Endpoint security is a huge issue in data protection, and a forefront concern for many IT and security teams. But for most employees, security can be an afterthought.
Arif Khan, VP, Solution Engineer at PKWARE deep-dived into the topic in his keynote at PrivSec Global today, advising on how organisations can find that critical balance between security and data usability.
“Users on desktops and laptops on endpoints don’t care who owns the data; if it’s sensitive or not, or who has access to it. They do care, however, about who they’re sending the data to and where it’s stored.
“User behaviour is problematic, 80% of files stored on endpoints are used for less than 30 days and maybe never accessed again.
“The tricky part is that you don’t know where the sensitive data is. General practice is to detect where those sensitive items may be, scan endpoints and laptops and fileshares, and make sure only specific users and groups are able to access and consume that data. Once you start looking at the heat-map of where that sensitive data is, you can start protecting.
“There are many data protection solutions out there, allowing us to minimse risk but while also reducing the cost through automation – automatically picking up where sensitive data is, and automatically remediate specific sensitive data. It should not matter where the data is residing or which file type the data is residing in.
“Regardless of the endpoint, it needs to be picked up and remediated automatically so that the organisation does not have to worry about someone doing that action. Endpoint protection has to be policy-driven, whether it’s generic or a customized policy relating directly to the firm’s use-cases.”
Touching upon how solutions can share protected files outside of the organisation, Arif said:
“Data might also need to be shared with partners and customers. Generally, when you protect the data on the endpoint, there are certain keys that can be used to decrypt the data if that data is encrypted. When you share a protected file, you have the option to share that encryption certificate.
“Free readers can also be provided to partners and customers, thereby sharing the key automatically and enabling the receiver of the data to read the data being shared.”