April 22, 2025 • 19 mins
"DLP is not just a tool that we have. It's also the ongoing education that we have for our employees to further minimize the occurrences of data mismanagement."
Having strong Data Loss Protection (DLP) systems stops bad actors while also protecting employees from making accidental mistakes too. Every day, we put trust in the secure flow of health data. However, no matter what safeguards are in place, human error is one of the most common causes of data loss in companies. Security engineer, Zak Cowan, joins to share why data loss protection, or data leak protection, is paramount for a company like Redox.
The everyday person may think about DLP as a way of securing photos and contacts. However, there is a lot more data that comes in and out of a corporate system. To those companies, data loss protection, or DLP, covers critical information such as social security numbers, bank account numbers, and particularly for a company in our space, health information. DLP protects companies from this sensitive information making its way out of their secure ecosystem and into potentially harmful hands.
DLP is much more than stopping cybercriminals; it’s about creating guardrails for our whole team, preventing unintentional mistakes that can expose sensitive info, especially as so many of us work remotely or on the go.
It’s not just the big bad outsiders we have to watch for. The majority of data leaks happen because of honest errors by well-meaning team members. That’s where DLP tools shine. By monitoring endpoints and cloud apps, we add invisible safety nets without grinding productivity to a halt. Education is equally critical. The best DLP solution works hand-in-hand with ongoing security training, offering helpful nudges right when someone needs them.
As technology races ahead, especially with the rise of AI, our strategies can’t remain static. Zak urges us to stay curious and agile, integrating DLP solutions that evolve as new threats, tools, and workflows emerge. AI brings both risk and opportunity, so our policies and education need to keep pace, making sure every Redoxer knows what’s ok (and what’s not) when it comes to handling data.
Protecting sensitive information is like having a dedication to locking the digital doors while also making sure we haven’t accidentally left a window open. At Redox, keeping health data secure is a team sport. By blending the right tools, targeted education, and a healthy dose of vigilance, we’re collectively shutting the back door one proactive step at a time.
00:52 Corporate Data Loss Protection
03:24 Remote Work DLP Challenges
07:18 Security Education Needs Technical Support
11:12 Alert System Enhances User Awareness
14:35 AI's Impact on Data Security
17:31 Unexpected Innovations Challenge Policy Adaptation
Resources
Have feedback or a topic suggestion? Submit it using this linked form.
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
(00:03):
Welcome to shut the back door brought to you by redox. Shut
the back door is a health care security podcast dedicated
to keeping health data safe one episode at a time. I'm
your host, Jody Mayberry, and with me, you probably
expect by now is Megan McLeod, senior security
engineer with Redux. Hello, Megan. Hi, Jody. It's nice to be here
(00:25):
again. And it's great to have you with us. And Megan
has invited Zach Cowan, a security engineer at
Redux, to join us. Hi, Zach. Hi, Jody. Megan. Thanks
for having me. Well, Zach is here so we can talk
about data loss protection.
And, Zach, for me, that's just about making sure all my
(00:47):
photos are backed up because I take so many photos. That's pretty much what data
loss is. Right? You know, for most people, that's probably as
far as their concerns go. Right? Their photos and personal things. But
for a company, data loss protection or data
leak protection covers a whole lot more than just
that. When you think about all the data that comes in and out of a
(01:09):
corporate system, like social security numbers, bank account
numbers, and particularly for a company in our space, health
information, DLP, like we call it, data loss protection,
protects companies from this sensitive information kind of making its
way out of their secure ecosystem and into
potentially harmful hands. And when you're talking about data
(01:31):
loss protection and the individuals, are
you thinking more bad actors, or is there kind of,
like, you're thinking about the people just at the company in
general? We definitely worry about bad actors, but that's
not just what data loss protection is for. Of
course, we wanna prevent those cases, but we also wanna protect our employees
(01:54):
from themselves. Right? And one of the most common causes of
data loss in the corporate world is human error or data mismanagement.
So having a system in place that protects our employees from that is
also a point of DLP. Yeah. That's another common thread in
security is, like you said, protecting employees from themselves. I
think people listening will notice that there is that theme across
(02:16):
multiple episodes, like when we talked about in phishing that it's not
necessarily the people intending to do bad. It's more
the unintentional that happens so often.
That's a good tie in, Megan, because we saw that in phishing. I think
we've we've seen it in some other ways. Like, when someone
leaves the company, they may not intend to do anything that
(02:38):
causes a data leak, but maybe they still have their password. They
get curious. You talked about that in that episode. So it is
interesting to think about this, that it it is not
bad actors. It's just sometimes things happen. People aren't paying
attention. But what I'm curious about, we now at Redox
have every time we've brought someone else on to
(03:01):
join us, you're from a different part of the country. We've
got people from Redox are all over, and that's really common
now to have hybrid remote in person
companies. With so many people working remotely
and hybrid, how can you successfully
implement the SEC where you protect against data
(03:23):
loss? So being remote or or hybrid
definitely provides its own unique set of challenges. Traditional
DLP solutions give you an ability to control
your entire network and feed all devices and
data in that little box. Right? In that case,
you are able to block the edge of your network. But
(03:45):
there are three different types of DLP. There's network
DLP, there's endpoint DLP, and there's cloud DLP.
In a distributed company like us, we are more focused on
endpoint and cloud DLP because our
office is essentially everyone's laptop, right, and the
services they use online, like email or cloud storage,
(04:08):
like Dropbox or Drive or messaging services like Slack
or Teams. So there isn't really a big networking
closet that all of our traffic has to go through first. So you can be
really spread thin, And a good DLP solution
in that scenario is something that integrates with all of these
systems that your users are using, like email and messaging and
(04:31):
cloud storage. That, could you talk a little bit more
about the differences there? So, like, endpoint DLP versus cloud
DLP, things like that when you're in a hybrid situation? Yeah.
So endpoint DLP is gonna live on the user's
endpoint, like a laptop or a desktop, and it's gonna
intercept traffic or monitor traffic coming in and out of that
(04:53):
device. So if even if they're working at a library or on the
beach, right, we still have insight into their sending
PDFs or email that has information that we don't want sent out. We
have insight into that. And then with cloud, that's all
of your your Internet services at the end of the day. Right? So
you you share a folder on Google Drive. Having
(05:15):
a DLP solution that can integrate into that cloud app
and see what changes are being made and what files are being shared
with who, that's how we sort of integrate with data outside
of that person's laptop. Yeah. That totally makes sense. And and like you
mentioned, people working on the beach or things like that, we see people zooming in
from all over the place when they're on calls. I've seen people in grocery stores
(05:38):
and campers, all of that. So it seems like those
two would be incredibly critical if you're trying to implement an
actual effective DLP solution. Yeah. Unless we wanna build our surfer
farms on the beach, I think we have to find another
route. So How much of
the responsibility or action for
(06:00):
data loss security comes from someone like
you, Zach, or comes from someone if I'm an
employee, comes from someone like me? Is it the work
you do, or does it fall on me to be educated and
understand what's happening? Yeah. I think it's a it's a little bit of both.
Right? With a good solution for DLP, I
(06:21):
think bridging the gap between that, the tool and and
what my job is managing that tool and the end user's
job of, you know, dealing with that data and makes making sure
they're managing it correctly, having a a an opportunity for
feedback for the end user. Right? So instead of their
connection just kind of, like, stopping and they're like, what's going
(06:43):
on? Instead, we can intercept that
instance and give the user feedback and also provide, like,
a training moment for the end user. So it's not just the tool
that we have, but also like the ongoing education that we have for our employees
to further minimize the occurrences of data mismanagement.
So really finding points where we can
(07:07):
detect, mismanagement or bad actors, if that's the
case, and then turning that into employee
education around security, cybersecurity, and data security.
Yeah. Definitely. Security education is one thing. I mean, I'm a little biased since
I I work very heavily on the education side, but it
is so important for employees to understand where they
(07:29):
can store information, like what's approved by the company, what kind
of data they're allowed to store in certain areas, and things like that.
But like you're saying, Zach, you can't just rely on the person's memory or
they're in the moment thinking for you know,
maybe they're in a rush and they're trying to do something quickly. So having
an actual technical tool in place to assist with that, is
(07:53):
very helpful. Yeah. And, you know, it just continues to develop
as employees work with this sort of information.
Right? And maybe they make a mistake and they upload something to a destination that
they're not supposed to. And we were able to detect that and, you
know, educate them on why that's wrong. And
then as the education continues, those instances
(08:15):
become rarer and rarer. Right? Yeah. And then I know, you know,
at least with our company, we have a ton of tools available to
employees as well. So if you have multiple options for
where people can store data and the different information
that they have access to, you do need to be able to detect in the
multiple places. Yeah. Absolutely. This kinda
(08:37):
ties back to the episode we did about phishing.
But when something like that happens, for example,
I get a text message or an email about unpaid
tolls, and I click on it because maybe I was
on the ferry or I drove over a bridge that had a toll. Is that
how you discover most of the
(08:59):
instances that could cause data loss, or are you
proactive? Are you discovering them before they become a problem?
We are always trying to be proactive. We can't say that that that's always
the case. Obviously, DLP is is really hard and
rarely perfect. For the most part, we
depend on our employees knowing where that data is supposed to come and go.
(09:21):
Right? From the very beginning, they're educated on what
are approved destinations for what data. So, you know,
in a perfect world, the tool would work seamlessly in the background and
there'd be no impact. Right? And we would catch every
single potential leak. But it's not a perfect world. And in the meantime,
you're right. We do try to be proactive in that. But also, you know, being
(09:44):
fluid with the changing landscape of it all. Doc, you
touched on seamless integration there.
So to kind of follow that thread,
how does a DLP solution interact with people's day to
day jobs and responsibilities? Are there challenges with
that? Do people run into issues, or is it something that can just
(10:05):
run-in the background without people noticing? Well, like most security
tools, it's not gonna be 100% quiet and in the
background. Right? It's gonna be some sort of interaction from a user. It's some
sort of performance inhibitor. But I think setting the
expectation for the end user that this is what's expected and this
is why. Right? This is what we're needing to protect. This
(10:28):
data is important. And I think, you know, just communicating
with the employees of why certain things are happening, I think, is
important to alleviate that. Well, yeah. And, like, thinking
about important data, I mean, like you mentioned earlier in the episode, having
health care data, specifically. I mean, there are all sorts of compliance
requirements and legal requirements that we have with our
(10:50):
customers and just with ethics in general with people's health care
data. So I would hope that people in a health
care organization understand the criticality of of
keeping that data safe. So this just kind of
goes a step further with that and allows us to
really make sure that that data is only going where it's supposed to. Yeah. I
(11:12):
think sometimes I've I've seen with, users
that maybe put a file somewhere they weren't supposed to,
and I let them know and, you know, showed them the alert that I got.
The the common reaction is, oh, that's really
cool. You know? I can't believe you intercepted that so quick. What a cool
tool. And they don't they're not thinking about, you know, that their computer was maybe
(11:34):
a little slower when they were trying to upload that PDF. Right? So when
they can see that it has something that we're trying
to attain, right, that alert, that detection, I think it it
really changes people's mindset around the tool
itself. When you're getting alerts, is it are you
getting, like, thousands of alerts a day? Like, how do people navigate
(11:56):
kinda like, how how do you set up the right support
for your team to be able to look at these alerts? Like, are
you can do tools do that themselves, or is that
something that, like, you have to have, like, a whole team of people on for
looking at these alerts? Like, what what is your advice as far as, like,
triaging these? Yeah. You know, it's gonna be different for
(12:18):
companies of different sizes for sure. First, I
would focus on what information is what
data is most important that you wanna protect. For us, it's
probably health care data, health information. And
then, you know, narrowing in on those and what
sort of data leak would be most harmful to your company and starting there.
(12:39):
Right? Minimizing that first. And then, you know,
categories are always great. Do we care if email
addresses get shared out? Probably not as much as someone's, you know,
medical history. Right? But we still want insight into that. So it's it's
about priorities and categorization, I think, is is a
good baseline for companies of all sizes if they're trying
(13:01):
to tackle a DLP project. You've talked about
all the steps that you do to prevent data loss. Does
this interfere with an employee's day to day responsibilities?
Does it add extra steps, or what is that like? It
shouldn't. Right? If the tool is working as expected, it
shouldn't. And I think that this has been
(13:23):
a constant in the DLP space
market wise. But if you look at tools that are coming out now and
it's changing really rapidly all the time, new solutions are out
there that have less demand on the end user experience.
So I think, you know, it's just a lot more expensive than it was a
couple of years ago, and they're getting better. Right? And they're they're
(13:45):
more focused on user endpoints and not just
your internal network at a company like it like traditional DLPs are.
So is it perfect? No. Is a user's
experience day to day gonna be changed? Probably.
But, you know, having a a team that's dedicated to it and
(14:05):
a workforce that is dedicated to protecting that data for our
customers, I think, is a good starting point. It seems
like every day now we're hearing about something new
in artificial intelligence. AI does so so much
for us now, and I know that's always been a
concern on AI having access to to different
(14:28):
data. What's the future of data loss protection
in a world where AI is involved in so much? Yeah. We
know very little about where it's gonna go with DLP
and AI. But I think the focus right now
is what variable AI creates for something like
DLP. There is huge potential for
(14:50):
data loss when it comes to, like, ChatGPT, just a
chatbot. Right? Anybody can go open Chrome and go to
openai.com and type in whatever they want.
So when a user uploads health information or even just, like, copy
and paste an MRN number into AI
model, there's really no undo button. Right?
(15:12):
That text gets sent off into the ether, and
there's nothing we can do about it. So companies are really
gonna need to look into monitoring something as basic as
text input on endpoints. So not
PDFs or emails, but even just, like, typing in your
spotlight search on your Mac. Right? So it definitely prevents a huge
(15:34):
challenge. And it could be the difference between your
data being secure and all of your personal information completely
leaving your control. And that could be AI that does it. Right?
As with the rest of the market for TLP, companies are always releasing
new features and products. If you haven't looked at
potential solutions for your company in the last couple years, I would look
(15:57):
again because a lot of companies are AI is the buzzword. Right?
And DLP companies are pushing that forward as well. Yeah. And
it kind of goes into just a broader policy
that that companies kinda need to create around AI. And this
will probably be a future episode that we'll do, but trying
to determine what AI tools are
(16:18):
approved by your company can also kinda help with that a little bit. So it's
not DLP directly, but giving access or not giving
access to certain tools based on where that data goes can
kind of bridge that gap a little bit in the meantime. Yeah.
It goes back yet again to security education.
Right? Like, if you tell your employees that
(16:40):
you shouldn't post Social Security numbers and chat GPT, most of them
are probably gonna listen. Right? So it just comes down
to communication, really, for end users.
Is this something that you talk about with the companies
that you work with to help them understand this is the
do's and don'ts when it comes to AI? I would say so. Yeah.
(17:03):
Yeah. It's definitely like a a process. So there's a
it's an ever evolving security education
program where there are different formats for how we share
information. It might be in a full team meeting. It could be
through documentation that we're providing people. But as more and more of these
tools are coming out, we are creating these
(17:25):
policies and, like you said, the the do's and don'ts of how you
should interact with these. It just it seems like this
is such a challenge to stay on top of it that new things are
coming out all the time. And I don't I don't pay attention to Major League
Baseball that much. But when the new bat came
out, the torpedo bat, I mean, it's everywhere. That's all people are talking about.
(17:47):
And sometimes you think, well, I just didn't see that coming. And I
feel like that's the where we're at with AI that okay. You
put in your policies, but you may not see the next one
coming, and you have your policies in place. And then something
that you didn't even expect comes up that is just outside your
current policy or procedure. And I think it's we're
(18:10):
probably at a point where it's never ending. You two can never stop. You
always have to watch what's coming next and how does it impact the work
you do. Yeah. Definitely. And I think that's one of the, like, most exciting
things about security is that you're constantly evolving with the
new technology. And I also just wanna know I don't know if you saw when
you brought up baseball how Zach's face lit up, but you definitely
(18:32):
touched on a a good comparison there. Yeah. I mean, all I was gonna
say is that, you know, artificial intelligence scares me a lot worse than the Yankees
batting order. So Well,
that's probably a good thing to to wrap down on
that artificial intelligence scares Zack more. Well, join
us next episode as we discuss more security
(18:54):
challenges impacting health care and practical ways
to address them. Is there anything else that you have to add here at
the end, Zach and Megan? I don't think so. It's great talking to you,
Jody. You too, Zach. Yes. And, we also, like
normal, will have a link in the show notes for you to be
able to give any suggestions or
(19:16):
comments, questions, things like that. And don't forget to lock
the back door.
Welcome to shut the back door brought to you by redox. Shut
the back door is a health care security podcast dedicated
to keeping health data safe one episode at a time. I'm
your host, Jody Mayberry, and with me, you probably
expect by now is Megan McLeod, senior security
engineer with Redux. Hello, Megan. Hi, Jody. It's nice to be here
(00:25):
again. And it's great to have you with us. And Megan
has invited Zach Cowan, a security engineer at
Redux, to join us. Hi, Zach. Hi, Jody. Megan. Thanks
for having me. Well, Zach is here so we can talk
about data loss protection.
And, Zach, for me, that's just about making sure all my
(00:47):
photos are backed up because I take so many photos. That's pretty much what data
loss is. Right? You know, for most people, that's probably as
far as their concerns go. Right? Their photos and personal things. But
for a company, data loss protection or data
leak protection covers a whole lot more than just
that. When you think about all the data that comes in and out of a
(01:09):
corporate system, like social security numbers, bank account
numbers, and particularly for a company in our space, health
information, DLP, like we call it, data loss protection,
protects companies from this sensitive information kind of making its
way out of their secure ecosystem and into
potentially harmful hands. And when you're talking about data
(01:31):
loss protection and the individuals, are
you thinking more bad actors, or is there kind of,
like, you're thinking about the people just at the company in
general? We definitely worry about bad actors, but that's
not just what data loss protection is for. Of
course, we wanna prevent those cases, but we also wanna protect our employees
(01:54):
from themselves. Right? And one of the most common causes of
data loss in the corporate world is human error or data mismanagement.
So having a system in place that protects our employees from that is
also a point of DLP. Yeah. That's another common thread in
security is, like you said, protecting employees from themselves. I
think people listening will notice that there is that theme across
(02:16):
multiple episodes, like when we talked about in phishing that it's not
necessarily the people intending to do bad. It's more
the unintentional that happens so often.
That's a good tie in, Megan, because we saw that in phishing. I think
we've we've seen it in some other ways. Like, when someone
leaves the company, they may not intend to do anything that
(02:38):
causes a data leak, but maybe they still have their password. They
get curious. You talked about that in that episode. So it is
interesting to think about this, that it it is not
bad actors. It's just sometimes things happen. People aren't paying
attention. But what I'm curious about, we now at Redox
have every time we've brought someone else on to
(03:01):
join us, you're from a different part of the country. We've
got people from Redox are all over, and that's really common
now to have hybrid remote in person
companies. With so many people working remotely
and hybrid, how can you successfully
implement the SEC where you protect against data
(03:23):
loss? So being remote or or hybrid
definitely provides its own unique set of challenges. Traditional
DLP solutions give you an ability to control
your entire network and feed all devices and
data in that little box. Right? In that case,
you are able to block the edge of your network. But
(03:45):
there are three different types of DLP. There's network
DLP, there's endpoint DLP, and there's cloud DLP.
In a distributed company like us, we are more focused on
endpoint and cloud DLP because our
office is essentially everyone's laptop, right, and the
services they use online, like email or cloud storage,
(04:08):
like Dropbox or Drive or messaging services like Slack
or Teams. So there isn't really a big networking
closet that all of our traffic has to go through first. So you can be
really spread thin, And a good DLP solution
in that scenario is something that integrates with all of these
systems that your users are using, like email and messaging and
(04:31):
cloud storage. That, could you talk a little bit more
about the differences there? So, like, endpoint DLP versus cloud
DLP, things like that when you're in a hybrid situation? Yeah.
So endpoint DLP is gonna live on the user's
endpoint, like a laptop or a desktop, and it's gonna
intercept traffic or monitor traffic coming in and out of that
(04:53):
device. So if even if they're working at a library or on the
beach, right, we still have insight into their sending
PDFs or email that has information that we don't want sent out. We
have insight into that. And then with cloud, that's all
of your your Internet services at the end of the day. Right? So
you you share a folder on Google Drive. Having
(05:15):
a DLP solution that can integrate into that cloud app
and see what changes are being made and what files are being shared
with who, that's how we sort of integrate with data outside
of that person's laptop. Yeah. That totally makes sense. And and like you
mentioned, people working on the beach or things like that, we see people zooming in
from all over the place when they're on calls. I've seen people in grocery stores
(05:38):
and campers, all of that. So it seems like those
two would be incredibly critical if you're trying to implement an
actual effective DLP solution. Yeah. Unless we wanna build our surfer
farms on the beach, I think we have to find another
route. So How much of
the responsibility or action for
(06:00):
data loss security comes from someone like
you, Zach, or comes from someone if I'm an
employee, comes from someone like me? Is it the work
you do, or does it fall on me to be educated and
understand what's happening? Yeah. I think it's a it's a little bit of both.
Right? With a good solution for DLP, I
(06:21):
think bridging the gap between that, the tool and and
what my job is managing that tool and the end user's
job of, you know, dealing with that data and makes making sure
they're managing it correctly, having a a an opportunity for
feedback for the end user. Right? So instead of their
connection just kind of, like, stopping and they're like, what's going
(06:43):
on? Instead, we can intercept that
instance and give the user feedback and also provide, like,
a training moment for the end user. So it's not just the tool
that we have, but also like the ongoing education that we have for our employees
to further minimize the occurrences of data mismanagement.
So really finding points where we can
(07:07):
detect, mismanagement or bad actors, if that's the
case, and then turning that into employee
education around security, cybersecurity, and data security.
Yeah. Definitely. Security education is one thing. I mean, I'm a little biased since
I I work very heavily on the education side, but it
is so important for employees to understand where they
(07:29):
can store information, like what's approved by the company, what kind
of data they're allowed to store in certain areas, and things like that.
But like you're saying, Zach, you can't just rely on the person's memory or
they're in the moment thinking for you know,
maybe they're in a rush and they're trying to do something quickly. So having
an actual technical tool in place to assist with that, is
(07:53):
very helpful. Yeah. And, you know, it just continues to develop
as employees work with this sort of information.
Right? And maybe they make a mistake and they upload something to a destination that
they're not supposed to. And we were able to detect that and, you
know, educate them on why that's wrong. And
then as the education continues, those instances
(08:15):
become rarer and rarer. Right? Yeah. And then I know, you know,
at least with our company, we have a ton of tools available to
employees as well. So if you have multiple options for
where people can store data and the different information
that they have access to, you do need to be able to detect in the
multiple places. Yeah. Absolutely. This kinda
(08:37):
ties back to the episode we did about phishing.
But when something like that happens, for example,
I get a text message or an email about unpaid
tolls, and I click on it because maybe I was
on the ferry or I drove over a bridge that had a toll. Is that
how you discover most of the
(08:59):
instances that could cause data loss, or are you
proactive? Are you discovering them before they become a problem?
We are always trying to be proactive. We can't say that that that's always
the case. Obviously, DLP is is really hard and
rarely perfect. For the most part, we
depend on our employees knowing where that data is supposed to come and go.
(09:21):
Right? From the very beginning, they're educated on what
are approved destinations for what data. So, you know,
in a perfect world, the tool would work seamlessly in the background and
there'd be no impact. Right? And we would catch every
single potential leak. But it's not a perfect world. And in the meantime,
you're right. We do try to be proactive in that. But also, you know, being
(09:44):
fluid with the changing landscape of it all. Doc, you
touched on seamless integration there.
So to kind of follow that thread,
how does a DLP solution interact with people's day to
day jobs and responsibilities? Are there challenges with
that? Do people run into issues, or is it something that can just
(10:05):
run-in the background without people noticing? Well, like most security
tools, it's not gonna be 100% quiet and in the
background. Right? It's gonna be some sort of interaction from a user. It's some
sort of performance inhibitor. But I think setting the
expectation for the end user that this is what's expected and this
is why. Right? This is what we're needing to protect. This
(10:28):
data is important. And I think, you know, just communicating
with the employees of why certain things are happening, I think, is
important to alleviate that. Well, yeah. And, like, thinking
about important data, I mean, like you mentioned earlier in the episode, having
health care data, specifically. I mean, there are all sorts of compliance
requirements and legal requirements that we have with our
(10:50):
customers and just with ethics in general with people's health care
data. So I would hope that people in a health
care organization understand the criticality of of
keeping that data safe. So this just kind of
goes a step further with that and allows us to
really make sure that that data is only going where it's supposed to. Yeah. I
(11:12):
think sometimes I've I've seen with, users
that maybe put a file somewhere they weren't supposed to,
and I let them know and, you know, showed them the alert that I got.
The the common reaction is, oh, that's really
cool. You know? I can't believe you intercepted that so quick. What a cool
tool. And they don't they're not thinking about, you know, that their computer was maybe
(11:34):
a little slower when they were trying to upload that PDF. Right? So when
they can see that it has something that we're trying
to attain, right, that alert, that detection, I think it it
really changes people's mindset around the tool
itself. When you're getting alerts, is it are you
getting, like, thousands of alerts a day? Like, how do people navigate
(11:56):
kinda like, how how do you set up the right support
for your team to be able to look at these alerts? Like, are
you can do tools do that themselves, or is that
something that, like, you have to have, like, a whole team of people on for
looking at these alerts? Like, what what is your advice as far as, like,
triaging these? Yeah. You know, it's gonna be different for
(12:18):
companies of different sizes for sure. First, I
would focus on what information is what
data is most important that you wanna protect. For us, it's
probably health care data, health information. And
then, you know, narrowing in on those and what
sort of data leak would be most harmful to your company and starting there.
(12:39):
Right? Minimizing that first. And then, you know,
categories are always great. Do we care if email
addresses get shared out? Probably not as much as someone's, you know,
medical history. Right? But we still want insight into that. So it's it's
about priorities and categorization, I think, is is a
good baseline for companies of all sizes if they're trying
(13:01):
to tackle a DLP project. You've talked about
all the steps that you do to prevent data loss. Does
this interfere with an employee's day to day responsibilities?
Does it add extra steps, or what is that like? It
shouldn't. Right? If the tool is working as expected, it
shouldn't. And I think that this has been
(13:23):
a constant in the DLP space
market wise. But if you look at tools that are coming out now and
it's changing really rapidly all the time, new solutions are out
there that have less demand on the end user experience.
So I think, you know, it's just a lot more expensive than it was a
couple of years ago, and they're getting better. Right? And they're they're
(13:45):
more focused on user endpoints and not just
your internal network at a company like it like traditional DLPs are.
So is it perfect? No. Is a user's
experience day to day gonna be changed? Probably.
But, you know, having a a team that's dedicated to it and
(14:05):
a workforce that is dedicated to protecting that data for our
customers, I think, is a good starting point. It seems
like every day now we're hearing about something new
in artificial intelligence. AI does so so much
for us now, and I know that's always been a
concern on AI having access to to different
(14:28):
data. What's the future of data loss protection
in a world where AI is involved in so much? Yeah. We
know very little about where it's gonna go with DLP
and AI. But I think the focus right now
is what variable AI creates for something like
DLP. There is huge potential for
(14:50):
data loss when it comes to, like, ChatGPT, just a
chatbot. Right? Anybody can go open Chrome and go to
openai.com and type in whatever they want.
So when a user uploads health information or even just, like, copy
and paste an MRN number into AI
model, there's really no undo button. Right?
(15:12):
That text gets sent off into the ether, and
there's nothing we can do about it. So companies are really
gonna need to look into monitoring something as basic as
text input on endpoints. So not
PDFs or emails, but even just, like, typing in your
spotlight search on your Mac. Right? So it definitely prevents a huge
(15:34):
challenge. And it could be the difference between your
data being secure and all of your personal information completely
leaving your control. And that could be AI that does it. Right?
As with the rest of the market for TLP, companies are always releasing
new features and products. If you haven't looked at
potential solutions for your company in the last couple years, I would look
(15:57):
again because a lot of companies are AI is the buzzword. Right?
And DLP companies are pushing that forward as well. Yeah. And
it kind of goes into just a broader policy
that that companies kinda need to create around AI. And this
will probably be a future episode that we'll do, but trying
to determine what AI tools are
(16:18):
approved by your company can also kinda help with that a little bit. So it's
not DLP directly, but giving access or not giving
access to certain tools based on where that data goes can
kind of bridge that gap a little bit in the meantime. Yeah.
It goes back yet again to security education.
Right? Like, if you tell your employees that
(16:40):
you shouldn't post Social Security numbers and chat GPT, most of them
are probably gonna listen. Right? So it just comes down
to communication, really, for end users.
Is this something that you talk about with the companies
that you work with to help them understand this is the
do's and don'ts when it comes to AI? I would say so. Yeah.
(17:03):
Yeah. It's definitely like a a process. So there's a
it's an ever evolving security education
program where there are different formats for how we share
information. It might be in a full team meeting. It could be
through documentation that we're providing people. But as more and more of these
tools are coming out, we are creating these
(17:25):
policies and, like you said, the the do's and don'ts of how you
should interact with these. It just it seems like this
is such a challenge to stay on top of it that new things are
coming out all the time. And I don't I don't pay attention to Major League
Baseball that much. But when the new bat came
out, the torpedo bat, I mean, it's everywhere. That's all people are talking about.
(17:47):
And sometimes you think, well, I just didn't see that coming. And I
feel like that's the where we're at with AI that okay. You
put in your policies, but you may not see the next one
coming, and you have your policies in place. And then something
that you didn't even expect comes up that is just outside your
current policy or procedure. And I think it's we're
(18:10):
probably at a point where it's never ending. You two can never stop. You
always have to watch what's coming next and how does it impact the work
you do. Yeah. Definitely. And I think that's one of the, like, most exciting
things about security is that you're constantly evolving with the
new technology. And I also just wanna know I don't know if you saw when
you brought up baseball how Zach's face lit up, but you definitely
(18:32):
touched on a a good comparison there. Yeah. I mean, all I was gonna
say is that, you know, artificial intelligence scares me a lot worse than the Yankees
batting order. So Well,
that's probably a good thing to to wrap down on
that artificial intelligence scares Zack more. Well, join
us next episode as we discuss more security
(18:54):
challenges impacting health care and practical ways
to address them. Is there anything else that you have to add here at
the end, Zach and Megan? I don't think so. It's great talking to you,
Jody. You too, Zach. Yes. And, we also, like
normal, will have a link in the show notes for you to be
able to give any suggestions or
(19:16):
comments, questions, things like that. And don't forget to lock
the back door.
Popular Podcasts
24/7 News: The Latest
The latest news in 4 minutes updated every hour, every day.
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com