How do you handle coworkers exfiltrating customer data to unmanaged, unsecured third-party SaaS products? For a long time, I thought the best solution was to just try to provide IT-sanctioned first-party tools, but that appears to not work — any reasonably-sized employee base will want more tools than an IT team can possibly set up and manage.

Follow

@TheGibson Assume you're forbidden from taking any punitive action by your management and executive team... Competent moderately technical types can bypass any DLP...

@roguelazer

You have to have high level champions. If you are not supported by management, you cannot ensure confidentiality, Integrity, and availability.

If they won’t help with Security &Awareness training, and by enforcing organizational policy, you ultimately have no way to stop anything an internal threat wants to do.

@TheGibson I guess what I'm looking for is some way to make people not want to exfiltrate data. What I'm doing now is playing whack-a-mole and shutting down one avenue as fast as new ones pop up, which is exhausting.

@TheGibson If by "a cloud provider" you mean "a few dozen dozen different SaaS and PaaS providers that different things use"

@roguelazer

I mean a common and accepted cloud storage solution.

Designate one.

They use something else, what then?

@roguelazer

What I’m getting at is that IT can’t solve HR problems.

@TheGibson I'm just stuck at how to do it without having the ability to punish people for bypassing policies & controls. The only things I know to do are make good things easier and bad things harder...

@roguelazer

And that is the approach you’ll have to take without at least a champion in leadership, and effective training.

This is an HR issue. Someone in upper management needs to own it.

@roguelazer

Or setup a private cloud?

Ultimately you’ll still have leaks without upper level support.

I’ve been in this boat before.

Sign in to participate in the conversation
Mastodon for Tech Folks

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!