In their 2024 Endpoint Data Survey, SANS surveyed 169 security and IT professionals about where their organizations’ data exists and what is being done to protect it. One of the most fascinating data points they uncovered is that while 48-62% of organizations have policies prohibiting users copying various data types onto endpoints, 73-80% of those organizations found their users were bringing that data onto their endpoints anyway.

In this lively conversation between survey author and SANS instructor, Greg Scheidel, and CrashPlan CISO, Todd Thorsen, we explore:

• Reasons and implications of this endpoint data security gap
• The critical need for policies and controls that don’t sacrifice employee productivity for the sake of security
• An analysis of the financial, operational, reputational, and legal risks associated with data loss or compromise
• Practical considerations for handing sensitive data on endpoints