Truth in IT
    • Sign In
    • Register
        • Videos
        • Channels
        • Pages
        • Galleries
        • News
        • Events
        • All
Truth in IT Truth in IT
  • Data Management ▼
    • Converged Infrastructure
    • DevOps
    • Networking
    • Storage
    • Virtualization
  • Cybersecurity ▼
    • Application Security
    • Backup & Recovery
    • Data Security
    • Identity & Access Management (IAM)
    • Zero Trust
  • Cloud ▼
    • Hybrid Cloud
    • Private Cloud
    • Public Cloud

How To: Conduct a Risk Assessment Prior To Creating Data Usage Policies (w. Lookout)

Truth in IT
08/24/2023
51
0 (0%)
Share
  • Comments
  • Download
  • Transcript
Report Like Favorite
  • Share/Embed
  • Email
Link
Embed

Transcript


Mike Matchett: But I'm still I'm still thinking just, you know, if I'm watching this today, how do I get there? What do I what can I do to actually make that that that assessment and do those wins and prioritize that data? Andy Olpin: Yep. And and some of that is, like I said, it starts with our, our risk assessment, right? We plug in via an API and tell you what you have out there, but then we can start to get more advanced, right? So this, this slide is a little busy. It's got a lot of detail in here. But this is about how would I enable that collaboration, right? So you want to enable the business to be able to share sensitive data with appropriate people. But the first thing you have to do is know where that data is and what's sensitive. Then how do we make policies on top of that? Right? So again, the goal here is to give you power, but to do it in an automated way. So what we can do is talk about all these great ways we can build contextual policies. And what I mean by contextual policies is I want to know a whole bunch of information about data access. I want to know who the user is and what group they're in. I want to know if their behavior is a little bit outside the norm, right? So if you have a user who normally downloads ten files a day and suddenly you start seeing them download 100 files a day, maybe that's an insider risk, maybe that's a ransomware problem. You know, that's a bit of data I need to see. What's the location they're coming from? Are they coming from their normal home location or are we seeing a login from some place very risky overseas that seems out of character, right? And then the other contexts are like, what about the device? Is it a corporate device? Is a personal device? Is the device in good standing? Right. Is the EDR product that's on the device running in a good state? And what data are they accessing at this moment? To go back to the data thing, that's another bit of context, right? So a user what I can do here from a collaboration standpoint that's really powerful is I can build context rules that also include the sensitivity of the data. So I can go and say, all right, I have this super sensitive Coke can formula or whatever it is that I need to protect. So I'm going to make rules around this data that say you have to be coming from a corporate laptop, only logging in from the United States or, you know, whatever it is, Right? I'm going to be very restricted with this piece of data. But because my contextual policies know about the data access, I can then turn around and say, all right, for the rest of Office 365 I don't care so much. You want to come in from a personal computer? No problem. I'm going to control access where I might say based on the data sensitivity, you can only do these things or I might loads. Or I might redact social security numbers out when you're coming from a personal computer. But it really gives me that ability to say we are going to allow you to work from anywhere, from any device with the caveat that your access to data might be a little bit restricted when you're not coming from a company issued device. Hank Schless: Yeah. I think the one thing I'll I'll highlight here is going beyond that block allow piece the second the second bullet there in the in the benefits I think that's just again these days I think it's just so important just to be able to let people do what they need to do with the data they need. But but but nothing more. You want to be able to limit that in such a way that no one's getting stopped. But but you don't want to put yourself at risk. So that's always I just think that's like so, so critically important these days, especially with with data flowing everywhere.
Categories:
Channels:
  • Where Does Your Data Go? Data Loss Preventing and Stopping Data Exfiltration
News:
Events:
Tags:
  • lookout
Show more Show less

Browse videos

  • Related
  • Featured
  • By date
  • Most viewed
  • Top rated

            Video's comments: How To: Conduct a Risk Assessment Prior To Creating Data Usage Policies (w. Lookout)

            Upcoming Spotlight Events

            • Jul
              16

              How Privileged Access Really Works in Modern Windows Environments

              07/16/202501:00 PM ET
              • Jul
                29

                QR Codes Exposed: From Convenience to Cybersecurity Nightmare

                07/29/202501:00 PM ET
                More events

                Upcoming 360 View Events

                • Jul
                  24

                  360View: API Security & the Expanding Attack Surface

                  07/24/202512:00 PM ET
                  • Aug
                    21

                    360View: HCI, Cloud, and Virtualization: What’s Next?

                    08/21/202512:00 PM ET
                    • Sep
                      25

                      360View: Email Security & Social Engineering Defense

                      09/25/202512:00 PM ET
                      More events

                      Upcoming Industry Events

                      • Jul
                        10

                        NAM What’s New in Netwrix 1Secure for MSPs

                        07/10/202501:00 PM ET
                        • Jul
                          23

                          Enhancing API Security Testing: Identifying Vulnerabilities Ahead of Deployment

                          07/23/202501:00 PM ET
                          More events

                          Recent Industry Events

                          • Jun
                            26

                            Discover Wallarm's Innovative Approach to Safeguarding Modern APIs and Agentic AI

                            06/26/202501:00 PM ET
                            • Jun
                              25

                              Adapting to Emerging Threats: Strategies for Detection, Response, and Resilience

                              06/25/202501:00 PM ET
                              • Jun
                                04

                                Rubrik FORW>>RD

                                06/04/202501:00 PM ET
                                More events
                                Truth in IT
                                • Advertise
                                • About Us
                                • Terms of Service
                                • Privacy Policy
                                • Contact Us
                                • Be Our Guest
                                • Preference Management
                                Desktop version
                                Standard version