your marketing team probably wants to keep its big campaign strategy under wraps until just the right moment.
Human resource is doesn't want any employee personal data exposed, and that's probably required by law.
Your accounting department wants to keep the financial numbers from prying eyes while your legal department
well, they're the legal department. The point is, no matter who you ask in your organization, you'll get a different point of view on what data is most important.
While I T may understand where data of lives and how it's accessed, they don't necessarily know what data is important.
So your first step in building a modern insider threat program is prioritizing the highest risks.
This involves not only identifying what is most valuable to your organization but figuring out where it's located as well.
So where do you begin
by talking to the right people?
So let's hear from Peter Haji, Georgia, on how you do that.
To fully understand what is important, you need to engage with line of business stakeholders in conversations about what is most valuable to them
for data protection. Yes, all data has value,
but having these conversations is Keith understanding the different types of files and other business data you need to keep a close eye on.
One thing that helps is to categorize your data
everything from regulated data like P II. Corporate financial information to product roadmap.
Depending on the type of high valued, unstructured data you have,
it may require more creative means of tracking.
Once you know what data you have, you need to know where it is.
And here the challenges we've seen to date are. Unfortunately, only the beginning
cloud based collaboration tools have forever transformed the way we share information and collaborate.
Employees are relying on countless numbers of messaging, APS, file transfer services and cloud APS to share data within and without their organizations
again. Peter Hodja, Georgia
While many organizations retain data on network drives, there could be collaboration or sharing issues within the organization that impede productivity.
And whenever productivity is impacted, you will see employees creating their own solutions so they can continue with their work and projects.
Cloud storage is amazing, easy for collaboration, but
it's also the same ex filtration vector that insiders often utilize toe accidentally or maliciously excell trait important data
with the diverse mobile and increasingly remote workforce. User endpoints probably have some of the organizations most valuable data sitting around on various systems and hard drives.
A good insider threat program that it's focused on data protection should be able to monitor the file activities on your endpoints without reliance on data needing to move through the internal network.
The first challenge in building a modern insider threat program is locating and identifying your organization's most valuable data.
There's probably not one single person in the organization that can identify all your most valuable data. So we need to identify the data owners and line of business stakeholders and talk to them.
Ask them what data is most important.
Additionally, we should categorize it.
Different types of unstructured data may need different types of tracking.
Finally, we need to locate it
different types of location, such as endpoints, network drives and increasingly, the cloud may need different types of tracking.
Okay, once we know what data is important and where it is, what's the next step in building our insider threat program?
Building a formal group of stakeholders