Modern Data Security Still Needs (a Different Type of) DLP
No one ever forgets about the bank vault stuffed with valuables. How could they? It's a massive and an existential risk. You empty the vault; you end the bank. When it comes to data security, our data lakes and production data are a respectable analogy. The vital essence of an organization is typically found there. If it's hacked, it's excruciating if not fatal.
But how often does a bank heist actually happen? The latest FBI stats come in a little less than 2,000 a year. In comparison, run-of-the-mill car theft came in at ~253,000 instances in the same time period. If a data lake hack is the equivalent of a bank heist, the typical data leaks that happen through SaaS applications are automobile theft equivalent. Typically, it is not as disastrous, but it is much more frequent and always painful.
The reality is that organizations face data risks, both big and small, daily. And never has the value of our data been more apparent. We've heard loud and clear that no one wants to use different solutions for different cloud services— we want a single place to understand and protect our sensitive data. So today, we're announcing Open Raven's expansion into SaaS services, starting with Google Workspace, bringing an organization's most critical data across IaaS, PaaS, and now SaaS into visibility and control.
While so much of our early work was driven by our own pain, this effort came from overwhelming demand from customers and prospects. What were they saying? It sounded like this:
"Can you just do for me what you did in AWS? I have no idea what's in Google Drive."
"It's a dumpster fire. A pile of 'known unknowns and native tools don't give us either the visibility or control that we need."
"There's no way to offboard people or partners without a lot of work."
"We have many controls and a team of SREs to protect our cloud platform. For Google Drive, we have MFA. That's it."
The feedback was overwhelming. So we began quickly by working through the connectivity, drive enumeration, nuances with scanning "native" files, and so on. We quickly discovered several things:
- Not a copy and paste: While much of the capabilities remain the same, from object enumeration to data classification followed by policies and rules, just about everything else is different. The policies? They have to do with oversharing, retention, and insider risk. The use cases? Investigations, offboarding, data labeling, and what generally looks a lot like DLP. This clearly was not a "connect it and scan" sort of problem. It required much more than that.
- Google Drive has some "personality": To put it kindly, there is a non-trivial amount of unique work that has to be done in order to ascend Mount Google Drive and plant the "Complete!" flag on top. Native file formats must be converted. Archives require special handling. New rules are needed. And so on.
- The fix is different: When closing the loop inside IaaS and PaaS, it's often off-limits to change the data. Remediation includes resource tagging, Jira tickets, and occasional configuration changes. Not so with SaaS, where directly labeling data, revoking access, and other more "aggressive" changes are not only desired but necessary. In bulk. And automated according to policy.
- Native Google security controls are insufficient: Largely, the controls provided are basic and don't satisfy complex Enterprise security needs.
With the SaaS DLP capabilities of the Open Raven Data Security Platform production and corporate security teams can now use a single solution to secure sensitive IaaS, PaaS, and SaaS data with unified Data Security Posture Management (DSPM), Data Loss Prevention (DLP), and Data Detection and Response (DDR). We focused on the following use cases when building this new platform module:
- Automated data inventory and classification - As the saying goes, you can't manage what you can't see. Open Raven now provides comprehensive visibility into all files sitting in personal (MyDrive) and Shared Drives, classifying their contents using freshly expanded data classes (e.g., personal information, developer secrets, financial information, etc.) so that sensitive data is visible, automatically, available for privacy automation, etc. Much like scanning petabytes of IaaS data, our platform can efficiently inventory and classify the massive amounts of historical data sitting in Google Drive and new data as it is generated.
- Sharing risk assessment and response - Everyone has overshared sensitive files. Almost no one can manage the risk given the current tooling available. Open Raven's SaaS DLP solves this longstanding problem with both historical and ongoing analysis of files using a combination of data classification and rules-based policies to find and resolve situations where files have been shared excessively internally and externally.
- Offboarding people and partners - While it's far too easy to share a sensitive file, it's simply too hard to completely remove access for both former employees and partners. Even if their access to their "official" email addresses is revoked, what about their personal email addresses? What happened during the critical period before their access was revoked? Open Raven's new offboarding features aim to make it point-and-click simple to revoke all access for a person or a partner.
- Investigations - People can do desperate things in challenging times such as now. This includes doing things that expose an entire organization to critical risk, whether taking intellectual property for personal use or sharing secrets with competitors. Obtaining a clear picture of events such as these have been painstaking for Google Drive and other services. Our new investigation features streamline the work required to detect and manage insider risk.
We've been working with design partners since this Summer and could not be more pleased with the results.
"Native tools and scripts lack scalability and sufficient sensitive data context to address the risks associated with Google Drive external data sharing," said Orum Vice President of Security and Compliance Officer Rolland Miller. "With the SaaS DLP capabilities of the Open Raven Data Security Platform, we now have the necessary visibility and control over sensitive data access within and beyond the company's boundaries."
I know what you're thinking... "Why not OneDrive! What about XYZ service?" While we could have covered more services, our ethos is to "go deep" and ensure we nail the use cases. Competitive approaches typically cast as wide a net as possible by doing a small amount for as many services as possible. Ours is to make certain we do the job the customer hired us to do. While others stop at identifying sensitive data, we don't think that's nearly enough. It has to be easy to get your job done, and that means providing the capabilities to automate the top use cases. If you're concerned about managing data risk in Google Drive, we'd love to set your mind at ease and put you back in control of your data.