Verizon has been assisting enterprises with DLP projects for years - strategy, design and implementation.
Our customer-centric approach means we help you select the DLP vendor that will be best for your needs. As a result, we have experience (and relationships!) with most of the major DLP technology vendors: McAfee, Symantec, RSA, Websense and CA.
Data Loss Prevention (DLP) - Case Study of One of the Largest Deployments in the World!
1. CASE STUDY
FINANCIAL SERVICES FIRM BANKS
ON DATA LOSS PREVENTION SOLUTION
TO SECURE SENSITIVE INFORMATION
A Fortune 25 financial services firm delivering a variety of banking services in more than 100
countries needed to protect the data traveling to and from its 400,000+ endpoints, and ensure that
sensitive information was securely transmitted and safe from unauthorized copying, transfer, and
misuse. Since the endpoints spanned multiple countries, languages, and legal jurisdictions, it was
critical the firm employ a data loss prevention (DLP) strategy that met regional legal and regulatory
requirements; enforced data protection policies with full governance; and educated end users on the
proper transmission and usage of data.
A DAUNTING TASK DEMANDS EXPERIENCED HANDS
Lacking the experience to manage a DLP implementation of this scope, the firm sought
a qualified partner to help it select a vendor to meet current and future data protection needs.
It was important the advisor have global reach, proven security expertise, and international staff
well versed in information security requirements. The financial services firm called on Verizon’s
professional security services consultants to validate and expand on their initial selection criteria,
conduct a vendor selection process (including onsite viability of available solutions), and recommend
a solution that would satisfy functional and operational requirements, meet deployment timelines,
and yield quantifiable results.
SETTING THE STAGE FOR A SEAMLESS IMPLEMENTATION
Using its proven operational maturity mode—which includes a methodical approach to determine
a client’s stage of development and adoption of a DLP strategy—Verizon was able to help the firm
determine the necessary level of support. This allowed the firm to verify that existing data loss
prevention measures were validated and acceptable, and avoid duplication of measures already
taken and the associated consulting expense.
Verizon determined the firm met requirements for the “Acquiring” stage and helped the client
establish a plan to put an effective DLP strategy in place. This included a methodical review
of use cases modeling not only specific information types and uses, but illustrating how the firm
would need to support engineering, reporting, monitoring, auditing, internationalization,
and associated duties to secure such data.
2. ACQUIRING STAGE: RIGOROUS VETTING THINS THE CANDIDATE POOL
Vendors most capable of meeting the firm’s requirements were invited to participate in an on-site
proof of concept (POC) effort. Verizon identified regulatory and vendor management requirements
during this effort, and made recommendations to the firm by evaluating both vendor criteria
and execution capability.
Key factors in this recommendation included the vendors’ ability to:
• Deploy and operate effectively in the client’s virtualized environment
• Separate duties between incident analysts operating in different countries
• Support the volume of reporting required
• Provide discovery capabilities related to large data sets
• Integrate with the firm’s existing systems
DEPLOYING STAGE: VALIDATION AND PLANNING EQUAL CONFIDENCE IN EXECUTION
Receiving clear planning documentation from Verizon based on the operational maturity model,
the firm was able to choose a vendor that could meet their specific needs, track clear progress,
and move to the “Deploying” phase of the DLP implementation with confidence that their appropriate
policy and regulatory requirements were met.
During this stage, Verizon supported engineering validation tasks on all components of the chosen
vendor solution and conducted initial User Acceptance Tests (UATs) and pilot deployments to confirm
proper functionality. Beyond that, Verizon helped develop and execute a staged global deployment of
all systems associated with the DLP solution, across multiple countries.
DATA LOSS PREVENTION: OPERATIONAL MATURITY STAGES
Verizon’s operational maturity model allows for greater understanding of where a client
resides in its progress toward an operational DLP deployment. Using targeted analysis,
Verizon can help create a plan to help clients meet appropriate prerequisites for each
stage—and move toward achieving fully operational, validated, and auditable DLP programs
with set processes and educated staff. Stages include:
• Exploratory: Client is exploring DLP benefits, provides “spot” DLP solutions
or has no DLP solutions currently in place
• Acquiring: Client is evaluating and developing plans for DLP acquisition
• Deploying: Client has acquired and is implementing the solution,
in early stages of maturity
• Operationalizing: Client is developing governance processes and structure
for a mature, validated, and auditable system
• Maturing: Client is adding new functionality, developing processes,
and implementing advanced discovery/control policies
• Steady State: Client is already operating DLP processes using defined
and documented structures
3. OPERATIONALIZING PHASE: CHECKS, BALANCES, AND EDUCATION STRENGTHEN
THE DLP SOLUTION
Understanding that deploying a DLP tool without appropriate education or controls can result
in unregulated access to sensitive information, Verizon worked with the client as it moved into
the “Operationalization” phase to put proper governance, operational, and administrator frameworks
in place to help ensure business processes ran smoothly.
As part of this phase, Verizon coordinated the establishment of a governing body to oversee
and approve policy, reporting, and remediation efforts to maintain consistency, auditability,
and growth of the DLP deployment. Verizon also developed detailed training materials
and a communications plan to educate employees about the DLP solution and its impact
on the enterprise.
MATURING PHASE: INSIGHT AND STRATEGY YIELD POSITIVE RETURN ON INVESTMENT
This helped move the firm to the “Maturing” stage of its DLP deployment, during which, with the
proper insight, clients may develop more complex strategies, increase tool adoption, and get
the most value from their DLP solution. During this phase, Verizon worked with the firm to integrate
their existing DLP solution into their larger security program, while also helping the organization
adopt additional DLP capabilities.
To do this, Verizon consulted on the development of incident and log analysis tools; supported the
creation of a policy request process; advised on scanning strategies; developed advanced detective
policies; and helped create governance and training documents for discovery scanning teams.
Additionally, Verizon coordinated and assisted in system validation, installation processes,
and global deployment strategy—including engineering, governance, operational, regulatory
and employee education support.
STEADY STATE STAGE: MAINTAIN OR AUGMENT THE DLP DEPLOYMENT WITH ONGOING SUPPORT
A stage in which a client maintains ongoing operations of a matured DLP solution, the “Steady State”
is achieved when DLP analysts, engineers, and system owners conduct regular tasks using the tools
and processes created throughout the operational maturity cycle.
Verizon works with clients toward achieving this phase through the development of transition
tasks, resource documents, and workshops. Additionally, Verizon offers personnel, connectivity,
and cloud-based systems to help businesses of all kinds support ongoing operations.
LASTING BENEFITS ON A GLOBAL SCALE
The firm was ultimately able to execute and maintain a DLP deployment that yielded:
• An operable means of addressing security compliance requirements across every region
in which the client does business
• A governed approach to protecting enterprise data in its various states, whether traveling across
endpoints, in use, or being stored
• Knowledgeable employees and administrators, continuously educated about security trends
sand requirements to maintain compliance, secure data and protect corporate reputation
• Methodical vendor selection guidance helping manage related expenses
• A worldwide approach to data security, implemented at both the local and global level.
ENVISION A MORE SECURE FUTURE
To learn more about protecting your enterprise with Data Loss Prevention services,
contact your account manager or visit verizon.com/enterprise