TOGETHER WITH

TOGETHER WITH

Don’t file away your backup plan

Don’t file away your backup plan

Data shows how security and productivity can thrive together

Data shows how security and productivity can thrive together

Do you know where your data is?

If that question makes you sweat, you’re not alone. The truth is there’s a pervasive gap between IT policy and practice across a plethora of organizations.

In the inaugural SANS Endpoint Data Survey, 169 security and IT professionals were asked where several types of their organization’s data exists and what they’re doing to keep it under lock and key.

While 62% of companies have policies prohibiting users from copying PII (personally identifiable information) onto endpoints (aka any device, including personally owned ones, through which a user accesses an organization’s networks, applications, or data), 80% of these orgs revealed their users were bringing said data onto their endpoints anyway.

Yep, 80% of organizations have sensitive data saved on employee devices (which is against policy) despite the best intentions of IT leaders at most organizations and trainings designed to protect this sensitive info.

So, how can companies strike the right balance and keep files secure, no matter how employees need to work? We teamed up with CrashPlan to highlight some key data and better understand what human error and the challenges of endpoint security look like—and how both can be solved simultaneously and automatically.

Two laptops side-by-side, one is on fire and its data is at risk, the other is protected with a smiley face visible. Illustration.
Two laptops side-by-side, one is on fire and its data is at risk, the other is protected with a smiley face visible. Illustration.
Two laptops side-by-side, one is on fire and its data is at risk, the other is protected with a smiley face visible. Illustration.

Backup a sec

Backup a sec

When high volumes of data exist on endpoints in business settings (like on a manager’s laptop or a junior exec’s email app), data may not be adequately protected. A majority of respondents to the SANS Endpoint Data Survey reported that sensitive data is stored on employee computers in the form of files:

File Storage Practices by Data Type

File Storage Practices by Data Type

Some PII stored as files

Some PII stored as files

74.0%

74.0%

Some IP data stored as files

Some IP data stored as files

77.9%

77.9%

Some financial data stored as files

Some financial data stored as files

66.7%

66.7%

Some financial data stored as files

Some financial data stored as files

72.8%

72.8%

Some other data stored as files

Some other data stored as files

63.2%

63.2%

On the flip side, enforcing company protocol or expecting users to remember to manually back up data can negatively impact employee productivity…or just be done improperly. According to the SANS Endpoint Data Survey, 30% of IT leaders say employees in their organizations break company backup policies every day. 54% of those IT leaders say policies make it harder for users to get their work done, and 66% say policies are too hard to enforce.

When companies don’t back up their users’ computers, they run the risk of data loss if something goes wrong with the computer (malware, hardware failure or loss, accidental or malicious deletion, etc.). This also creates operational, financial, legal, and reputational repercussions.

This problem is starting to feel like a game of Whac-A-Mole for businesses. 54.8% of SANS respondents say they have technical controls in place to prevent users from copying personally identifiable information to their computers, but 79.7% believe their users are doing it anyway. (Great.)

The stats are similar for intellectual property, financial data, and technical data. Only 6.5% of respondents believe their organizations’ endpoints are free of personally identifiable information.

A stylized cloud of data being tossed into a garbage can. Illustration
A stylized cloud of data being tossed into a garbage can. Illustration
A stylized cloud of data being tossed into a garbage can. Illustration

Risky business

Risky business

If bad actors (aka hackers of all sorts) get ahold of certain datasets, damage and deletion are all-too-real possibilities—not to mention that it could jeopardize a company’s reputation.

According to the survey, the risk most commonly associated with data damage or deletion was “operational.” It’s interesting to note that operational risks ranked higher than financial, compliance, reputational, strategic, and even legal risks for all data types (except financial).

Operational risk and impact can take many forms, including system downtime; lost employee productivity; the personnel required for incident response; the time and resources spent locating, restoring, or recreating lost or damaged data; and the involvement of teams (legal, compliance, and HR, for starters) outside of security. It’s basically the worst kind of domino effect.

In instances like these, lost productivity is inevitable, and risks are company-wide. Take a look:

Greatest Risk if Data is Damaged

Greatest Risk if Data is Deleted

Concern about operational impact is all the more understandable when you realize that the potentially damaged or deleted data is the exact info needed to maintain and restore technical services.

A laptop in a protective glass dome. The laptop's screen shows graphs and files representing data. Outside of the dome there are threats to the data protection. Illustration.
A laptop in a protective glass dome. The laptop's screen shows graphs and files representing data. Outside of the dome there are threats to the data protection. Illustration.
A laptop in a protective glass dome. The laptop's screen shows graphs and files representing data. Outside of the dome there are threats to the data protection. Illustration.

IT’s time for a solution

IT’s time for a solution

Another recent report, authored by TAG Infosphere found that 71% of CISOs wouldn’t be surprised by an endpoint data breach. After reading the above, it’s hard not to agree.

There needs to be a focus on closing the endpoint security gap. Company policies don’t seem to cut it, and cloud collaboration tools weren’t built for this kind of job.

Data resiliency starts with a solution like CrashPlan—backup that’s tailored to this sort of problem.

CrashPlan delivers an automatic endpoint backup solution that requires no action from the user. That’s right, nada. When employees work on files, those files are encrypted and backed up to the cloud every 15 minutes, so lost or damaged data can be restored quickly and easily by users.

And if there’s a breach of sensitive data due to ransomware, these backups provide viz into exactly what was breached, even if bad actors encrypt the data and hold it ransom. The best part? All data can be restored.

In short, human compliance is removed from the equation, creating a simplified and streamlined system. This addresses endpoint vulnerabilities and effectively alleviates IT headaches.

Want an example? TAG suggests its own model for a modern approach to endpoint security: MEAD (malware, EDR, analytics, and data). The MEAD framework puts an endpoint backup solution like CrashPlan at the center of the security stack, focusing on compact integration between CrashPlan and the organization’s other endpoint security tools (anti-malware, EDR, endpoint analytics products). Here’s what it looks like:

DATA ATTACK

APP ATTACK

DEVICE ATTACK

CORE ATTACK

MALWARE PROTECTION LAYER

EDR LAYER

ANALYTICS LAYER

DATA SECURITY LAYER

DATA ATTACK

APP ATTACK

DEVICE ATTACK

CORE ATTACK

MALWARE PROTECTION LAYER

EDR LAYER

ANALYTICS LAYER

DATA SECURITY LAYER

Pretty spiffy. Nothing quite like the sight of a protected and prepared system.

Data security 🤝 productivity

Data security 🤝 productivity

Endpoints shouldn’t be the end point of an IT pro’s peace of mind. A system like CrashPlan is built to uphold data protection without the need for user or policy implementation. It’s like your business’s safety net, always on the case and at work so you don’t have to be. See for yourself:

  • CrashPlan backs up over 260 petabytes of the world’s data on more than 1.5 million devices. 

  • CrashPlan users recover more than 25 billion files and 7 petabytes annually.

Endpoints shouldn’t be the end point of an IT pro’s peace of mind. A system like CrashPlan is built to uphold data protection without the need for user or policy implementation. It’s like your business’s safety net, always on the case and at work so you don’t have to be. See for yourself:

  • CrashPlan backs up over 260 petabytes of the world’s data on more than 1.5 million devices. 

  • CrashPlan users recover more than 25 billion files and 7 petabytes annually.

Productivity doesn’t have to be disrupted to uphold data security. Both can work hand in hand. That’s the beauty of a seamless system.

Productivity doesn’t have to be disrupted to uphold data security. Both can work hand in hand. That’s the beauty of a seamless system.

This paid content is produced in collaboration with CrashPlan

Illustration by Katie Scarlett Griffin

Copyright © 2024 Morning Brew. All rights reserved.

This paid content is produced in collaboration with CrashPlan

Illustration by Katie Scarlett Griffin

Copyright © 2024 Morning Brew. All rights reserved.