Gatekeeping data: protecting ourselves against the ‘bad leaver’

In the age of the ‘great resignation’ the influx and outflow of data requires further monitoring without losing the trust of goodwill leavers. How can you protect your data from taking off too?

We still find ourselves in the midst of the ‘great resignation’, where we have individuals shifting jobs at an unprecedented rate following the pandemic — making the risk of leavers taking information from previous employers far greater than ever before.

Stealing something physical is easy to detect and prove — walking out with a company phone or laptop after handing in your notice isn’t subtle. What isn’t always thought about, or appropriately protected against, is the download of proprietary data and the carefully curated work of your organisations, which other businesses could subsequently take advantage of.

There’s always a trace

When anything is done across your organisation, evidence of that activity is typically retained. The best place to find it is within the log files distributed across your infrastructure. Databases usually have some kind of auditing mechanism to ensure any addition, deletion, amendment, or download is recorded. If this is not the case, you can turn to network data. Looking at this at a user level can provide an indication on how much is being downloaded, by whom and when.

These are great tools of auditing something which has already happened, but it doesn’t stop the ship from sailing. If prevention is better than cure, the question remains, what can be done to stop it?

So, what’s the best path forward?

As soon as a leaver is identified, it’s possible to revoke access to company systems, although this type of solution can have a negative impact on the business. This is especially the case where a smooth information handover is required for other resources, and business continuity within that team or division. In addition, not all leavers are bad leavers. It’s quite easy to impact the goodwill built up over years across the employer-employee relationship, and jeopardise a productive future, if the leaver immediately feels cut off and isolated.

Our AI solutions need to account for behaviour & context to protect against threats both inside & out

This is the perfect problem for artificial intelligence (AI) to solve; monitoring the behaviour of users across the environment in a non-intrusive manner to ensure that no one is downloading data as they leave is well within its capability. We need to be careful with current AI systems, as those that have already learned on existing behaviour may not be able to identify this. If leavers are already taking information with them, the AI will have learned from this, and associate it with ‘normal’ behaviour. This is a key pitfall with many of the products being deployed across the marketplace.

What’s more, many of the existing solutions can be gamed. Consistent downloads of data, spread out over a lengthy time period, would allow a bad leaver to slip through the cracks. To the AI, this would look like the user operating normally in their day-to-day role.

This means our AI solutions cannot operate alone, and need to be more robust, accounting for not just behaviour, but context as well. We need to consider behaviour as a whole, as opposed to a set of isolated events, and ensure that our AI vendors have trained their solutions to consider such context.

If we can get that right, the ‘big exit’ of personnel need not also be the big exit of data and intellectual property as well.

Originally featured in the Evening Standard

Previous
Previous

A house of cards: securing digital connections across organisations

Next
Next

Software Supply Chain: The problem with outsourcing everything