How To: Conduct a Risk Assessment Prior To Creating Data Usage Policies (w. Lookout)

08/24/2023

51

0 (0%)

Report Like Favorite

Transcript

Mike Matchett: But I'm still I'm still thinking just, you know, if I'm watching this today, how do I get there? What do I what can I do to actually make that that that assessment and do those wins and prioritize that data? Andy Olpin: Yep. And and some of that is, like I said, it starts with our, our risk assessment, right? We plug in via an API and tell you what you have out there, but then we can start to get more advanced, right? So this, this slide is a little busy. It's got a lot of detail in here. But this is about how would I enable that collaboration, right? So you want to enable the business to be able to share sensitive data with appropriate people. But the first thing you have to do is know where that data is and what's sensitive. Then how do we make policies on top of that? Right? So again, the goal here is to give you power, but to do it in an automated way. So what we can do is talk about all these great ways we can build contextual policies. And what I mean by contextual policies is I want to know a whole bunch of information about data access. I want to know who the user is and what group they're in. I want to know if their behavior is a little bit outside the norm, right? So if you have a user who normally downloads ten files a day and suddenly you start seeing them download 100 files a day, maybe that's an insider risk, maybe that's a ransomware problem. You know, that's a bit of data I need to see. What's the location they're coming from? Are they coming from their normal home location or are we seeing a login from some place very risky overseas that seems out of character, right? And then the other contexts are like, what about the device? Is it a corporate device? Is a personal device? Is the device in good standing? Right. Is the EDR product that's on the device running in a good state? And what data are they accessing at this moment? To go back to the data thing, that's another bit of context, right? So a user what I can do here from a collaboration standpoint that's really powerful is I can build context rules that also include the sensitivity of the data. So I can go and say, all right, I have this super sensitive Coke can formula or whatever it is that I need to protect. So I'm going to make rules around this data that say you have to be coming from a corporate laptop, only logging in from the United States or, you know, whatever it is, Right? I'm going to be very restricted with this piece of data. But because my contextual policies know about the data access, I can then turn around and say, all right, for the rest of Office 365 I don't care so much. You want to come in from a personal computer? No problem. I'm going to control access where I might say based on the data sensitivity, you can only do these things or I might loads. Or I might redact social security numbers out when you're coming from a personal computer. But it really gives me that ability to say we are going to allow you to work from anywhere, from any device with the caveat that your access to data might be a little bit restricted when you're not coming from a company issued device. Hank Schless: Yeah. I think the one thing I'll I'll highlight here is going beyond that block allow piece the second the second bullet there in the in the benefits I think that's just again these days I think it's just so important just to be able to let people do what they need to do with the data they need. But but but nothing more. You want to be able to limit that in such a way that no one's getting stopped. But but you don't want to put yourself at risk. So that's always I just think that's like so, so critically important these days, especially with with data flowing everywhere.

Categories:

» Webinar Library » Lookout

Channels:

Where Does Your Data Go? Data Loss Preventing and Stopping Data Exfiltration

Tags:

lookout

Show more Show less

Browse videos

Upcoming Webinar Calendar

11/12/2025

12:00 PM

11/12/2025

Zendesk Customer Spotlight [Pure Insurance]: How to Scale Employee Service from IT to HR

https://www.truthinit.com/index.php/channel/1545/zendesk-customer-spotlight-pure-insurance-how-to-scale-employee-service-from-it-to-hr/
11/12/2025

10:00 PM

11/12/2025

Maximize Business Value: Transform AI Buzz into Profitable Outcomes with Druva

https://www.truthinit.com/index.php/channel/1555/maximize-business-value-transform-ai-buzz-into-profitable-outcomes-with-druva/
11/13/2025

05:00 AM

11/13/2025

Transform AI Excitement into Tangible Business Success with Druva

https://www.truthinit.com/index.php/channel/1554/transform-ai-excitement-into-tangible-business-success-with-druva/
11/13/2025

12:30 PM

11/13/2025

Insights from a Certified CMMC Assessor: Sidestepping Common Assessment Pitfalls

https://www.truthinit.com/index.php/channel/1536/insights-from-a-certified-cmmc-assessor-sidestepping-common-assessment-pitfalls/
11/13/2025

01:00 PM

11/13/2025

Human Security: Strategies to Combat Click Fraud: Innovations from LinkedIn and HUMAN for Budget Protection and Enhanced Campaign Performance

https://www.truthinit.com/index.php/channel/1583/strategies-to-combat-click-fraud-innovations-from-linkedin-and-human-for-budget-protection-and-enhanced-campaign-performance/
11/13/2025

01:00 PM

11/13/2025

Transforming AI Buzz into Tangible Business Value with Druva AI

https://www.truthinit.com/index.php/channel/1556/transforming-ai-buzz-into-tangible-business-value-with-druva-ai/
11/18/2025

01:00 PM

11/18/2025

HUMAN Dialogue: Fostering Trust Amidst the Rise of Agentic Commerce

https://www.truthinit.com/index.php/channel/1582/human-dialogue-fostering-trust-amidst-the-rise-of-agentic-commerce/
11/18/2025

01:00 PM

11/18/2025

Microsoft Advanced Group Policy Management (AGPM) End of Life: Your Practical Migration Playbook

https://www.truthinit.com/index.php/channel/1579/microsoft-advanced-group-policy-management-agpm-end-of-life-your-practical-migration-playbook/
11/20/2025

05:00 AM

11/20/2025

Druva: Prove you can outsmart ransomware in this virtual cyber recovery simulation!

https://www.truthinit.com/index.php/channel/1619/untitled-channel/
11/20/2025

11:00 AM

11/20/2025

Trend Micro Webinar: Smarter Decision Making via Network Intelligence

https://www.truthinit.com/index.php/channel/1372/unlocking-network-intelligence-for-smarter-risk-decisions/
11/20/2025

12:00 PM

11/20/2025

CMMC Certification: Next Steps for Continuous Monitoring and Management

https://www.truthinit.com/index.php/channel/1558/cmmc-certification-next-steps-for-continuous-monitoring-and-management/
11/20/2025

12:00 PM

11/20/2025

360View: Budget Optimization: Doing More with Less

https://www.truthinit.com/index.php/channel/932/360view-budget-optimization-doing-more-with-less/
11/20/2025

01:00 PM

11/20/2025

Rethinking Hybrid Access: Securing Users, Vendors, and Infrastructure in the Zero Trust Era

https://www.truthinit.com/index.php/channel/1612/rethinking-hybrid-access-securing-users-vendors-and-infrastructure-in-the-zero-trust-era/
12/04/2025

12:00 PM

12/04/2025

CMMC Level 2 Assessment Insights: Expectations from an OSC and C3PAO Assessor

https://www.truthinit.com/index.php/channel/1557/cmmc-level-2-assessment-insights-expectations-from-an-osc-and-c3pao-assessor/
12/09/2025

01:00 PM

12/09/2025

Energize Your Connections with Netskope and Presidio Collaboration

https://www.truthinit.com/index.php/channel/1553/energize-your-connections-with-netskope-and-presidio-collaboration/
12/11/2025

12:00 PM

12/11/2025

Secureframe: Addressing the Top 5 Compliance Challenges for Startup Leaders and Solutions

https://www.truthinit.com/index.php/channel/1526/addressing-the-top-5-compliance-challenges-for-startup-leaders-and-solutions/
12/18/2025

12:00 PM

12/18/2025

360View: 2026 IT Predictions & Emerging Trends

https://www.truthinit.com/index.php/channel/933/360view-2026-it-predictions-emerging-trends/