“Continue securely in Silo”
The security team needed a solution for keeping their employees and data secure without impeding productivity or creating unnecessarily strict policies and governance procedures. They also recognized that even the strictest list of “banned” sites and ongoing employee education efforts could not fully protect the company from accidental exposure – a user clicking on a seemingly innocuous ad or being redirected to a compromised site could open the door to malware attacks. “We didn’t want to end up in the news because of a data breach or another cyber-related compromise,” explains the security officer. “We needed to look at the problem differently – how we could give our employees their freedom while ensuring that the business wasn’t exposing itself to threats.”
The Silo engineering team worked with the firm’s security leadership to create a solution that would help eliminate web-borne risks across the enterprise. Users responded favorably to the new setup – Silo provided a familiar browsing experience without the need to contact support every time they came across a restricted site. With single sign on (SSO) and automatic redirects to an isolated environment, Silo proved to be easy to use and scalable across the firm’s many affiliate locations.
When a user encounters a blocked page, a message on the screen offers them to “Continue securely to Silo”. Once the user chooses this option, a Prisma Access security service edge (SSE) platform seamlessly redirects them to a new isolated tab within their browser, where they can view a blocked site instantly, without having to create a support ticket.
“Typically, we block sites that we don’t want our employees to access while at work, such as gambling or gaming platforms, but what happens if one of our affiliates is looking to invest in one of these companies?"
-Silo’s comprehensive security controls also help manage file downloads and other user actions. Prior to downloading, each file is scanned using Silo’s anti-malware tools, followed by additional inspection by the firm’s Endpoint Detection and Response (EDR) security solutions. The firm also takes full advantage of Silo’s Data Loss Prevention (DLP) capabilities: to keep sensitive data from being inadvertently (or intentionally) leaked. The firm’s security team chose to disallow any content copy and paste into websites that are accessed through Silo. “We are very sensitive to the risk of data exfiltration – such as bulk uploads of customer account information onto potentially malicious sites through either user error or bad intent – and we use Silo to put in place security controls to prevent this from happening,” explains the security officer.
Another important security policy prevents the firm’s employees from downloading and accessing data from file sharing sites, such as a Dropbox or Google Drive. Prior to implementing Silo, users who needed access to these files had to request assistance from the support team to download and scan content for them. Today, file sharing site access is handled through Silo, and users are free to download content directly from these sources – with safety and compliance assured by Silo for Safe Access.
The implementation of Silo’s Secure Browsing has not only secured the vulnerable data of the firm, but has lessened the workflow burdens for all employees, including security.