In today's Whiteboard Wednesday, Lital Asher-Dotan, Product Marketing Manager for UserInsight at Rapid7, will discuss the topic, "Do Disgruntled Ex-Employees Access Company Data After They're Gone?" Lital explains the complexity of managing ex-employees accounts outside of the network across cloud services.
Wouldn't it be very helpful to your security team to understand what cloud services your employees are using and how much data they are uploading and downloading from these services? What would you think if you saw a large file being downloaded from Salesforce on the day or even the week of an employee's termination at the company? Or maybe you saw a full back-up of a company-issued computer took place using Carbonite? Could they be downloading private company data and planning on using it when they leave? When we talked to our customers they explained a need for a security tool that allows them to extend their network visibility to include cloud and mobile environments so they can see the full picture from a security standpoint.
Our newest tool, UserInsight, allows you to monitor suspicious behavior like this across your network, cloud, and mobile environments giving you quick insights around what services your employees use and automatically alerts you, in real time, when suspicious activities takes place. If this is something that interests you, you can learn more about UserInsight here and take advantage of a free trial.
Read Video Transcript
Hello and welcome to Whiteboard Wednesday. My name is Lital and I am the Product Marketing Manager for User Insight, and today our topic will be: “do disgruntled ex-employees access data after they're gone?” Well, developing userinsight and talking to many of our customer we find out that they lack visibility to critical aspects of today's business world. They don't get much visibility into cloud and mobile device and you know what? This is specifically a problem when you are worried about employees leaving the company and some data exfiltrated into the cloud. So, this is what our topic is going to be today.
You know what? In the past, getting control over your network and knowing what is going on and being able to turn off employees as they leave was quite an easy thing. You were protected behind the firewall. You knew the limits of your network. You knew the amount of services and software that people have permission to touch and you would be able to dismiss them easily by just turning off, shutting down the accounts. Well, with today's environment where people move so many cloud services to make them so much more productive, that's great for the business but it puts you at risk.
That's because you just don't know what cloud services people are using. Well, a person from sales would decide that he needs some nice infographics to use in his next sales pitch. He may just put some data on the cloud service that he just signed up for a 30 days trial of, put the data, send it to them never knowing if he would ever be able to retrieve the data. Never knowing what would happen if this cloud service is being breached and you know what? The data will be there and you will not have visibility, not being able to know that it went there.
In many cases also the corporate services that you may provide like Sales Force, like Vox or Google Ops, even in that case IT and security many of the cases don't have control over the accounts because they would be owned by the business unit like Sales Force being handled by sales or some HR cloud services that will be handled by HR. If that's the case, what happens if John Smith is being dismissed tomorrow, what do you do with his cloud services and the accounts that he uses over the cloud. Would you be able to easily turn it off making sure that you have a good policy? I'm sure that you would be fast able to turning off from active sayings from active directory, but do you really make sure that the guys in sales that are in control of Sales Force turn him off immediately when you dismiss him. Otherwise, he can go on, log in from his personal laptop or his iPad, get into Sales Force, download tons of documents and be able to take it with him when going to his next employer.
With that, many of our customers also wanted to know what happens the hour before John leaves the company. Does it drop a bunch of data into Dropbox probably putting some confidential data at risk? Does he use Carbonite to just back up all his machines putting you in real danger of data exfiltration? We believe that without having those tools that give you visibility and without setting the right controls, using the cloud may put you at risk especially in those moments when you have this angry employee that could take your data away from you. Thank you. I hope you enjoyed my session and I hope to see you next week.