It’s been almost ten years since my last job change. I can still remember when I walked into the room to tell my boss that I was leaving my VAR engineer role to go to work for Tech Field Day. I was a bit nervous because I wasn’t sure how he would react. I knew him well and figured he’d be happy for me but I also worried that he’d decide that I needed to take my two weeks of notice and just leave on the spot. I’d seen that happen on a couple of occasions.
If you’ve only ever worked in an engineering role you probably think the idea of dismissing an employee as soon as they give notice is odd. Those two weeks are crucial for knowledge transfer and ensuring that things are read to transition to the next team. However, in a sales organization those two weeks are an opportunity for less scrupulous employees to make off with valuable assets. They aren’t going to take a laptop or a desk chair. They’re going to take things that are much more valuable, namely data. Customer lists, email archives, and even salary data are prime targets.
Have you ever wondered if that policy of sending employees home during their two weeks is effective? The employee has been working toward their departure for a while if they initiated it. Who is to say they don’t already have the data they want before they ever turn in their notice? How would you even know?
Doing DLP With Intelligence
One of the companies that is working to provide more visibility into situations like this is Concentric AI. I’ve talked to them in the past and I recently sat down with Karthik Krishnan to get an update on their platform. Karthik reiterated to me that their goal is to make data security easy for customers. Given the speed with which organizations are facing bigger security threats that’s a welcome opportunity.
During our discussion I asked him about Data Loss Prevention (DLP) scenarios. The Concentric platform allows you to intelligently identify data that contains personally identifiable information (PII) and secure it when it’s somewhere it’s not supposed to be. That could be a contract on a shared drive, which is unstructured data, or an unsecured database that could be exposed to attackers, which is a more structured type of data storage. No matter where the PII is being stored it’s a risk.
The power of Concentric is that it’s not looking at simple hash values. If I were the sneaky type I’d do something creative to avoid detection if I were going to take important data. Such as adding a value of three to every social security number I harvest. Or adding extra characters into the email addresses of customers that are easy to remove when I look at them later but defeat the strict scanning of typical DLP systems.
Concentric can see those changes and alert you when they happen. They can also see PII hiding inside of other unstructured documents to help prevent clever exfiltration attempts. If someone creates IncomingFaxes.xlsx and it’s populated with email addresses and social security numbers you can get an alert. You can then drill down into the other activity that the user has had for the last 30 days to see if other files were created or moved around. You can easily track file activity during the off-boarding process to see if your employees were trying to transfer their knowledge into the company or extra more of it for their own uses.
The power behind Concentric is context. DLP that just does pattern matching doesn’t know that specific kinds of PII appearing in the wrong places creates the potential for exposure. A list of numerical currency values is expected in a contract. However, a list of them appearing in a spreadsheet attached to employee names that is readable to the whole company instead of just the accounting department could violate labor laws. Concentric allows you to define the context and keep it updates as new data is classified as PII. You don’t even need to rescan when you make the updates. Concentric already knows what’s going on and will alert you when those changes mean new data needs to be acknowledge and dealt with.
Bringing It All Together
The part of the off-boarding process that sticks out most to me is the trust issues it creates. Employees that have otherwise been trusted members of the organization are suddenly under scrutiny for choosing to leave. That aura of distrust could even push an otherwise trustworthy employee to do something rash as a response to the way they’re treated. With the help of solutions like Concentric you can provide the trust that is missing. Employers can see that their departing employees are above board with their actions. Should the employee be tempted to abuse that trust relationship your security team will know right away. That kind of visibility ensures everyone parts ways happy and safe.
For more information about Concentric and their posture management platform, make sure to check out their website.
