Leaking sensitive data costs the companies in average of more than 3.25 million euros. Thanks to the Data Loss Prevention program, which it develops and integrates deep into the system, Safetica Brno provides companies around the world protection against the loss of their sensitive data.

According to CTO of Safetica Zbyněk Sopuch, data protection does not mean only the development of a perfect solution, but also communication with the user and their education. He says: “They need feedback on what they are doing and what they intended, and they need to learn it prudently. We are actually educating them in safety.”

What technologies can developers in Safetica encounter?  

Safetica is developing a solution that protects authorized users from data handling errors. It solves the possible problems “between the chair and the keyboard”, and therefore it needs to be in the place where the data and the user meet – on the end device, on the mobile phone, in the cloud service, etc. The technological domain is so broad that it is easier to define what we do not do there than the other way around. Our solution is not just a mobile application, or the website with databases, as other services are. We are on all platforms. We are integrated deep in the system, we are solving drivers, we are interfacing with the user, doing data analytics. For fun, I’m saying that we are doing everything but the production of hardware, although we thought about that actually for a short time, for example in the sense of encrypted flash drives.

What exactly is your technology stack? 

Our technology stack was initially strongly influenced by Microsoft. We are their Gold partner and where it made sense, we built it using their technologies. Which meant the whole Windows platform (C++, C#) and cloud backend on Azure. Generally speaking, however, we choose native technologies, we are building the web tier in Angular, on Mac we use Objective C, C++ and Swift. On a mobile phone Swift, and Java on Android. And data analytics in Python, for example.

We are not working with Java and PHP which would bring additional platform dependencies and security risks to the customer environment.

You are involved directly in the operating system. Can you describe it in more detail? 

For example, many companies create applications for macOS. But we are going deeper and see how the system works. Where it has its weaknesses and how they can be addressed. Most developers didn’t realize that when Apple released macOS Catalina, the entire security system around the kernel changed and they essentially banned using your own drivers and the like. We knew it.

We know how the system works with files and what the user is doing on the network, and we are trying to give them a helping hand when necessary. We need to know what they are doing when, for example, sending data into the Apple Ecosystem or Office 365, which are features that are more and more integrated with the operating system. Getting back to macOS, this means practically the Linux level, so we are recruiting “linuxers” for macOS as well.

How do you approach different versions of operating systems? 

We have to support not only all mainstream versions of operating systems but also third-party applications. Because of that, we are forced to defensive coding, but most of all it demands QA. We wouldn’t be able to do it manually, everything is running under a robust automation, which does most of the work for us alone overnight. But sometimes we just run into a problem in the field that surprises us. For example, we have found a bug in Adobe that worked badly with files; we have found a bug in the printing API from Microsoft, or even in YSoft’s drivers. Sometimes it is enough to report the bugs and they will correct them, but sometimes the companies neglect it up and we have to deal with it. The customer expects it from us.

What are your technologic differences from mainstream antivirus companies like Avast or ESET? 

We have a similar technology stack, but simply put, they watch what goes inside. We deal primarily with the authorized users, i.e. with the way out. It’s about inspecting the outgoing data, detecting the file content, integrating with email clients and web browsers. We deal with the relation between the outgoing data and the company or legislation, such as GDPR. We are working deep in the network, we are decrypting SSL and watching what is flowing there to make sure that company data does not go out.

Another thing that makes a difference is the focus on user behavior. Nobody cares that on the disk thousand of operations have been performed. Antivirus doesn’t care. It checks the essentials, omitting the rest. And we are expected to tell the system behavior from the user’s intention and check it contextually. Alternatively, we explain to the user what is wrong. Can you imagine confronting users with what the corporate backup software does, or that you have found sensitive data in the temporary application files? The user does not understand this, and most importantly did not cause it. That is why we regard the end-user and communication with them at the top of our corporate priorities. Sometimes it’s as much about psychology as it is about IT.

Are you supervising traffic at the end stations, or in cloud services as well? 

We are doing the same in the cloud, but it’s far more challenging because ninety percent of what you do at the end station cannot be done there. In addition, the scaling is much more a sudden increase. If we install our solutions on end stations, they can be installed gradually and they take the power directly from the station. Imagine Office 365, where thousands of users can appear in the cloud at once by turning it on.

We monitor the impact on users a lot. When copying data from one server to another, it’s fast. When we have to check it, and the check takes place on a cloud service, then it takes ten times longer. The check itself is fast, but the data are traveling a different way. Then it’s a question of how to solve it. Caching, components in place, launch dialogs from the operating system and the like.

How is your approach to QA? 

With a great emphasis. On the one hand, we are directly influencing the work of each customer’s employee and we can very easily stop them. And then there’s the security aspect. We must not fail in that. We are working with the client’s most sensitive data, and if we don’t think of consequences, we could expose their data. We are working for clients with extreme security requirements, such as banks or security services.

Therefore, our release process is thoroughly elaborated, with an emphasis on eliminating the risk of human error. This allows us to react and release quickly even under such strict conditions. We also have a mandatory code review for everything that goes out and we are striving to share information and experience as much as possible. Basically, it can be said that every one of us is involved in QA, from the product manager to the developer. They write their unit tests and do the mentioned code reviews. The QA engineers are responsible for how the function is designed from a concept perspective, but also for the entire automation architecture and team DevOps. They are not any “clickers”, but full-fledged engineers who have developed our entire automation product.

How are your teams organised?  

They are organized in business agile teams and the related areas are joined. For example, one team is focused on the data security for Windows, so it does integration with Office 365 as well and is responsible for the entire security model with the end-user. Another team handles the cloud backend, endpoint communication and data processing, and is therefore responsible for reporting and interacting with the admin. For example, the Mac team also takes care of data detection and analysis, which is a separate business area.

Our intent is that our people grow not only in the sense of their technical skills but also as humans and in terms of competencies. Our guys have a very broad overview. They are doing things across the business vertical: networks, low-level stuff, cloud, front end. But they go very deep in their favorite expertise. We need a balance between substitutability and high-end experts.

Which technological challenges are you expecting to face? 

I will start from the bottom, where specific challenges are lying for us. Concerning the end-station technology, we already have the necessary integration with all OS except Linux. This will come later. The big challenge is the cloud. There are several approaches, but it is a raging area. And then there are the more expected areas – we are building a robust cloud SaaS system (really native) and we are going to automate gradually more with machine learning and data analysis. The only trend for which we do not have any use yet is perhaps blockchain. But if anyone has a good idea, come here with it!

In the Autumn release of Safetica 9.8, we focused on the most critical part of data security, detection, and investigation of data incidents. We’ve added new powerful capabilities and split the rest of the product based on the need for the response level.

Find out more. Watch the recording of our live webinar.

New product tiers streamlined to discovery and response levels

• Safetica Discovery for improved detection of sensitive data for a comprehensive company audit
• Safetica Protection for management of data security incidents, their investigation, and response
• Safetica Enterprise with selected enterprise use cases and advanced automation of detection and response
• Extra module Safetica UEBA offers a dedicated focus on user behavior (and can be bundled with main product tiers in selected regions)

Improved incident detection

• Detect sensitive data in transit to network file shares
• Detect specified file types with new DLP policies based on file attributes
• Detect encrypted Azure Information Protection and their classification
• Detect new data-flow channels on macOS, for instance, upload or sent by IM

Improved investigation and response

• Create shadow copies of incident files for further investigation of data security incidents
• Detect and protect file operations to Windows Portable Devices (smartphones and multimedia devices)

Improved enterprise capabilities

• Safetica Mobile: New ‘Fully managed’ device mode for company devices
• The enhanced lifecycle of Active Directory users and computers
• Enhanced backend and database performance for large company environments

Find out more. Watch the recording of our live webinar.

Companies around the world are switching to the home office often overnight. Safetica is striving to help them not only with its recommendations for working from home but also with the new version of its solution, which will be introduced in the upcoming days. New features include e.g. improved data transfer protection between remote devices, mood mapping in the team, and many other useful features.

Take a quick look at our webinar recording and find out more from our Safetica Team.

Regulatory compliance for remote companies

As organizations are shifting to remote working, ensuring proper identification and protection of personally identifiable information (PII), healthcare and financial data is even more important than before, so that the remote company complies with regulations such as GDPR, HIPAA or PCI-DSS.

To facilitate secure remote working, the following measures should be followed:

• Keep company files protected when users connect to work devices remotely with the updated remote desktop DLP for protecting sensitive data transfers or all remote file transfers in general
• Your users often best know what data they’re working with, so allow them to classify documents using our new built-in user-based data classification
• Use the new DLP policies for combined data types and target specific data more accurately, for instance, build special policies for classified documents which also include specific sensitive data

The lack of human interaction in remote companies

Adopting remote work poses many challenges, be it transparency, communication, reaction time, or even interpersonal issues. To tackle these, fast problem identification is key.

• Use the new Safetica work activity report to get a quick and comprehensive overview at your company and identify issues without unnecessary delays
• Stay in touch with your employees and check up on how they’re doing using our new Team Mood mobile feature

The challenge of securing work devices at home

Working remotely often means taking work devices away from work or working from personally owned mobile devices.

• Keep your company data secure when your users work from home with the Safetica Device Control, now also available for macOS
• Separate company and personal data on mobile devices with the new generation of Safetica Mobile which integrates Android Enterprise Mobile Management
• Support healthy work-life balance of your users with non-working hour settings also supported on macOS

Companies close their offices on a large scale and introduce home office for all their employees. Currently, the vast majority of all Czech companies have introduced working from home for up to several weeks. A survey conducted by the technological company Safetica shows, however, that most affected companies are not sufficiently prepared for these steps.

“Ordinarily only a few percent of companies allow home office, and even only for a part of their employees. Working from home to such an extent is an absolutely unprecedented step that, in most cases, has a fundamental impact on the functioning of your company. Many companies are far from equipped and prepared for this step. They are threatening internal data in particular,” said Petr Žikeš, CEO of Safetica, a company focused on company data security.

The most common problems include insufficient equipment for the employees. Up to 65% of all the companies let their employees working on their personal computers.

What the companies should be careful of?

Experiences with data security show that the remote connection option remains a major problem, e.g. using the Remote Desktop Protocol (RDP). Without any other active protection, RDP allows transferring files from the workstation to the home station from which the user is connecting, and thus it allows leaking files outside the working environment.

Experts point out that another critical point is setting the AD-controlled access privileges (see the box below) to specific systems, data, and applications within the company network, which are often not properly configured. A failure to do so may allow the user to access and thus compromise data to which he or she is not supposed to have access.

On average, one in ten companies in the Czech Republic has experienced sensitive data leaks 

In most cases, this is an unintentional behavior caused by negligence. “With the increasing number of people working remotely and even from their computer instead of their employer’s one, the chances of data leakage problems increase,” says Zikeš, noting also a decrease in the productivity being a side effect. “The problem is not only in the use of personal computers and mobile devices to work from home but also the connection to your home Wi-Fi. These networks are easy to break. Your employees often do not even know how to secure their home network,” points out Zikeš, stressing also that Safetica has also prepared a manual on how to prepare the company and its employees for working from home.

He notes that also Safetica has adopted a company-wide working from home: “As a technology company we have the advantage of being much better prepared for this type of work. But this is not the case in every company. This is what has led us to the idea of helping others in this situation. And that is why we have suggested recommendations on what measures to take when working from home.”

In the next few weeks, we will be launching a brand new version of Safetica DLP. The new features allow Safetica to keep up with the undeniable trend of using cloud services for storing and working with sensitive data.

Take a quick look at our webinar recording and find out more from our Safetica Team.

E-mail DLP policies for Office 365

We’re very excited to see that so many of our customers are adopting Safetica Office 365 features to get a better picture of their cloud data. We’re also excited to let you know that Safetica 9.5 is now taking Office 365 integration to a whole new level with the introduction of e-mail DLP policies for Exchange Online! Protect your data on whichever devices your users use to communicate. In addition to auditing e-mail sent from work computers, home computers, and mobile devices, you can now enforce DLP policies over data sent from them.

Data anywhere, improved

We’re still fully committed to our ‘data anywhere’ philosophy that we introduced last autumn, and we’re pushing it even further. Safetica 9.5 improves on the previously introduced persistent file tagging with metadata technology, making it more robust and ready for wide use. If you hesitated before, now is the perfect time to embrace the new Safetica classification to ensure the audit and protection of your data anywhere.

Try Safetica with Azure SQL

Early adopters of cloud technologies will surely appreciate that Safetica can now also run on Azure SQL databases. Enjoy the benefits of hosting your data in the cloud, such as scalability of storage and performance, and easier database backup. This makes for an attractive and powerful alternative to running a limited instance of Microsoft SQL Server Express.

Safetica 9.5 – The most important changes

• Email DLP policies for Office 365 / Exchange Online
• Revamped automatic Office 365 integration configuration
• Enhanced persistent file tagging using metadata-based context DLP technology
• Support for Azure SQL database hosting
• New built-in sensitive content templates for Brazil, Ecuador, Singapore
• Improved support of security groups and large Active Directory structures
• Improved support for end-to-end encrypted web sites, e.g. Telegram, WhatsApp, etc.
• Revised security issues, charts and summaries in the Security Audit report
• macOS device control in non-restrictive, alert-only mode
• Improved file audit and Safetica client management on macOS
• Coronavirus and home office