Earlier this week, tens of thousands of images from the Customs and Border Protection Agency (CBP) were stolen when a subcontractor transferred the images to their own network, which was subsequently hacked. In another recent third-party breach, Quest data affecting almost 12 million patients was compromised. In the Quest case, the breach occurred through the American Medical Collection Agency, a subcontractor of Optum360 who managed Quest’s revenue-cycle. Third-party breaches are not a new phenomenon. A decade ago, a phishing campaign targeting a contractor resulted in the export of F-35 plans to China.
Given the escalating frequency of third-party breaches, organizations must increasingly weigh the risk of sharing data with key partners against core business needs. In the current cyber threat environment, hoping partners will be able to prioritize security and adequately protect data from increasingly sophisticated threats is clearly an extremely high risk strategy. Losing data to breaches puts businesses at a competitive disadvantage, damages reputation, and can impact them in unforeseen ways.
Organizations can proactively mitigate third-party risks to their data while opening up greater collaboration and efficiencies across a range of partnerships by protecting data from inception. Virtru is helping organizations secure sensitive data as soon as it is created and provides continuing controls wherever the data travels. Full lifecycle data protection helps organizations mitigate risks from third-party breaches while enabling core business collaboration functions.
Data Protection that Travels with the Data
Virtru’s combination of ease of use and granular, customizable data protection helps organizations protect data, even after it leaves their networks. The Trusted Data Format (TDF) provides a data format and platform agnostic security wrapper, as well as access controls such as revocation and split key management. As a cryptographic wrapper, data protected with TDF maintains designated protections wherever the data is transmitted, while at rest and in motion.
With data protection that begins when the data is created, TDF also helps avoid the constraints of vendor lock-in. Some data protection requires organizations to remain within a specific platform or ecosystem; with Virtru, data access and controls travel with the data, across platforms, and regardless of data type. From images to documents to streaming data, Virtru’s customizable protections allow data owners to control who can access the data, while evolving those access privileges over time as partnerships, teams, or requirements evolve. Protection can start at data inception for any kind of data – from collaborative documents to data on sensor devices capturing time series data or other sensitive information.
Importantly, with the digital transformation movement toward zero-trust strategies, organizations are taking security postures that by default do not trust external entities to protect their data. This risk posture makes sense in theory given the threat landscape, but often the implementation hinders business opportunities and growth. However, by protecting data from the start, organizations can reap the benefits of a zero-trust approach while ensuring business continuity and partnerships.
Overcoming Failures of Trust
Study after study highlights how organizations increasingly don’t trust their partners to reasonably protect their data, and often institute mitigations that hinder business productivity and daily workflows.[bctt tweet=”Lack of trust doesn’t need to result in lack of sharing and collaboration.”]
A data-centric approach protects data regardless of location, unlocking the full power of data and thus can make data protection a force multiplier instead of a barrier to collaboration. As new incidents propagate throughout the news cycle, an organization’s ability to secure and protect data will increasingly become a competitive advantage and a business imperative. However, this will not happen through continued prioritization of perimeter mindsets or block and tackle strategies. Security must begin as soon as the data is created and travel with it wherever it goes.
Virtru is focused on data-centric protection, helping organizations across a range of industries secure their data while sharing it with confidence. From finance to healthcare to media to the defense sector, organizations have unique threat models and business requirements that require flexible, customizable data protection. This latest compromise of CBP affected roughly 100,000 people, yet again demonstrating the intersection of security and privacy compromises. By protecting data from the start, organizations can continue daily business operations while benefiting from greater security and privacy controls over their data.
At Virtru, we continue to help protect data wherever it is created and shared and will be revealing some exciting news later this summer. To learn more or to request a demo, please contact [email protected]