How To: Conduct a Risk Assessment Prior To Creating Data Usage Policies (w. Lookout)

08/24/2023

51

0 (0%)

Report Like Favorite

Transcript

Mike Matchett: But I'm still I'm still thinking just, you know, if I'm watching this today, how do I get there? What do I what can I do to actually make that that that assessment and do those wins and prioritize that data? Andy Olpin: Yep. And and some of that is, like I said, it starts with our, our risk assessment, right? We plug in via an API and tell you what you have out there, but then we can start to get more advanced, right? So this, this slide is a little busy. It's got a lot of detail in here. But this is about how would I enable that collaboration, right? So you want to enable the business to be able to share sensitive data with appropriate people. But the first thing you have to do is know where that data is and what's sensitive. Then how do we make policies on top of that? Right? So again, the goal here is to give you power, but to do it in an automated way. So what we can do is talk about all these great ways we can build contextual policies. And what I mean by contextual policies is I want to know a whole bunch of information about data access. I want to know who the user is and what group they're in. I want to know if their behavior is a little bit outside the norm, right? So if you have a user who normally downloads ten files a day and suddenly you start seeing them download 100 files a day, maybe that's an insider risk, maybe that's a ransomware problem. You know, that's a bit of data I need to see. What's the location they're coming from? Are they coming from their normal home location or are we seeing a login from some place very risky overseas that seems out of character, right? And then the other contexts are like, what about the device? Is it a corporate device? Is a personal device? Is the device in good standing? Right. Is the EDR product that's on the device running in a good state? And what data are they accessing at this moment? To go back to the data thing, that's another bit of context, right? So a user what I can do here from a collaboration standpoint that's really powerful is I can build context rules that also include the sensitivity of the data. So I can go and say, all right, I have this super sensitive Coke can formula or whatever it is that I need to protect. So I'm going to make rules around this data that say you have to be coming from a corporate laptop, only logging in from the United States or, you know, whatever it is, Right? I'm going to be very restricted with this piece of data. But because my contextual policies know about the data access, I can then turn around and say, all right, for the rest of Office 365 I don't care so much. You want to come in from a personal computer? No problem. I'm going to control access where I might say based on the data sensitivity, you can only do these things or I might loads. Or I might redact social security numbers out when you're coming from a personal computer. But it really gives me that ability to say we are going to allow you to work from anywhere, from any device with the caveat that your access to data might be a little bit restricted when you're not coming from a company issued device. Hank Schless: Yeah. I think the one thing I'll I'll highlight here is going beyond that block allow piece the second the second bullet there in the in the benefits I think that's just again these days I think it's just so important just to be able to let people do what they need to do with the data they need. But but but nothing more. You want to be able to limit that in such a way that no one's getting stopped. But but you don't want to put yourself at risk. So that's always I just think that's like so, so critically important these days, especially with with data flowing everywhere.

Categories:

» Webinar Library » Lookout

Channels:

Where Does Your Data Go? Data Loss Preventing and Stopping Data Exfiltration

Tags:

lookout

Show more Show less

Browse videos

Upcoming Webinar Calendar

10/14/2025

01:00 PM

10/14/2025

Discover Netwrix's Transformation: A Journey in Brand and Product Development

https://www.truthinit.com/index.php/channel/1540/discover-netwrixs-transformation-a-journey-in-brand-and-product-development/
10/15/2025

12:30 AM

10/15/2025

Achieving Cyber Resilience in APAC VMware: Effortless Recovery Strategies

https://www.truthinit.com/index.php/channel/1543/achieving-cyber-resilience-in-apac-vmware-effortless-recovery-strategies/
10/15/2025

01:00 PM

10/15/2025

Managing Human Risk in an AI-Driven Threat Landscape: Are Your Defenses Evolving Fast Enough?

https://www.truthinit.com/index.php/channel/1521/managing-human-risk-in-an-ai-driven-threat-landscape-are-your-defenses-evolving-fast-enough/
10/16/2025

06:00 AM

10/16/2025

EMEA Cyber Resilience Insights for VMware: Effortless Recovery Without Uncertainty

https://www.truthinit.com/index.php/channel/1544/emea-cyber-resilience-insights-for-vmware-effortless-recovery-without-uncertainty/
10/16/2025

11:00 AM

10/16/2025

Trend Micro Webinar: Smarter Decision Making via Network Intelligence

https://www.truthinit.com/index.php/channel/1372/unlocking-network-intelligence-for-smarter-risk-decisions/
10/16/2025

12:30 PM

10/16/2025

Secureframe: ISO 27001 for Startups: Understanding Its Importance and Accelerating Certification

https://www.truthinit.com/index.php/channel/1523/iso-27001-for-startups-understanding-its-importance-and-accelerating-certification/
10/22/2025

01:00 PM

10/22/2025

Cut Ticket Resolution Time in Half with Smarter IT Documentation

https://www.truthinit.com/index.php/channel/1541/cut-ticket-resolution-time-in-half-with-smarter-it-documentation/
10/23/2025

12:00 PM

10/23/2025

360View: Preventing Data Exfiltration: Keeping Enterprise Data Secure

https://www.truthinit.com/index.php/channel/931/360view-preventing-data-exfiltration-keeping-enterprise-data-secure/
10/23/2025

12:00 PM

10/23/2025

Secureframe: CMMC Series - Crafting a Readiness Roadmap for Streamlined Certification Success

https://www.truthinit.com/index.php/channel/1535/cmmc-series-crafting-a-readiness-roadmap-for-streamlined-certification-success/
10/28/2025

12:00 PM

10/28/2025

Reimagining Data Security: Regain Your Control and Confidence

https://www.truthinit.com/index.php/channel/1432/reimagining-data-security-regain-your-control-and-confidence/
10/30/2025

06:00 AM

10/30/2025

Rethink secure access solutions beyond VPN and NAC in a zero trust landscape.

https://www.truthinit.com/index.php/channel/1547/rethink-secure-access-solutions-beyond-vpn-and-nac-in-a-zero-trust-landscape/
10/30/2025

12:00 PM

10/30/2025

Revolutionizing Secure Access Beyond VPN and NAC for a Zero Trust Era

https://www.truthinit.com/index.php/channel/1546/revolutionizing-secure-access-beyond-vpn-and-nac-for-a-zero-trust-era/
11/06/2025

12:00 PM

11/06/2025

Secureframe: CMMC Level 2 Assessment Insights: Expectations and Preparation Strategies

https://www.truthinit.com/index.php/channel/1536/cmmc-level-2-assessment-insights-expectations-and-preparation-strategies/
11/12/2025

12:00 PM

11/12/2025

Zendesk Customer Spotlight [Pure Insurance]: How to Scale Employee Service from IT to HR

https://www.truthinit.com/index.php/channel/1545/zendesk-customer-spotlight-pure-insurance-how-to-scale-employee-service-from-it-to-hr/
11/20/2025

12:00 PM

11/20/2025

360View: Budget Optimization: Doing More with Less

https://www.truthinit.com/index.php/channel/932/360view-budget-optimization-doing-more-with-less/
12/11/2025

12:00 PM

12/11/2025

Secureframe: Addressing the Top 5 Compliance Challenges for Startup Leaders and Solutions

https://www.truthinit.com/index.php/channel/1526/addressing-the-top-5-compliance-challenges-for-startup-leaders-and-solutions/
12/18/2025

12:00 PM

12/18/2025

360View: 2026 IT Predictions & Emerging Trends

https://www.truthinit.com/index.php/channel/933/360view-2026-it-predictions-emerging-trends/