In a world of ever-evolving threats, organizations must be able to protect data regardless of where it travels while enabling collaboration and information sharing, so people can get work done. To react to today’s problems and proactively anticipate tomorrow’s, it takes a whole new set of rules, especially as more businesses push data into public clouds.
My TechDecisions sat down with GRA Quantum’s Chief Information Security Officer Antonio Garcia to learn more about the portfolio of cybersecurity services the company offers, how they achieved greater control and visibility over their own public cloud deployment with data loss and response platforms, and why it’s important for them to try their partners’ software solutions before they sell them to customers.
TD: What are some of the biggest concerns your customers are facing in today’s business environment?
Antonio: The causes for today’s security threats involve people as much as the digital and physical limits of software solutions. Right now, businesses are in the midst of a significant shift as more organizations move critical data into public clouds to reap the many benefits of data loss detection and response platforms.
The downside to this rapid shift is that documents containing sensitive information are moving to the cloud faster than businesses can protect them.
This puts organizations at greater risk. Users are not following security policies or paying attention to the potential security dangers of sharing data from a public cloud. This is causing some anxiety for the security and risk professionals charged with protecting data and keeping companies in compliance with data privacy regulations.
They’re well aware that once files are downloaded from a public cloud and forwarded to outside users, they have lost the ability to protect that information from unsanctioned users.
TD: Could you tell us more about GRA Quantum? Who are your customers and how do you help them?
Antonio: GRA Quantum helps small firms facing big threats build and implement tailored cybersecurity programs that protect their business and reputation.
We offer managed security services and an array of professional services, including penetration testing, security risk assessments, incident response, insider threat planning, security awareness training.
TD: How do you select which technology vendors will be part of your portfolio of solutions?
Antonio: As a provider of cybersecurity services, GRA Quantum takes the trust of its customers and their security infrastructure very seriously. These things go hand-in-hand when it comes to selecting technology to use and sell.
A majority of the technology solutions we sell to our clients are the same ones we use and rely on to protect our business. We wouldn’t promote or endorse anything we hadn’t used or weren’t completely confident in.
TD: Can you give us an example of a solution you used that you now recommend to your clients?
Antonio: Our team was in need of additional visibility and control over documents stored in our Microsoft OneDrive deployment across our global GRA offices.
We started using the Allure Security, a data loss detection and response platform, internally.
In a short amount of time, it gave us a greater understanding of OneDrive use in various locations. We were able to monitor document access, in real time, and know where and when documents were being downloaded and shared.
We gained a lot more visibility into user and file activities, and can better inform our data loss responses based on Allure’s unique document and geolocation indicators.
TD: Why is this important to know?
Antonio: For global organizations like ours, it is becoming increasingly vital to have more control over where data travels due to data privacy regulations such as GDPR and others.
It’s also just good business to add more controls around data stored in public clouds. Having more context around where and how documents are being shared allows us to establish a baseline of normal behavior within our OneDrive deployment.
We can then monitor and measure against that baseline, so when unusual behavior is detected, we can drill down into that and determine if there’s a risk of data loss.
For example, with the ability to know when large volumes of files are being downloaded, by whom, and where these documents are being sent, we can determine whether a data breach has occurred or it’s just a matter of a user needing these files to do their work.
TD: Is “alert fatigue” or information overload ever a concern when using solutions like this?
Antonio: With the Allure data loss and response platforms, we were able to configure data loss risk monitoring based on specific criteria. Our deployment is set up to only issue alerts whenever a document was accessed in a location or region where GRA Quantum has no office.
For other regions, we only receive alerts when an attempt to access a document falls outside of our company security policy.
Using these criteria, the team rarely receives false positive alerts, but even in these cases, they are not a waste of time to investigate. For example, we received an alert that a GRA administrative assistant who was working in the United States opened a file in the Philippines.
Read Next: Data Breach Incident Response Plan: 6 Essential Steps
We don’t have an office there, so once we saw the alert about this potentially unusual activity, we made a few calls and learned that this individual user had utilized a VPN with an IP address in the Philippines to access the file. It was reassuring to know that Allure was able to detect the activity, and it gave us peace of mind to be able to quickly determine that this wasn’t an attack.
TD: How does this solution differ from other security tools that you rely on?
Antonio: Anyone who manages or secures a OneDrive cloud instance is familiar with something called a cloud activity log. Security operations teams comb through these logs and look for any suspicious user behavior, but the difference is that Allure is able to flag and escalate any unusual activity ahead of time.
In the example I talked about earlier involving the VPN in the Philippines, our Managed Security Services Director actually checked for this activity in our raw Microsoft logs, and found that the event was incredibly difficult to locate. Allure was able to alert us to activity that would have otherwise been buried.
TD: Aside from the effectiveness and usability of a software solution, what are some other factors that help GRA Quantum when evaluating partner vendors?
Antonio: Once we have personally experienced the benefits of using a data loss and response platforms solution, we look at other deciding factors, such as the responsiveness of the vendor. What kind of support can they provide after the sale?
In this case, Allure’s detection and response technology inspired us to become a partner and now, we resell it to our clients. In addition to having great technology, Allure is also a true partner. They are receptive to our product feedback.
They listen to our needs and ideas, and are incorporating some of our suggestions directly into the product. In my view, our sales and support team can better position solutions than some of our competitors because everything we sell has gone through our own internal review.
It gives us the confidence to stand behind our data loss and response platforms recommendations to clients, because we are customers, too.
[…] Q&A: An Opinion on Data Loss Detection and Response Platforms TechDecisions […]