Organizations everywhere increasingly interact online. Employees are now used to communicating with colleagues, suppliers, customers, contemporaries, and more via a range of communication tools including email, collaborative documents on Google Drive or Jira, and platforms such as Slack.
<>Privacy requirements mean that many of these tools are encrypted, and there are limited ways to control the flows of information that travel through them. The traditional approaches to securing them are unpopular because of the time they take to set up and because they all too often prevent work from happening. This has led to a security nightmare where security teams have no control over information flows.
That was in the past, anyway. At Reco, we do things differently.
What is Reco?
At Reco, we know that collaboration tools speed up workflows. We also know that securing those workflows shouldn’t slow them down.
That’s why we built our collaboration security engine to understand your business context to enable employees to carry out their day-to-day tasks without interruption, while management can be confident that no data leaks are taking place.
How does Reco work?
Reco reads the metadata, but not the content, of the different communications taking place between employees, across teams, and externally with customers, suppliers, or other stakeholders. Using the information it learns, Reco maps the relationships between individual employees and builds a business context justification that is then used to assess every new interaction going forward.
The business context justification (more about this below) then enables Reco to raise an alert for any activity that falls outside the legitimate context. For example, if a file is sent to the wrong person, Reco will flag it for attention for the security team to evaluate and remediate.
Legitimacy is at the root of Reco
Legitimacy is how we model the probability of data exposure and is what makes Reco unique.
Our security model is built on two simple principles: the probability of data exposure (including the legitimacy of the action), and the business impact of the action (used to automatically classify, label, and map sensitive assets).
Legitimacy establishes that an individual is authorized to perform an action. Reco believes that if the person performing an action doesn’t have the legitimacy to perform that action, there is a higher risk that sensitive assets will be exposed to an unauthorized audience.
Business impact is an estimate of the potential negative impact to a business or their customer caused by a security incident. These business impacts can include financial, reputational, or operational impacts, and any asset that the AI engine understands can lead to this impact is marked as classified and mapped as sensitive.
The two principles are then put together to provide the business context justification.
Business Context Justification: A progressive approach to establishing the legitimacy of an action
The Business Context Justification is a result of the calculation of the risk of exposure and the impact of that exposure. We define the calculation as follows:
Level of business impact x Probability of data exposure = Risk level of an unjustified event
The business context justification (BCJ) understands the reasoning behind every action. Using the BCJ, Reco can then keep track of changes within the business, identifying legitimate actions as soon as they occur, and alerting for any actions that the algorithm judges as illegitimate instantaneously.
What makes Reco different?
With Reco, we are moving collaboration security into a new era, one that is able to understand the pain points of previous attempts to secure collaborations between people, and address them so that employees are empowered to do their jobs.
Just some of the solutions that Reco brings to traditional data loss prevention or anomaly detection systems include:
Legitimacy as a starting point
Under previous security models, anomaly detection would immediately classify any new or different action as an unauthorized action and prevent it from being completed. This was extremely unpopular as it would stop the action and prevent business from flowing.
By contrast, Reco looks for the legitimacy in a new or different action from the start, reading the context around the action, and allowing it to complete. Only if it can’t identify a legitimate case for the action will it raise an alert.
Dynamic and agile
In today’s world, you can’t apply static rules to a remote/ hybrid organization. Businesses are constantly changing as new deals, employees, or partners come on board. Traditional models with their static rules fail to keep up as they take human time and effort to adjust.
Reco is a dynamic model. The AI engine constantly monitors the network, reading and understanding the metadata of interactions and building new contexts around them. As a result, it is able to allow new interactions to complete seamlessly.
No lengthy classification exercises and endless lead-in time
Traditional data security models often fail because they need somebody to classify every single item of data in order to protect it. And this process is never-ending as new data is created all the time.
The future of collaboration is secure. The future is Reco.
Secure your collaboration tools with Reco.
Want to know more about collaboration security and how Reco can help your business work more securely?
Tal has a Ph.D. from the school of Electrical Engineering at Tel Aviv University, where his research focused on deep learning, computer networks, and cybersecurity. Tal is also a graduate of the Talpiot Excellence Program and a former head of a cybersecurity R&D group within the Israeli Prime Minister’s Office.
A quick glossary of terms:
Collaboration security as we know it is new to everyone. We use many new terms in this blog, and we didn’t want to interrupt the flow, so we provide our definitions here:
Collaboration security refers to security measures that ensure that employees use collaboration tools securely. Read more about collaboration security here.
Legitimacy establishes that an individual has the authorization to perform an action. If the person performing an action doesn’t have the legitimacy to perform that action, there is a higher risk that sensitive assets will be exposed to an unauthorized audience.
Business context is the map of interactions between employees and assets.
Business context justification
Business context justification is the understanding of the reasoning behind an action, and therefore whether the action is legitimate.
Subscribe to the newsletter
Subscribe to receive the latest blog posts to your inbox every week.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.