With growing demand from employees for their workplace to be flexible and allow them to work remotely, this is expected to coincide with a rise in cloud-based SaaS apps, so security teams are set to be struggling with maintaining a watchful eye over where company information has gone to.
A new whitepaper from security company Forcepoint has raised the question: as more corporate data moves out of sight and into SaaS-style cloud services – which are increasingly used to drive business agility and reduce costs – how do security teams maintain visibility on where corporate information is being used?
Forcepoint's “The 2017 State of Cyber-Security” report says, “Without this insight, people-based vulnerabilities destabilise even the most secure networks and greatly reduce the efficacy of cyber-security investments.”
SC asked how Forcepoint intends to do that – that is, how can you train machines to learn a human's intent? Ford unfortunately did not deliver on any concrete answer of how Forcepoint does this. Presumably he's trying to protect his own company IP.
But overall, Ford concluded by saying that we shouldn't be collecting more information, rather it should be better information which helps security teams make more informed decisions.
And it would appear he's on the right track: according to the Institute for Critical Infrastructure Technology, in 2015, “only 17 percent of security professionals were aware of an insider threat on their network, even though enough anomalous activity suggested that insider threats occurred in 85 percent of organisations”.