Tech/Engineering

Managing data privacy during the new normal

May 6, 2020 Sahil Goyal, Senior Product Manager

Until last year, working remotely would be a privilege only a few employers would extend to their employees. While a large number of global employees were working from home at least once a week, the concept of full-time work from home was still rare.

Recent developments have forced lockdowns and shelter-in-place orders in many parts of the world. With that, the full-time “work from home” model has become the new normal for most employers around the world. The enforcement of this new normal has blurred the traditional parameters that would help distinguish work and home environments. For a lot of businesses, this is an unknown situation to be in and something they were not prepared for.

Venturing beyond the wall

Organizations have spent millions of dollars building a layer of security around their enterprise. Inside this wall, operations are managed and controlled like a clockwork. There are mechanisms, processes, and tools in place to ensure that personal, network, infrastructure, applications, and sensitive information is managed, protected, and is continuously monitored. With employees working remotely full time, this exposes an organization to a completely new set of challenges.

Employees working from home continuously accessing sensitive information including personal data, company confidential, and intellectual property over “unsecured” networks and endpoints. In addition, employees often take risky shortcuts like copying data onto personal thumbnail drives or cloud accounts, misuse of personal emails and social media accounts for work-related tasks, saving passwords on personal browsers, and downloading data onto personal devices. Finally, they are often doing all of this work over public or consumer-grade internet which does not have the desired level of security controls in place.

This exposes the organization to data breaches and thefts they never planned for. resulting in business loss, regulatory compliance fines and related lawsuits, and damage to reputation. As per a report published by CipherCloud, there has already been a spike in HIPAA related breaches in March 2020.

Protecting your sensitive data

The work-from-home situation will not be going away any time soon. It is important that employers extend the same security posture they had for the enterprise to employees working at home. Here are some best practices to keep in mind:

Security awareness: Ensure your employees are well informed and trained when it comes to security protocols, phishing scams, password security, and data protection.

Physical security: Employees should not be using personal devices for work and work devices for personal work. Make sure work devices are continuously patched and have the latest software versions installed.

Network security: Allow access to work-related applications, hosts, and information via a secure virtual private network. Prohibit work devices from connecting to public wifi.

Access control: Implement Multifactor Authentication and a strong password policy. Restrict data access and download of sensitive and critical information.

Data security and compliance: Have your employees backup all of their critical data to the cloud. Make sure data on all work devices is continuously monitored for sensitive and critical information.

Sensitive data compliance with Druva

Druva inSync protects employee data on endpoints and SaaS applications by backing up their data to the cloud. Both desktop administrators and employees themselves can define what critical data needs to be backed up, although administrator settings take precedence to ensure compliance with corporate policies. While data backed up on the cloud is available instantly in case of data loss, Druva also helps you manage your sensitive data compliance.

With data visibility and compliance in mind, proactive compliance service scans all your end-user data sources to give you visibility into any internal or regulatory data compliance breaches in a centralized manner. Druva’s compliance service allows you to track, monitor, and act upon data compliance breaches across all your physical and cloud data sources within a few hours of when they first appear in your environment.

Druva provides predefined sensitive data templates and sensitive data rules to manage geo-specific data compliance like GDPR, HIPAA, and CCPA. Additionally, our free text and pattern-matching engines allow you control and flexibility to tune the data scans to quickly identify corporate sensitive data and intellectual property sitting on work laptops and cloud applications.

Once identified, the sensitive data that is in breach of internal or external regulatory policy — can be instantly quarantined or deleted thus ensuring appropriate risk mitigation. Our lightweight, continuous, and 100% automated compliance scanning capabilities ensure you get visibility into your data with minimal effort at no added infrastructure cost.

Next steps

With data being stored and accessed from various physical and cloud data sources, Druva compliance gives you the control and visibility you need during the new normal without compromising on data security and privacy.

Learn how Druva is providing proactive compliance for your end-user data.

Ready to get started? Sign up for a free trial today.