Detects report exports to untrusted personal devices when employees depart organizations
Code42, the Insider Risk Management leader, launched a data exfiltration detector in the Code42 Incydr product that detects when reports are exported from an organization’s Salesforce instance to an untrusted destination. This first-of-its-kind offering solves the risk tied to high turnover in sales personnel combined with access to valuable customer, prospect, pricing and pipeline data. The exfiltration detector uses Code42’s Trust capability to alert security teams when Salesforce data moves to the unmanaged personal laptops or mobile devices of malicious, negligent or careless insiders, and doesn’t block employee productivity or impede collaboration.
“With our exfiltration detector, security can protect data that is at risk of being downloaded to unmanaged devices without drowning in alerts for every single movement of data, including those that are for legitimate work purposes and to monitored corporate devices.”
In a recent survey by Code42 and Pulse Research, a mere one in five security leaders are very confident that they have visibility to employees downloading Salesforce data to personal devices. When employees access, create and export cloud-based Salesforce reports to unmanaged devices – even for legitimate business purposes – confidential data is open to potential exposure and risk. That is because endpoint- and network-based security products cannot detect when data exfiltration happens from cloud-based applications, like Salesforce, via non-corporate devices.
Top iTechnology Networking News: Triumph Bancorp Appoints Renee Galitis as Chief Information Officer
“Our data shows that about two-thirds of employees take critical information with them when they leave to go to a new company. More times than not, they’re leaving for a direct competitor,” said Joe Payne, Code42 president and CEO. “Taking data often is as easy as downloading a report from Salesforce to a personal device. Finally with this new product capability, companies can protect their sales data without blocking employees from getting their jobs done, something that is critical to keep our sales teams productive and growing the business.”
Prioritize data governance of sales data in Salesforce
Security leaders agree that the data housed in Salesforce, if leaked, would open their company to a variety of risks. They also need to provide their security teams with tools that drive efficiency, not increase alert fatigue. In the same Pulse survey, 39% of security leaders ranked customer lists as the data they were most concerned about falling into the wrong hands, closely followed by target account lists (37%).
Top iTechnology Cloud News: Akash Network and Polygon Join Forces to Onboard Thousands of Dapps to 8.4m Strong Distributed Cloud Hosting Network
To help organizations prioritize the governance of their Salesforce data, the new Code42 Incydr exfiltration detector increases visibility into Salesforce and:
- Detects exfiltration by monitoring organizations’ Salesforce application using an API-based integration, meaning it doesn’t require network layer technology that security teams must deploy and manage.
- Is built using Code42’s unique Trust capability. It automatically distinguishes when files go to untrusted personal devices versus managed or trusted corporate devices, alerting security to investigate only when an exported report is downloaded to a device that is not monitored. It helps stop high-value customer and pricing data from leaking out of their organizations, mitigates fallout from leaked sales and customer data, and decreases alert fatigue.
- Highlights critical activity and file movement and gives security teams the context they need to act appropriately. Incydr offers a wide range of response controls that ensure organizations take a right-sized response – in line with their organization’s unique risk tolerance – to contain, resolve and educate when insider risk events are detected.
“The download permissions for Salesforce reports are all or nothing, so it is difficult for security teams to control data loss,” said Dave Capuano, vice president of product for Code42. “With our exfiltration detector, security can protect data that is at risk of being downloaded to unmanaged devices without drowning in alerts for every single movement of data, including those that are for legitimate work purposes and to monitored corporate devices.”
Top iTechnology Networking News: Nokia Upgrades Guadalajara 5G Lab to Test New Use Cases
[To share your insights with us, please write to sghosh@martechseries.com]
