Fasoo is a data-centric security software vendor that helps organizations protect unstructured data. Fasoo provides software to protect and manage valuable assets in the ever changing digital world. Below is our recent interview with Deborah Kish from Fasoo:
Q: What is the best way to describe Fasoo?
A: Since 2000, Fasoo has helped customers create a secure information sharing environment and simplified secure collaboration internally and externally. Its award-winning enterprise DRM (Digital Rights Management) solutions are securing more than 2 million users enterprise-wide through over 2,000 projects deployed worldwide.
Q: You’ve recently acquired cybersecurity Malaysia standards conformation. What does it mean for the company?
A: It means that we are expanding our participation in standards and gaining acceptance with global standards bodies. It also means that customers in Malaysia as well as in the Southeast Asia region can now leverage Fasoo’s Enterprise DRM technology to protect their information persistently. Our EDRM and other products will also ensure that our customers are in compliance with various national and international regulations including the Personal Data Protection Act (PDPA), GDPR, CCPA and PCI-DSS.
Q: What types of products do you provide to your clients?
A: Fasoo’s product line is extensive and focused on data-centric solutions. Its product names and capabilities are below:
- Fasoo Data Radar: Discover and Classify Unstructured data, Remediate findings and apply granular access controls
- Fasoo DRM: File based security solution to protect, control and trace sensitive documents
- Fasoo Smart Screen: Protects sensitive information displayed on monitors and screens through watermarking showing the screen’s location
- Fasoo Smart Print: Re-enforcing print security by blocking
- Fasoo Enterprise DRM for Mobile:
- Fasoo Risk View: User and Entity Behavior Analytics
- Fasoo Integrated Log Manager
- Wrapsody – Unified Content and Collaboration Platform
- Wrapsody eCo – Unified Content and Collaboration Platform for external document sharing
Q: What’s Data Radar and why did you develop such tool?
A: Data Radar is our discovery and classification tool. It finds unstructured data, classifies the file according to policies using regex and/or keywords, and automatically encrypts the file. Data Radar also manages user access and applies a unique identifier (called “Pac and Tag”) to each file which allows users to trace it at any time. The unique identifier stays with the file regardless of the file location, file type and who has accessed it. It also has a remote expiration feature that enables revocation of access to the file, regardless of location. This is important for companies that are required to keep files for a designated length of time and it can help them apply proper access controls when employees leave the company or a contractor’s contract has expired. The tool was designed because unstructured data is growing exponentially and can contain sensitive information. This could be information that is either subject to privacy regulations or valuable to the organization itself, such as intellectual property (IP). This is a problem because organizations globally do not know where their unstructured data is, therefore the information is not protected putting them at risk for a data breach, or perhaps a regulatory fine such as GDPR or CCPA.
The problem today is that, unstructured data represents 60-80% of any organization’s data and the bigger problem is this it is growing. Data is extracted from structured databases and saved on devices, shared with individuals both inside and outside the corporate environment for business purposes. And that is fine, as long as it is properly protected and that it is being accessed by and shared with those that need to do so and keep it protected from those that don’t. This is a very common problem with a very large number of organizations globally and with the growth in the adoption of cloud applications and infrastructures, this unstructured data can be anywhere. And it needs to be found. Even worse, it is more than likely unprotected. It hasn’t been encrypted, redacted, anonymized or other technology applied to ensure its being protected.
Q: Why do so many data loss prevention projects either stall or de-scope?
A: In my view, there are 3 root causes to why data loss prevention projects fail or de-scope.
The first root cause is that traditional unstructured data solutions started with the same approach and methodologies that legacy eco-system vendors used for network protection better known as “the network perimeter” approach. Essentially, this is building a protective wall at the perimeter of the network environment to keep intruders out. It is where things like firewalls, IDS/IPS, malware detection live using hardened configurations, software updates, and security policies reside. Security at the perimeter serves a very important purpose, but it doesn’t help much with unstructured data. Unstructured data needs to be handled differently because with adoption of cloud, the data can and does live beyond the perimeter. It is not kept in a secured database. Instead, it is alive, moving past the fading perimeter. And because of that, we need a different approach to how unstructured data is protected.
Another root cause is the implementation of location based point solutions. With new and changing privacy regulations, for example, GDPR and CCPA, we are now chasing the data. If we go back to the first root cause, the fading perimeter, data is moving. And because the data is moving, we have to chase it as it bounces from location to location, from folder to folder, from end point to end point, from cloud application to cloud application – in order to protect it. So now, companies have been deploying a patchwork of point solutions like Enterprise DLP, Cloud Access Security Brokers (CASBs), user and entity behavior analytics (UEBA) that have been adopted to satisfy a specific issue. This not only complicated data security and privacy initiatives, but led to projects that either stalled or descoped. It is difficult to manage multiple solutions under the best of circumstances, but trying to get them to talk to each other is frustrating, takes time and a skill set that most security teams don’t have.
And finally, varying technology approaches. The most common is using “rules-based” approaches which is fine, but they can be less effective because rules really just act on what users can or cannot do – so they essentially they either allow or block. They don’t focus on protecting the data itself. Another common technology approach is by applying encryption based on the location of the data, for example in a folder or on a server. This too, is fine but this is not effective for unstructured data because as I mentioned before, unstructured data is everywhere and it is constantly moving. Location is ubiquitous and difficult to track. In order to protect it, the controls applied must be location agnostic. There is also a dependency on file logs which is more folder centric and requires an extensive setting up of security auditing and audit file access and logon events steps. And assuming that all the parameters have been set appropriately like folder size, checking boxes, it will tell you who deleted what or who tried to access what, but what it doesn’t do is follow the folder. If you protect the file, that doesn’t matter.
Our webinar “Overcoming Unstructured Data Security and Privacy Choke Points” goes into more detail and can be viewed on our website here.
Q: What can we expect from Fasoo in the future?
A: Fasoo is seeing continuous improvement in its global market position, based on its unique technology, ongoing R&D and strategic approach to comprehensive product capabilities. We are continuing to expand our capabilities as well as our global footprint. We are getting ready to launch the second of the three part series of webinars, “How Granular Access Controls and User Behavior Analytics Close the Gap on Insider Threat”. Register here! We are also going to attend the ISMG Cybersecurity Event next month in New York as well as other security related conferences.Activate Social Media: