Ian McKinley, CEO
Increasing reliance on third-party applications, mobile devices, cloud connectivity, and remote work environments has opened doors for a rising number of data breaches, primarily resulting from insider activities. In fact, the situation has already reached a point where internal threats account for more than half of all data breaches. However, most companies continue to invest a lion’s share of their time, effort, and resources on protecting against external threats. They need to rehash their strategies in today’s era dominated by various strict privacy policies such as GDPR that impose hefty fines for data privacy non-compliance. “Companies must pay close attention to their employees’ behavior and skills in handling sensitive data to combat the rising security challenges,” says Ian McKinley, the CEO of e-Safe Systems. The concept of ensuring that enterprises are safe from data breaches by providing robust people-centric solutions to secure data, rather than a purely blocking approach, began with us in the UK and now the company has extended its activities in the commercial arena with offices and R&D facilities in South East Asia and Australia.
Since entering the commercial market in 2011, e-Safe is founded on the belief that workplace activities are never black and white. To that end, the company’s threat management solutions help 95 percent of users who are doing the right thing to get on with their job unhindered while still providing protection against the 5 percent of those whose activities either willfully or accidentally present a threat. “Traditional data leak prevention (DLP) relies on rigid blocking schemes, which hinder productivity. e-Safe’s people-centric DLP implements a protection regime based on education, trust, and verification,” mentions McKinley. Malicious user actions are detected using machine learning user behaviour analytics, and detection time is greatly reduced by empowering the information owners themselves to be part of the monitoring process.
To protect sensitive data, e-Safe provides assistance with the four key stages. First relates to the classification of sensitive data where e-Safe offers both centralised as well as decentralised rule creation.
We work on a system based on education, trust, and verification so that data can remain secure while ensuring that employees can maintain high levels of productivity and flexibility
Information owners using the information tagging utility can categorise large amounts of information themselves, without involving the central administrators, and create DLP rules. Second includes the discovery of where that data is stored. e-Safe uses its server-side scanner technology to scan existing and new information being created in file servers, databases, and SharePoint. Information detected is classified according to the relevant rules and its usage is tracked.
Third relates to the monitoring of that data. It is vital that not only central security receive alerts regarding the usage of sensitive information but also the data owners, departmental heads, get timely information on who is doing what, how, and when, with their sensitive information. It also relieves the central security team from the task of sifting through mountains of data to sort the real concerns from the false positives.
In the final element, e-Safe provides prevention or protection by offering the option of implementing a traditional DLP blocking option or an integrated encryption to protect sensitive data from access by unauthorised users, both internal and external, while still allowing staff to work and collaborate productively.
The company has successfully deployed its monitoring and data protection system to enable a child welfare monitoring service for a million students in the UK; ensure data protection in the defence supply chain and healthcare organisations in Australia; protect classified information for major security organisations in South East Asia, as well as financial institutions, service providers, distribution companies, manufacturers et al..
e-Safe is expanding its offering by including one-time risk assessments based on compliance with privacy regulations. Through its DLP-as-a-service, it offers monitoring to its clients. The company is also working on implementing browser-based dashboards for a more interactive experience. In addition, the company is looking to expand further into Europe and North America while strengthening its position in ASEAN and ANZ.