Data Privacy in the age of COVID-19
The challenge of remote workers for Privacy & InfoSec Teams
One of our clients is working to enable remote work for all their employees in response to the COVID-19 pandemic. The organization delivers healthcare services to patients across a number of sites. For them, remote work means that a distributed team need to coordinate with each other, share data and continue to deliver services to their patients through telemedicine platforms.
This has raised a lot of issues for the privacy and infosec teams. The ways in which remote workers can access and share highly sensitive data between each other, as well as coordinate groups of clinicians to meet with patients digitally is not a trivial task. Some workers may be using their own devices on personal networks.
Fortunately, the client has lots of smart and dedicated users who are continuously brainstorming new ways to deal with these changing circumstances. They have come up with innovative solutions to remain nimble and patient-centric whilst maintaining the highest standards in data privacy.
Nevertheless, the risk of data breach is extremely high. Traditional SIEM and UEBA solutions are not designed to deal with this massive change. Alerts for unusual or suspicious behaviors are being triggered at a frequency that make it almost impossible for security analysts to manage.
We at privata.ai have a novel solution that allows organizations to manage such a scenario. Unlike traditional SIEM or UEBA solutions, we use machine learning to monitor how a user interacts with your most sensitive data, regardless of whether the user is accessing from their office or from home. We monitor the interactions on the data as close to the data source as possible. This removes much of the noise generated by network traffic that can trigger alerts in traditional systems.
These coming weeks and months will be a test for all organizations on surviving and adapting to the new normal. When we reach the other side of it, we can then reflect on how the mechanisms and tools we use for data protection are probably over-fitted to the traditional work environments.
