apps you know about that are the issue, it’s the ones you don’t. Because SaaS is so accessible, it can easily evade management. There are apps that people use but an organization may not be aware of—like the app the sales team signed up for, that thing that marketing uses, and of course, everyone wants a GenAI app to play with. But these aren’t the only ones; there are also the apps that are part of the SaaS platforms you sign up for. Yes, even the ones you know about can contain additional apps you don’t know about. This is how an average enterprise gets to more than 100 SaaS applications. How do you manage each of those? How do you ensure you know they exist and they are configured in a way that meets good security practices and protects your information? Therein lies the challenge.

Introducing SSPM

SSPM can be the answer. It is designed to initially integrate with your managed SaaS applications to provide visibility into how they are configured, where configurations present risks, and how to address them. It will continually monitor them for new threats and configuration changes that introduce risk. It will also discover unmanaged SaaS applications that are in use, evaluate their posture and present risk profiles of both the application and the SaaS vendor itself. It centralizes the management and security of a SaaS infrastructure and where its management and configuration present risk.

Overlap with CASB and DLP
There is some overlap in the market, particularly with cloud access security broker (CASB) and data loss prevention (DLP) tools. But these tools are a bit like capturing the thief as he runs down the driveway, rather than making sure the doors and windows were secured in the first place.

SSPM is yet another security tool to manage and pay for. But is it a tool we need? Well, that is up to you; however, our use of SaaS, for all the benefits it brings, has brought a new complexity and a new set of risks. We have so many more apps than we have ever had, many of them we don’t manage centrally, and they have many configuration knobs to turn. Without oversight of them all, we do run security risks.

Next Steps

SaaS security posture management (SSPM) is another entry into the growing catalog of security posture management tools. They are often easy to try out, and many offer free assessments that can give you an idea of the scale of the challenge you face. SaaS security is tricky and often does not get the coverage it deserves, so getting an idea of where you stand could be helpful.

Before you find yourself on the wrong end of a security incident and your SaaS vendor tells you it’s you, not me, it may be worth seeing what an SSPM tool can do for you. To learn more, take a look at GigaOm’s SSPM Key Criteria and Radar reports. These reports provide a comprehensive overview of the market, outline the criteria you’ll want to consider in a purchase decision, and evaluate how a number of vendors perform against those decision criteria.

If you’re not yet a GigaOm subscriber, sign up here.

The post SaaS Security Posture—It’s not you, it’s me! appeared first on Gigaom.

GigaOm Key Criteria for Evaluating Data Loss Prevention (DLP) Solutions

Paul Stringfellow — Fri, 16 Aug 2024 19:39:30 +0000

Data is a precious resource for today’s enterprises, and preventing data loss is of paramount importance. The cost of data loss is significant, and its impact wide-ranging: it can be technical (with loss of services impacting operations), reputational (impacting relationships and future business opportunities), and/or financial (both loss of business and regulatory fines).

At the same time, organizations can’t just lock their data away. Data needs to be available in the right location at the right time. It must be portable and remain available for both internal use and external collaboration. However, each location where data must be available is a potential vector for data loss.

The amount of data held by organizations and the complexity of managing and securing it pose a major challenge. To reduce risks to data, organizations must focus on three areas: appropriate data usage policies, awareness training for their employees, and technology to help enforce data policy and secure data. Data loss prevention (DLP) solutions offer technical assistance to help effectively enforce data governance and security.

Business Imperative
The possibility of data loss presents a high risk to an organization, and the loss of data is likely to cause significant impact. Organizations that lose sensitive data run the risk of commercial loss as intellectual property becomes public knowledge, and reputational damage caused by leaks of sensitive internal information and/or just bad publicity. The loss of data also carries the threat of punitive action in the form of fines for regulatory violations and, in the worst cases, litigation against those who are responsible for an organization’s data.

Therefore, the diligent IT leader must ensure their organization is aware of the risks of data loss and its impacts. But they must also have a plan to address it. Organizations must understand the potential risks, the impact of failure to address those risks, and the costs associated with that impact versus the cost of addressing it. The costs of losing data through a breach are well publicized and often enshrined in regulations that compliance teams deal with.

Adopting a DLP solution is not a trivial task, however, and IT leaders must be aware these are not projects that should be driven solely by IT teams. They must include business-wide stakeholders because the responsibility for data and its security is a whole business issue. Therefore, it is essential IT leadership work closely throughout the business to ensure buy-in from the board level to new hires. Those tasked with risk management—legal and governance teams—and those in more formal data-focused roles, such as data protection offices, should all play an active part in DLP deployment.

When it comes to deploying an effective DLP program, IT leaders must consider:

How the DLP solution will be adopted within the organization: Processes must be well defined and users educated about the risks and approaches to mitigating them.
How it will work within existing operating practices: Solutions need to improve accuracy in identifying data loss risk and deal with emerging threats such as the proliferation of generative AI tools.
How it will integrate with existing tools: Solutions need to cover all potential data repositories and threat vectors.

Sector Adoption Score
To help executives and decision-makers assess the potential impact and value of a DLP solution deployment to the business, this GigaOm Key Criteria report provides a structured assessment of the sector across five factors: benefit, maturity, urgency, impact, and effort. By scoring each factor based on how strongly it compels or deters adoption of a DLP solution, we provide an overall Sector Adoption Score (Figure 1) of 4 out of 5, with 5 indicating the strongest possible recommendation to adopt. This indicates that a DLP solution is a credible candidate for deployment and worthy of thoughtful consideration.

The factors contributing to the Sector Adoption Score for DLP are explained in more detail in the Sector Brief section that follows.

Key Criteria for Evaluating DLP Solutions

Sector Adoption Score

Deters
Adoption

Discourages
Adoption

Merits
Consideration

Encourages
Adoption

Compels
Adoption

Figure 1. Sector Adoption Score for DLP

This is the fourth year that GigaOm has reported on the DLP space in the context of our Key Criteria and Radar reports. This report builds on our previous analysis and considers how the market has evolved over the last year.

This GigaOm Key Criteria report highlights the capabilities (table stakes, key features, and emerging features) and nonfunctional requirements (business criteria) for selecting an effective DLP solution. The companion GigaOm Radar report identifies vendors and products that excel in those decision criteria. Together, these reports provide an overview of the market, identify leading DLP offerings, and help decision-makers evaluate these solutions so they can make a more informed investment decision.

GIGAOM KEY CRITERIA AND RADAR REPORTS

The post GigaOm Key Criteria for Evaluating Data Loss Prevention (DLP) Solutions appeared first on Gigaom.

Paul Stringfellow, Author at Gigaom

GigaOm Key Criteria for Evaluating Ransomware Prevention Solutions

Key Criteria for Evaluating Category Solutions

Sector Adoption Score

DetersAdoption

DiscouragesAdoption

MeritsConsideration

EncouragesAdoption

CompelsAdoption

GIGAOM KEY CRITERIA AND RADAR REPORTS

GigaOm Radar for Data Security Platforms

GIGAOM KEY CRITERIA AND RADAR REPORTS

GigaOm Radar for Ransomware Prevention

GIGAOM KEY CRITERIA AND RADAR REPORTS

GigaOm Radar for Insider Risk Management

GIGAOM KEY CRITERIA AND RADAR REPORTS

The Impact of GenAI on Data Loss Prevention

Enter Generative AI

The DLP Approach

The Target Remains the Same

Next Steps

“Gone Phishing”—Every Cyberattacker’s Favorite Phrase

How Phishing Has Evolved

Packing the Defense

Don’t Let Them Phish in Your Lake

Next Steps

GigaOm Radar for Data Loss Prevention (DLP)

GIGAOM KEY CRITERIA AND RADAR REPORTS

Are We Taking Enterprise Password Management Seriously?

Why Is Password Management So Complex?

Benefits of Password Managers

Challenges of Password Managers

Next Steps

SaaS Security Posture—It’s not you, it’s me!

The Problem with SaaS

Introducing SSPM

Next Steps

GigaOm Key Criteria for Evaluating Data Loss Prevention (DLP) Solutions

Key Criteria for Evaluating DLP Solutions

Sector Adoption Score

DetersAdoption

DiscouragesAdoption

MeritsConsideration

EncouragesAdoption

CompelsAdoption

GIGAOM KEY CRITERIA AND RADAR REPORTS

Deters
Adoption

Discourages
Adoption

Merits
Consideration

Encourages
Adoption

Compels
Adoption

Deters
Adoption

Discourages
Adoption

Merits
Consideration

Encourages
Adoption

Compels
Adoption