TAG analyst report: Insights and recommendations for improved cyber resilience using CrashPlan
Most companies have made major strides in elevating data security and embracing the concept of cyber resiliency over the last five years: they’re much more aware of risks and have much more sophisticated tools for mitigating risk, responding to threats, and recovering from attacks and breaches.
But a recent report written by Dr. Ed Amoroso from TAG shows a major security gap remains that has plagued companies for decades now: securing the endpoint devices where work happens (and a lot of work products still live). Fortunately, TAG concludes that fixing this endpoint security gap doesn’t require an alphabet soup of new security software categories. Rather, reliable endpoint backup is still your best bet to protect your data—and be able to get it back in the event of a breach.
TAG investigates a hunch: Endpoint security is still a problem
TAG is a leading research and advisory firm in the cybersecurity industry, working with around 120 major enterprise security teams to help them build modern, future-ready postures on data protection and cyber resiliency. Over the past few years, TAG observed an increasing awareness that, despite growing sophistication in security stacks, a gap remained around endpoint protection and resiliency.
Together with Todd Thorsen, CISO at CrashPlan, TAG launched a formal study on how companies protect the data that resides on their endpoints. Here’s what they found:
Insight 1: There is an endpoint data protection gap
After doing qualitative interviews with CISOs at roughly 100 organizations, along with a quantitative survey of security practitioners at those organizations, the headline finding confirmed TAG’s hunch: “The results of the TAG analysis revealed a protection gap for most businesses in how they maintain cyber resiliency for their endpoint data devices such as computers (PCs) and laptops.” One stat that brings this finding to life: 71% of the CISOs surveyed said they would not be surprised by a data breach involving endpoint data—despite feeling more confident overall in their ability to protect against breaches.
Insight 2: More tools ≠ less risk
TAG noted that the companies included in its research exhibited higher awareness around cyberthreats and risks like ransomware and insider threats (malicious and inadvertent). They also noted that cybersecurity and resiliency has matured in these organizations, evidenced by the deployment of new, targeted security tech like anti-malware tools and EDR products.
Yet, TAG found that endpoints remained a glaringly under-protected risk: “A majority of enterprise security teams today have insufficient security policy enforcement and have not deployed effective endpoint data protection controls to ensure the resilience of data stored in a distributed manner across their endpoints.”
Insight 3: Manual policies are not effective
While TAG’s conversations with CISOs indicated “policy is a major component of their strategy to protect endpoint data,” the report pointed out that a growing body of research suggests employees just don’t follow policies. Moreover, TAG warned that reliance on manual enforcement for data protection is a failed strategy—and a losing game outpaced by the increasing sophistication of cyber threats. Instead, TAG urged the need to shift toward “technical controls based on automation…not only for endpoint data protection but for more general policy enforcement as well.”
Insight 4: Cloud collaboration tools are not backup
Cloud collaboration tools have become central to how work gets done in most organizations today. These tools’ powerful functionality often includes features that look a lot like backup—at least on the surface. But TAG found that this leads to a common mistake that contributes to the endpoint security gap: “Cloud collaboration tools are mis-used and relied upon for data backup and resiliency.”
The limitations of this approach are right there in the name of the tools: “While such solutions are obviously wonderful means for driving sharing, collaboration, and virtual operation of teams, they were not designed for backup.” This creates a classic square-peg-round-hole problem, where critical backup functionality is lost, security gaps are left uncovered and endpoint data easily falls between the cracks of incomplete backup functionality of cloud collaboration tools.
Insight 5: Organizations are overconfident in data recovery capabilities
There’s no doubt that InfoSec leaders should be commended for their hard work moving overall cyber security and resiliency maturity forward in the last several years. The typical organization has more tools and more protocols in place to mitigate risk, identify threats, respond and/or recover rapidly. But it appears this broader progress has created a halo effect that overshadows endpoint security gaps: “Many enterprise teams possess a false sense of security for endpoint data resilience and restoration post-incident.”
The root of the problem? Most organizations haven’t put their endpoint security tools and processes to the test. “Virtually none of the CISOs included in our research survey reported having strong validation and test methods for the restoration processes in place post-incident.”
Back to basics: Cyber resiliency starts with endpoint backup
The biggest “so what?” take away from the TAG report: Organizations need to focus on closing the endpoint security gap. They can’t count on policy—they need automated tools. And they can’t use cloud collaboration tools to do a job they weren’t built for.
As TAG puts it: “organizations clearly will benefit from a purpose-built endpoint data protection and resilience platform.”
TAG goes on to lay out its own model for modern approach to endpoint security, which it calls MEAD (Malware, EDR, Analytics, and Data). The MEAD framework puts an endpoint backup solution like CrashPlan at the center of the security stack, focusing on tight integration between CrashPlan and the organization’s other endpoint security tools like anti-malware, EDR and endpoint analytics products.
Click here to download the full TAG report, see all the insights and dig into the MEAD model.
Learn more about data resiliency today. If you want to see how CrashPlan can improve data resiliency at your organization with automatic, secure data backups, sign up for our free trial.
