About The Customer
A global 100 engineering and electronics conglomerate had recently suffered loss of proprietary IP. With IP valued over $30 billion USD, and a workforce of thousands of scientists, engineers, and technicians on five continents, they understood they were an attractive target. Their current systems were unable to stop the breach or identify the perpetrator.
The Business Challenge
The company used multiple applications both commercial and proprietary in the design process, with a custom-built repository storing most of the documents. Classifying data was critical, yet the software wasn’t used outside the organization, so integrations with commercial tools did not exist. In addition, with a global workforce, emails and text files could be in any one of several languages - traditional scanners could not classify these easily.
The company’s competitive advantage could only be maintained by making data freely available to authorized users, and multiple users required access to the same data, but with different privileges. Building data silos for each group was inefficient and difficult to maintain.
Finally, some users needed the ability to move data to business partners by email or removable drives. Encryption was required, but difficult to enforce. The company wanted anyone moving data to provide written justification, and if approved, the data would be encrypted and stored on approved devices.
Critical Success Factors
- Improve data sharing across a global workforce while preventing IP loss
- Classify data in multiple formats and languages quickly and accurately
- Enforce appropriate use of data by users with varying privileges
- Allow authorized users to move data, but only with appropriate and recorded justification
The Solution
The customer’s first task was to discover and classify all data. With support for 90 languages, Fortra™’s Digital Guardian® could work with each of their offices to ensure appropriate coverage. For their proprietary information repository and SAP systems, the customer used Digital Guardian’s classification API to build their own auto-classification rules. This complemented Digital Guardian’s built-in context-based data awareness and content inspection features for a comprehensive data classification foundation.
Digital Guardian worked with the customer to build policies that properly reflected data use policies. This included use of a “Prompt” mode when risk could be introduced by a user’s action. Prompt mode blocks the action, prompts the user to enter justification in a form, and records all actions in a forensic-quality event log. Prompting was implemented when a user attempted certain actions for copying, printing or attaching classified files.
In addition to prompting, Digital Guardian prevented the use of unauthorized devices. Only company approved devices with authorized serial numbers were allowed, so that data could be tracked after removal. Finally, Digital Guardian encrypted the classified files automatically. With encryption applied, decryption was restricted to workstations that host the Digital Guardian agent.
The Results
Digital Guardian’s solution exceeded the organization’s requirements and expectations. It allowed authorized access to data without extra steps or latency, and desktop and server agents enforced policies at the endpoints, where data was most vulnerable. Evidentiary-quality event logs allowed visibility into where all data was and how it was used.