Greater visibility into cloud data security is a good thing – unless a report tells you that your business is at risk due to vulnerable FDA prescription drug data, but you don’t have any. What’s worse than a scary alert about data risk? When that alert is >50% wrong!
That’s what happened to us when we followed up on a notification from Google Workspace about its new Drive DLP data protection insights, available to certain Business and Enterprise accounts. This quarterly report is supposed to list files containing sensitive data types stored in the cloud Google Workspace (formerly known as G Suite) application and are accessible to the entire world. That objective is great! Who wouldn’t want to know when sensitive data is incorrectly shared with the entire world. However, as we dug deeper we became concerned about the approach and the accuracy of these results. What initially caught our eye is that Google analysis shows that 34% of our company’s sensitive data has been shared outside our organization, as well as curiosity about why we were getting flagged for at-risk prescription data.
As we investigated Google’s findings, we drew the conclusions listed below. In short, Google took a strong step forward to raise awareness about this urgent data security risk. Innovation and growth are great, but this solution is not ready for the vast majority of businesses that desperately need assistance in this very space. If you received the email from Google introducing the DLP data protection insights report and want to learn more about our experience, see the summary below and watch our video.
In this video, Michael will give you a sneak peak into the new Drive DLP Data Protection Insights services provided by Google today.
Looking at the types of data stored in the cloud and shared with
people outside your organization is an eye-opener for many
companies. Moreover, when you consider that Google Docs, Sheets,
and Slides gives you the ability to name other people as editors
who can then share it with other people, you begin to realize
how easy loss of personally identifiable information, health
data, account numbers, or any sensitive data can be. Google’s
quarterly report is a laudable attempt to increase visibility of
the problem; however, it is also succumbing to the classic
challenges of data protection solutions - massive false
positives and lack of workflows for businesses to easily act on
these alerts (no, automatic blocking of a highly false positive
alert is not a reasonable workflow for any business).
It took some time to figure out how to set up rules and then go
through the hundreds of alerts they produced when deployed in a
small company. The solution does provide additional insight, but
at a cost. Because of poor accuracy and a large number of
alerts, security teams would need to integrate the alerts into
SOC workflows using considerable amounts of human time for
individual investigation and response. Businesses with IT
security staff may have the resources to make checking the DLP
data protection insights report into their workflows, but this
is a non-starter for smaller companies that can’t invest in
numerous human analysts or customer security engineering
cycles.
Depending on how an organization sets up its rules, the tools can return numerous false positives, alerting their team to incidents that really aren’t putting sensitive data at risk. This is most easily seen from the sample report provided by Google itself. Using our own systems as an example, we received numerous alerts for prescription drug data - something we don’t have in our GSuite instance at all. In addition to taking more time than necessary to manage data protection, false positives will eventually lead to alert fatigue, which causes people to ignore alerts. The last thing we need is an inaccurate system flooding us with alerts that are wrong - or worse, deployment in auto blocking mode that results in disruptions to business operations across the company!
Fill in some contact info below or schedule a meeting so we can reach out to provide more details on how Altitude Networks can protect you from data loss in the cloud.