Financial Services Company

Business Challenge

  • Sensitive corporate information not secured
  • Data leakage reports not reaching the relevant people
  • Data leakage reports not detailed enough to follow up on
  • Not ensuring the productive use of Internet and computer facilities
  • Ineffectiveness of their existing endpoint productivity monitoring and DLP systems

With US$16 billion worth of managed assets, 3,000 employees and a reputation for propriety to maintain, Data Leakage Prevention was of paramount importance. The company had implemented Symantec’s endpoint DLP solution for protection of data and had locked down the PCs and laptops by limiting the applications and websites accessible (via IronPort) to those necessary for day-to-day operations. Despite this, data was being regularly leaked to the media and so the CEO requested an audit using e-Safe Compliance on 500 PCs under the direction of the Chief Integrity Officer.


The Solution: e-Safe Compliance

At the beginning of the audit, it quickly became apparent that, unlike e-Safe Compliance, the existing DLP system did not support the decentralized classification of sensitive data and so, over 50% of sensitive documents in the company were not protected. Implementation of e-Safe Compliance allowed for full coverage of sensitive data, via i) usage of the e-Safe Code Generator application by department heads, and ii) by allowing the end-users themselves to protect sensitive documents through a simple mouse click.
The review of the reports at the end of the audit period demonstrated the following major advantages of e-Safe Compliance over the existing system:
  1. With e-Safe Compliance, the department heads who had defined the rules were the ones who directly viewed the reports. In the existing system, the reports on the movement of sensitive data were centralized and reviewed by the IT department, which were ineffective.
  2. The reports produced by e-Safe Compliance contained detailed information regarding the context in which the sensitive information appeared as well as the associated event (to whom the information was sent, etc). As such the reports were actionable. However, the reports provided by IronPort and Symantec were limited to statistical data in the form of pie-charts.

  3. The sensitive documents were protected using Universal Encryption with user access controls and sandboxing of the viewing application. This meant that the contents of a document cannot be directly leaked by users even when that document is transferred to a 3rd party.

  4. e-safe Compliance provided a larger coverage than the existing system. Users who were getting around the existing system by using portable applications over 3G modems (smartphones) to view inappropriate material and unproductive websites were caught by e-safe Compliance

As a result of the audit, the company purchased e-Safe Compliance for all its PCs.
Data security and compliance for remote users

Allow employees to work from home without compromising sensitive data