Forcepoint: Building a Data Protection Strategy for Remote Work

(The blog post was originally published on May 4, 2020 by our partner, Forcepoint on their page)

As security and IT organizations begin to adjust to the “new normal,” there will be plenty of accomplishments to celebrate but also new challenges to tackle. 

By now, you likely have adopted new cloud-based applications, deployed new technologies, moved workloads from internal systems to cloud environments, and adjusted data and usage policies to list a few things. And many of you have done even more. 

But as you begin to shift from a “following-the-business-continuity-plan” mindset to resuming “business as usual,” it’s time to think about building a robust and sustainable data protection strategy. One that will empower employees to use applications and access data they need to get their jobs done, while also giving you visibility into and control over the sensitive and regulated data that you need to safeguard. 

There are a few key elements to consider when solidifying a data protection strategy. If you don’t already have one in place, it may be time to begin researching how a data loss prevention (DLP) solution can help secure your newly expanded and distributed hybrid IT environment. 

Keep a sharp eye on cloud applications seeing increased usage

A sustainable security posture is one that won’t interfere with employees’ productivity over the long term. People naturally gravitate toward applications their peers are using, that are easy to learn, and that help them accomplish what they need to get done. Security professionals should strive to understand cloud application usage trends within the organization so that they can ensure employees’ needs are being met.

A cloud access security broker (CASB) solution helps here because it provides full visibility across all cloud-based applications that people use. These include applications that are unsanctioned, lesser known, internal to the organization or hosted in the organization’s private cloud. 

This enhanced visibility enables you to track shifts in usage. CASB enables you to see which tools employees are choosing to use, so you can make better-informed decisions about what helps them be most productive. Forcepoint CASB includes a Cloud App Directory to keep track of thousands of applications. 

For example, if you notice a large number of workers trying to access a particular less-than-secure new application, CASB can help find a better alternative that offers similar functionalities with more robust security capabilities. This can also be helpful if you’re trying to avoid vendor sprawl. 

Millions of software-as-a-service (SaaS) applications are available today. With CASB, you don’t have to be an expert on the security features and unpatched vulnerabilities of every one of them. The solution provides that intelligence for you, so you can make educated decisions about which tools to support while taking employee preferences into consideration.

What to look out for when you’re considering DLP 

When large numbers of employees begin to work remotely, many of their application usage patterns and habits tend to change. They’ll probably be spending more time browsing the web… but not from within the traditional perimeter-based network defenses or with the protection of an on-premises appliance-based secure web gateway. 

Your organization may have moved business-critical workloads from internal systems to public cloud environments. Or maybe you have built new virtual private network (VPN) capacities to support access to internal data and apps. 

A DLP solution can give you the control you’ll need in order to enforce granular and unified policies across your entire IT environment, even as it continues to evolve. You should seek a solution with capabilities that match the ways your employees access business applications and data. 

It’s also worth examining data flow. How does data move through your organization? In some business units, data may flow between endpoint devices and cloud platforms Still, employees in some business units may rely heavily on a VPN connection between their personal devices and on-premises systems. And other employees may use a heterogeneous mix of on-premises systems and cloud-based workloads. 

You’ll want a DLP solution that accounts for these use cases. It should protect your organization from data exfiltration across all channels where it can occur—including an expanded set of remote locations like employees’ homes. 

That means your data protection strategy needs to cover all these channels:

• Cloud-hosted SaaS applications
• Cloud storage
• Email
• Collaboration tools with chat and instant messaging capabilities
• Third-party hardware connected via Bluetooth
• USB drives
• Printers
• Applications and databases

Forcepoint DLP can enforce unified policies across all of these channels. It can be administered from a console that provides a unified view across your entire environment, simplifying policy management and optimization. This centralized visibility and control will help you keep people productive while keeping data secure, no matter where employees are working.

Find out how Forcepoint solutions can improve data protection in your environment. Talk to an expert from our team to learn more.