How To: Conduct a Risk Assessment Prior To Creating Data Usage Policies (w. Lookout)

08/24/2023

51

0 (0%)

Report Like Favorite

Transcript

Mike Matchett: But I'm still I'm still thinking just, you know, if I'm watching this today, how do I get there? What do I what can I do to actually make that that that assessment and do those wins and prioritize that data? Andy Olpin: Yep. And and some of that is, like I said, it starts with our, our risk assessment, right? We plug in via an API and tell you what you have out there, but then we can start to get more advanced, right? So this, this slide is a little busy. It's got a lot of detail in here. But this is about how would I enable that collaboration, right? So you want to enable the business to be able to share sensitive data with appropriate people. But the first thing you have to do is know where that data is and what's sensitive. Then how do we make policies on top of that? Right? So again, the goal here is to give you power, but to do it in an automated way. So what we can do is talk about all these great ways we can build contextual policies. And what I mean by contextual policies is I want to know a whole bunch of information about data access. I want to know who the user is and what group they're in. I want to know if their behavior is a little bit outside the norm, right? So if you have a user who normally downloads ten files a day and suddenly you start seeing them download 100 files a day, maybe that's an insider risk, maybe that's a ransomware problem. You know, that's a bit of data I need to see. What's the location they're coming from? Are they coming from their normal home location or are we seeing a login from some place very risky overseas that seems out of character, right? And then the other contexts are like, what about the device? Is it a corporate device? Is a personal device? Is the device in good standing? Right. Is the EDR product that's on the device running in a good state? And what data are they accessing at this moment? To go back to the data thing, that's another bit of context, right? So a user what I can do here from a collaboration standpoint that's really powerful is I can build context rules that also include the sensitivity of the data. So I can go and say, all right, I have this super sensitive Coke can formula or whatever it is that I need to protect. So I'm going to make rules around this data that say you have to be coming from a corporate laptop, only logging in from the United States or, you know, whatever it is, Right? I'm going to be very restricted with this piece of data. But because my contextual policies know about the data access, I can then turn around and say, all right, for the rest of Office 365 I don't care so much. You want to come in from a personal computer? No problem. I'm going to control access where I might say based on the data sensitivity, you can only do these things or I might loads. Or I might redact social security numbers out when you're coming from a personal computer. But it really gives me that ability to say we are going to allow you to work from anywhere, from any device with the caveat that your access to data might be a little bit restricted when you're not coming from a company issued device. Hank Schless: Yeah. I think the one thing I'll I'll highlight here is going beyond that block allow piece the second the second bullet there in the in the benefits I think that's just again these days I think it's just so important just to be able to let people do what they need to do with the data they need. But but but nothing more. You want to be able to limit that in such a way that no one's getting stopped. But but you don't want to put yourself at risk. So that's always I just think that's like so, so critically important these days, especially with with data flowing everywhere.

Categories:

» Webinar Library » Lookout

Channels:

Where Does Your Data Go? Data Loss Preventing and Stopping Data Exfiltration

Tags:

lookout

Show more Show less

Browse videos

Upcoming Webinar Calendar

09/16/2025

12:00 PM

09/16/2025

SOC 2 for Startups: Strategies to Reduce Costs, Enhance Efficiency, and Achieve Compliance

https://www.truthinit.com/index.php/channel/1410/soc-2-for-startups-strategies-to-reduce-costs-enhance-efficiency-and-achieve-compliance/
09/16/2025

01:00 PM

09/16/2025

KnowBe4: Beyond DMARC: Closing Critical Gaps in Your Email Security Shield

https://www.truthinit.com/index.php/channel/1403/beyond-dmarc-closing-critical-gaps-in-your-email-security-shield/
09/16/2025

01:00 PM

09/16/2025

HUMAN Security: CISO to CISO: A HUMAN conversation about Artificial Intelligence

https://www.truthinit.com/index.php/channel/1411/ciso-to-ciso-a-human-conversation-about-artificial-intelligence/
09/18/2025

04:00 AM

09/18/2025

Netskope: Die doppelte Funktion der KI: Innovationsantrieb und Sicherheitsgarant

https://www.truthinit.com/index.php/channel/1445/die-doppelte-funktion-der-ki-innovationsantrieb-und-sicherheitsgarant/
09/18/2025

04:00 AM

09/18/2025

Netskope: La dualité de l’IA : inspirer l’innovation tout en protégeant l’avenir

https://www.truthinit.com/index.php/channel/1446/la-dualité-de-lia-inspirer-linnovation-tout-en-protégeant-lavenir/
09/18/2025

10:00 AM

09/18/2025

Netskope: La dualità dell'IA: stimolare l'innovazione e salvaguardare il futuro

https://www.truthinit.com/index.php/channel/1444/la-dualità-dellia-stimolare-linnovazione-e-salvaguardare-il-futuro/
09/18/2025

11:00 AM

09/18/2025

Trend Micro Webinar: Risk in Real Time: Agentic SIEM

https://www.truthinit.com/index.php/channel/1372/risk-real-time-agentic-siem/
09/18/2025

01:00 PM

09/18/2025

Netskope: Harnessing AI’s Dual Nature: Progress and Protection

https://www.truthinit.com/index.php/channel/1424/harnessing-ais-potential-for-innovation-and-mitigating-associated-risks/
09/23/2025

01:00 PM

09/23/2025

Enhancing Visibility, Control, and Trust in Cloud-First Data Security Posture

https://www.truthinit.com/index.php/channel/1497/enhancing-visibility-control-and-trust-in-cloud-first-data-security-posture/
09/24/2025

02:00 PM

09/24/2025

Achieving Full Network and Application Visibility through Zero Trust with Netskope and ExtraHop

https://www.truthinit.com/index.php/channel/1427/achieving-full-network-and-application-visibility-through-zero-trust-with-netskope-and-extrahop/
09/25/2025

12:00 PM

09/25/2025

360View: Email Security & Social Engineering Defense

https://www.truthinit.com/index.php/channel/930/360view-email-security-social-engineering-defense/
09/25/2025

12:00 PM

09/25/2025

Netskope: Secure the Future--AI Usage & Data Security in the Enterprise

https://www.truthinit.com/index.php/channel/1434/ensuring-data-security-and-ai-integration-for-a-resilient-enterprise-future/
10/23/2025

12:00 PM

10/23/2025

360View: Preventing Data Exfiltration: Keeping Enterprise Data Secure

https://www.truthinit.com/index.php/channel/931/360view-preventing-data-exfiltration-keeping-enterprise-data-secure/
10/28/2025

12:00 PM

10/28/2025

Netskope: Data Security Reimagined: Regain Your Control and Confidence

https://www.truthinit.com/index.php/channel/1432/data-security-reimagined-regain-your-control-and-confidence/
11/20/2025

12:00 PM

11/20/2025

360View: Budget Optimization: Doing More with Less

https://www.truthinit.com/index.php/channel/932/360view-budget-optimization-doing-more-with-less/
12/18/2025

12:00 PM

12/18/2025

360View: 2026 IT Predictions & Emerging Trends

https://www.truthinit.com/index.php/channel/933/360view-2026-it-predictions-emerging-trends/