RSA Customer Profiles: RSA Data Loss Prevention - Israel

RSA Customer Profiles:
RSA® Data Loss Prevention (DLP)
RSA® Data Loss Prevention (DLP)
case studies by region
North America
Array Services
BECU (Boeing Employees’ Credit Union)
EMC Global Security
Lockheed Martin
Microsoft
PREMIER Bankcard
Regional Healthcare Provider
State Government Agency
U.S.-Based Federal Agency
South America
Tivit
Click for industry index
RSA® Data Loss Prevention (DLP)
case studies by industry
Click for region index
Banking and Financial Services
Services
BECU (Boeing Employees’ Credit Union)
Array Services
PREMIER Bankcard
Technology
Government
EMC Global Security
State Government Agency
Microsoft
U.S.-Based Federal Agency
Tivit
Healthcare
Regional Healthcare Provider
Manufacturing
Lockheed Martin
ARRAY SERVICES
Professional Services Firm Boosts
Security with RSA Technologies
AT-A-GLANCE
Key Requirements
–– One security platform for
monitoring and reporting of all
SSAE 16 controls to support PCI
DSS and HIPAA
–– Flexibility to cope with
heterogeneous technical
infrastructure
–– Ability to identify and mitigate
risks and threats in real time
Solution
–– R
SA enVision® SIEM collects,
analyzes, and prioritizes security
events from across the enterprise
IT infrastructure
–– R
SA® Data Loss Prevention (DLP)
Suite automatically identifies,
monitors, and blocks sensitive
information from leaving the
organization
–– R
SA Professional Services
provided customization services
Results
–– Able to prove continuous compliance
with industry regulations
–– Automated security practices enable
the Security Operations Center to
focus on higher-valued tasks
–– Improved security posture positions
Array Services more competitively
CUSTOMER
PROFILE
“If our customers can’t trust us they won’t do business with us –
so having security systems that we can place our own trust in is
essential. This is where RSA’s technologies, and the insightful
support from its team, have been so important. We have total
confidence in the security technologies we have deployed.”
KEITH SWINGLE, IT DIRECTOR, ARRAY SERVICES
Array Services Group Inc. comprises four separate companies, all based
on a single campus in central Minnesota. CareCall, ProSource, JCC
Medical, and JCC Financial offer solutions focused on customer service,
revenue cycle management, and debt recovery and collections,
respectively. The Group’s customer base is spread across a wide
range of industries, including healthcare and financial services.
KEY REQUIREMENTS
As a provider of critical professional services that touch upon a number of business areas
and processes for its customers, Array Services Group Inc. often handles sensitive data. This
includes personally identifiable information (PII) and credit card information that are
covered by strict industry regulations like the Healthcare Information Portability and
Accountability Act (HIPAA) and the Payment Card Industry Data Security Standard (PCI DSS).
In order to provide its customers with additional peace of mind, Array Services also
wanted to demonstrate its alignment with Statement on Standards for Attestation
Engagements (SSAE 16) attestation requirements. This required the organization to show
it could aggregate logs and correlate events across its entire IT environment – a
significant undertaking given that these systems include a heterogeneous mix of Linux
and Windows systems.
“We needed a solution that could handle the diversity of our technical ecosystem and
create a centralized point of reference for all our security and compliance obligations,”
summarizes Keith Swingle, Director of Information Technology, Array Services. “By
implementing such a solution, we hoped to attract new customers as well as provide
our existing client base with an added layer of protection against risk.”
SOLUTION
Having successfully used RSA® SecurID® hardware tokens to provide approximately 100
employees with remote access to its VPN for over seven years, Array Services Group naturally
considered RSA – The Security Division of EMC – to provide its new SIEM and DLP capabilities.
“The RSA enVision platform
proved to be the best fit for
our organization, as it met
our requirements around
functionality and ease-of-use.
The fact that it integrated
smoothly with our
heterogeneous infrastructure
was also a crucial factor that
made the RSA solution stand
out from the competition.”
BRENT BENSON, SENIOR SYSTEM
ADMINISTRATOR, ARRAY SERVICES
GROUP INC.
“We investigated the RSA enVision security information and event management (SIEM)
platform, and compared it against a number of other options,” says Swingle. “It proved to
be the best fit for our organization, as it met our requirements around functionality and
ease-of-use. The fact that it integrated smoothly with our heterogeneous infrastructure
was also a crucial factor that made the RSA solution stand out from the competition.”
Implementation of the RSA enVision platform was undertaken with support from RSA
Professional Services. The teams worked together to configure the technology in line with
the organization’s specific needs. This meant not only creating a centralized repository
for all log and event information from across the three corporate environments, but also
developing a specially tailored and intuitive interface from which each business
environment can be viewed.
Once the solution was installed and configured, the Array Services Group team was
interested to see how RSA could help them better meet some of their other security
responsibilities.
Brent Benson, Senior System Administrator, Array Services Group Inc. explains: “We
operate in the collections and recovery space, which means we handle a lot of PII on
behalf of our clients. As well as stopping unauthorized individuals from accessing this
data, it’s equally important that we don’t allow it to leave our network unsecured – for
example in an email or on a USB stick. This is where RSA’s DLP solution came in.”
It was with this in mind that Array Services ran a proof of concept of the RSA Data Loss
Prevention (DLP) Suite, covering Array’s network egress points and approximately 300 end
points. “We created our own set of policies to determine how potential breaches are dealt
with,” says Benson. “For example, if someone sends an email containing sensitive
information, we can either stop it immediately, re-route it to the individual’s manager, or let
it go through while notifying the individual so they can modify their behavior next time.”
The team also uses RSA DLP Datacenter to identify where sensitive data is located across
the organization. “Often knowledge of where documents are kept is lost as people move
on, so without spending many man-hours physically searching for it, it’s hard for us to
know where sensitive information might be held,” reflects Benson.
The outcome of the 30-day RSA DLP proof of concept was eye-opening, as Keith Swingle, IT
Director, Array Services, recalls: “I still remember the reaction we received when we reported
the risk areas that the DLP solution had brought to light. It made us aware of the scale of the
risk we faced, but at the same time it gave us the tools we needed to mitigate it.”
RESULTS
Since deploying the RSA enVision platform, Array Services Group is able to show that it
has significant and meaningful controls in place to align with PCI DSS, HIPAA, and many
other government and industry requirements as documented by their current SSAE 16
attestation. “Some regulations require an organization to prove compliance at the time of
audit and then may not be checked again. However, we can now show our customers at
any time that we have strong measures in place to protect their business-critical data,”
says Swingle. “This peace of mind is important to ensure that existing customers stay
with us and that new ones feel they can depend on us.”
page 2
The addition of the RSA DLP Suite has also made a significant impact. The team is now
able to gain detailed insight into the location and flow of sensitive data across its
business units, at the push of a button. “We used to rely on time-consuming manual
scanning for at-risk PII data,” Swingle continues. “Now we can deploy our grid-computing
network of up to 300 PCs to carry out DLP activities on a massive scale, covering
terabytes of data automatically.”
Swingle and Benson sum up the benefits of the two solutions as being able to offer the
strongest available security for their customers’ data along with enhanced auditing and
reporting for management.
They conclude: “At the end of the day, if our customers can’t trust us they won’t do
business with us – so having security technology that we can place our own trust in is
essential. This is where RSA’s technologies, and the reliable and insightful support from
its team, have been so important. We have total confidence in the technologies we have
deployed and are already considering adding more complementary RSA solutions – such
as the RSA Archer™ GRC Platform – to our environment.”
CONTACT US
To learn more about how RSA
products, services, and solutions help
solve your business and IT challenges
contact your local representative or
authorized reseller – or visit us at
www.RSA.com
www.rsa.com
©2012 EMC Corporation. All rights reserved. EMC, the EMC logo, RSA, the RSA logo, Archer, enVision, and SecurID
are trademarks or registered trademarks of EMC Corporation in the United States and/or other countries. All other
trademarks referenced are the property of their respective owners. ARRAY CP 0212
BECU (BOEING EMPLOYEES’
CREDIT UNION)
Fourth largest US credit union sets standard
for secure growth with virtualization
“With more opportunity for virtualization and more reliable
automated security monitoring, we’re able to accelerate our IT
team’s productivity. Time spent on managing our environment
has been cut by about 33 percent.”
AT-A-GLANCE
RANDALL JARRELL, INFORMATION PROTECTION ANALYST, BECU
Key Requirements
–– Create ability to discover, monitor
and secure sensitive data in virtual
desktops
–– Collect logs and generate reports
to ensure compliance
–– Ensure sensitive data is not lost
through data leakage
Solution
–– Security Information and Event
Management (SIEM) platform
collects and correlates security
and compliance events
–– User actions monitored and flagged
when they attempt unauthorized
actions
–– Both platforms integrated smoothly
with each other and the VMware
virtual environment
Results
–– Time saving of 33 percent enables
IT team to focus on innovative
projects rather than system
management
–– System is now compliant with
stringent auditor requirements
–– Capability to build extensive,
secure virtual environment
supports business growth strategy
CUSTOMER
PROFILE
Governed by a volunteer Board of Directors, BECU is a not-for-profit credit
union owned by its members. Earnings are returned to the members in
the form of better rates and fewer fees. With more than 650,000
members and more than $8.9 billion in assets, BECU is the largest credit
union in Washington and one of the top five financial cooperatives in the
country. BECU currently operates over 40 locations in the Puget Sound
region. All Washington state residents and students attending
Washington colleges and universities are eligible to join.
KEY REQUIREMENTS
Successful business growth requires a robust IT infrastructure and BECU was committed
to ensuring its resources were as strong as possible in all respects, particularly with
regards to security.
BECU must meet requirements set by the NCUA. The NCUA requires reference to log
archiving and management. To do this BECU needed to discover, monitor and secure
sensitive data on both physical and virtual desktops. Randy Jarrell, Information Protection
Analyst, BECU, explains: “Our strategy is to increase IT efficiency by virtualizing both
servers and desktops. As well as being simpler to manage, virtualization will enable
remote working and support our business continuity plan. With RSA we can roll out our
virtualization strategy securely.”
In addition to monitoring and alerting to security breaches from incoming threats, BECU
wanted to ensure sensitive data was not lost through data leakage. “When arranging
mortgages for our members or helping law enforcement with fraud investigations, for
example, a lot of sensitive data is shared and we need to make sure it doesn’t go
anywhere it shouldn’t,” says Jarrell.
SOLUTION
To meet these challenges, BECU knew it needed to deploy an integrated security
information and event management (SIEM) solution and Data Loss Prevention (DLP)
platform that would perform well with its VMware virtual environment.
“We always try to stay ahead
of the game when it comes to
compliance, and working with
RSA on this project means
that we remain ahead of the
curve. The auditors have been
impressed with the detailed
reports and logs we’re able
to produce on demand now.”
RANDALL JARRELL, INFORMATION PROTECTION
ANALYST, BECU
Having worked with RSA, The Security Division of EMC, before, the credit union chose to
run a 30-day test of the RSA enVision® SIEM platform. “We liked the fact that the solution
enabled us to sort and store log information from many different devices,” comments
Jarrell. “We can collect and correlate security and compliance events across virtual and
physical environments.”
Following the successful trial, the platform was deployed across 1,000 devices, handling
about 5,000 events every second. The credit union quickly wrote correlation rules that fit
with its own security requirements, so that the system sends alerts when deviations from
baseline levels or patterns of malicious activity are detected.
Shortly after this SIEM deployment, BECU also deployed the RSA DLP Suite. Users are
informed if they attempt unauthorized activity, educating about information security and
helping them take immediate corrective action to protect sensitive data. The solution
also enables BECU to discover sensitive information on virtual desktops, enforcing a
single data security policy across both physical and virtual environments.
Integrating the two solutions was carried out quickly and smoothly. Jarrell recalls: “It was
a single box, so all we needed to do was point it at an IP address and the DLP platform
started sending its logs to the SIEM platform.” In this way, BECU was not only enforcing
a cohesive security policy, but generating cohesive reports and logs as well.
RESULTS
“We always try to stay ahead of the game when it comes to compliance, and working with
RSA on this project means that we remain ahead of the curve,” says Jarrell. “The auditors
have been impressed with the detailed reports and logs we’re able to produce on
demand now.”
CONTACT US
To learn more about how RSA
products, services, and solutions help
solve your business and IT challenges
contact your local representative or
authorized reseller – or visit us at
www.RSA.com
At the same time, the scalability and reliability of the integrated virtual solution means
that the credit union’s IT resources are now able to support its strategic business goals.
The amount of data it has processed and recorded so far this year has been compressed
into just 500GB, which is relatively small for an organization of BECU’s size, leaving
plenty of room for growth. Meanwhile, call center workers are able to work from home
using virtual desktops, making them just as productive but offering them greater
flexibility and creating a back-up working model for business continuity.
The ability to view and report on activity across the corporate infrastructure now means
BECU can identify broken processes, clean up data scattered across its Sharepoint files
and apply stronger encryption tools where necessary.
“With more opportunity for virtualization and more reliable automated security
monitoring, we’re able to accelerate our IT team’s productivity too,” Jarrell points out.
“Time spent on managing our environment has been cut by about 33 percent. This is the
equivalent of taking one person from full-time monitoring of the security platform and
putting them on projects that drive the business forward instead.”
www.rsa.com
©2010 EMC Corporation. All rights reserved. EMC, RSA, RSA Security, the RSA logo, RSA enVision and RSA Data
Loss Prevention Suite are the property of EMC Corporation in the United States and/or other countries. All other
trademarks referenced are the property of their respective owners. BECU CP 0910
EMC GLOBAL SECURITY
Secure virtualized environment bolsters
EMC’s industry-leading reputation
AT-A-GLANCE
Key Requirements
–– Accurate, real-time fraud/threat
detection with minimal impact to
user experience
–– Secure, centralized access
management of remote data
centers worldwide
–– Automated log collection, analysis,
and reporting
–– 24 x 365 anti-fraud cybercrime
operations
Solution
–– Platform that connects remote data
centers to centralized fraud/threat
management tools
–– System that operates over existing
Internet connection using
virtualization
–– Role-based access management,
backed by anti-fraud response
Results
–– Secure access to the isolated data
centers from within the corporate
EMC network, while maintaining
isolation and audit trails
–– Achieved security-policy
requirements while adding industryleading service to EMC portfolio
CUSTOMER
PROFILE
“We have built a secure, common platform that enables our
administrators to manage EMC’s remote data centers spread
around the globe using virtual desktops. The solution we
have developed, the Secure Management Infrastructure, uses
cutting-edge technologies from RSA and VMware to allow us to
accelerate the development of new products by reducing the
go-to-market time when a business unit needs to leverage a
non-traditional (SaaS, cloud, or managed service) data center.
It has repeatedly proven its value.”
DAVE MARTIN, SENIOR DIRECTOR, GLOBAL SECURITY ORGANIZATION
The EMC Global Security Organization (GSO) oversees information
security, risk management, and workforce protection practices for all of
EMC. Their charter is to ensure that best-practice security operations are
in place to protect both corporate and customer information. They also
ensure that security policies and compliance programs are enforced. The
Secured Business Services (SBS) department of GSO was developed as
part of the company’s commitment to secure EMC’s and RSA’s externally
hosted or customer-facing products or applications. SBS is comprised of
product specialists and security practitioners focused on the unique
needs of those EMC business units needing to provide outsourced
services (SaaS) to customers.
KEY REQUIREMENTS
EMC has grown into a world-leading enterprise through astute strategic insight,
development of market-leading technologies, and the acquisition of companies with
complementary technologies.
Since 1993, EMC has acquired more than 45 companies, including Legato, RSA, and
VMware. However, these new acquisitions, combined with emerging technologies such as
SaaS and cloud, complicate the traditional data-center-operation model by moving out of
direct IT control.
To maintain best-practice IT policy, access to production servers or systems must come
from a dedicated network, use two-factor authentication, and be completely auditable.
With internal EMC data centers, GSO ensures these requirements are met through
standardized security controls.
In the past, remote data center access was accomplished via complete network
segregation, achieved using duplicate networking devices and requiring each user or
administrator to have another PC available for that purpose only. Since the PCs were not
connected, data transfers between the two environments were commonly performed
manually with a USB stick or CD-ROM. This compromised internal EMC security policy
because there was no audit trail. Because of this and similar issues it became obvious
that the same processes used for internal administration could not be used externally
without major changes that would result in disruption for legacy IT servers.
SOLUTION
GSO tasked the SBS group to develop a solution that would leverage EMC’s and Cisco’s
comprehensive set of technologies and expertise. SBS’s task requirements were defined
as follows:
–– Develop a self-contained environment comprised of standard IT and security tools.
–– Ensure that centralized auditing, logging, monitoring, and event escalations are in
place for audit compliance and production resiliency.
–– Ensure that customer transactions using the front end of a remote data center are not
adversely impacted by management traffic on the back end.
–– Ensure isolation is maintained between customer, administration, and corporate data.
SBS developed a blueprint that focused on virtualization technologies to create an
environment that would provide access to an external data center. SBS also felt it was
equally important to extend the virtualized concept to other use cases within EMC such
as private clouds and Professional Services.
By breaking down these requirements, SBS identified the technical challenges it believed
could be overcome by applying its own expertise and utilizing the technologies within the
EMC products:
–– Development of a private networked environment that would be secure and low-cost
–– Creation of virtual hosted applications and services for internal businesses and users
–– Deployment of automated self-configured clients in virtualized user-pool environments
SBS then developed a ground-breaking infrastructure that provides secure management
access to the data centers. It is based on EMC CLARiiON storage, VMware virtualization,
RSA security solutions, and Cisco VPN technologies.
The Secure Management Infrastructure was achieved by implementing VMware ESX
servers to host multiple security and IT applications on virtual servers and the
deployment of VMware View virtual desktop. The virtualized desktop environment is
accessible from the EMC corporate network while providing secure access using site-tosite VPN tunnels and firewalls to provide separation to the data centers. Now EMC users
and administrators can securely access the remote data centers through virtualized
desktops and from a position of centralized security administration.
Additional EMC security technologies were deployed to ensure security across the areas
of authentication, security event incident management, and data loss prevention. To
ensure proper credentialing and to meet compliance/audit controls, users are only
allowed access to predesignated data centers using RSA® SecurID®.
page 2
The RSA Data Loss Prevention (DLP) Suite was also implemented to ensure that the
network traffic between the external RSA data center and EMC internal sites is monitored.
RSA DLP Suite provides a policy-based approach to classifying and securing sensitive
data as well as enforcing controls and delivering reporting and auditing capabilities.
RSA enVision® captures security information and events from the security appliances and
allows for automated escalations. It collects transactional data from the data centers
locally, compresses it, and can forward it directly to the corporate Critical Incident
Response Team (CIRT).
“The Secure Management
Infrastructure covers any new
use case. If a new business
unit comes online, for
example, or a data center, we
can build a virtual desktop
and provide an IP address to
the employees within that
unit. They can securely access
the production network while
still using the corporate
network.”
JIM WEAVER, MANAGER, SECURE BUSINESS
SERVICES, GLOBAL SECURITY ORGANIZATION
The EMC® Celerra® gateway is used for network attached storage (NAS). A CLARiiON®
CX-class SAN is the storage for the Celerra NAS gateway and the VMware ESX server
which contains the virtual appliances and desktops.
RESULTS
The most immediate and striking benefit was the virtualization technologies inherent to
the Secure Management Infrastructure. It was developed using core EMC components
and combined with Cisco ASA VPN and firewall technology. This technology is the
foundation for rapidly deploying many IT tools and management platforms in a ‘bolt-on’
fashion. Examples include management servers for web-application firewalls, intrusion
detection, and authentication services.
Jim Weaver, Manager, Secure Business Services, Global Security Organization, said: “One
of the largest challenges was keeping the RSA Hosted Operations production activities –
which are both critical to the business and commonly handle sensitive data – separate
from the internal corporate network. The Secure Management Infrastructure not only
achieved this goal, it also significantly decreased the complexity and cost of the solution.”
The SMI is now a proven model that not only showcases EMC technologies but also the
technical knowledge and expertise within the EMC GSO and SBS organizations. More
importantly the SMI can be replicated to provide a solution set for other companies
facing the same issues. In short, another industry-leading service has been brought into
the EMC fold.
CONTACT US
To learn more about how RSA
products, services, and solutions help
solve your business and IT challenges
contact your local representative or
authorized reseller – or visit us at
www.RSA.com
The development of the Secure Management Infrastructure has ensured that EMC has met
its overarching objectives, chiefly, securely connecting external data centers and centralizing
the administration of firewalls, web-application firewalls, and other security systems.
The SMI has delivered on more than just security. As Jim Weaver, also, points out:
“One of the issues we face, as do other companies, and with regard to mergers and
acquisitions, is how do we secure operational access to new resources and not add to
the risk? The SMI is the answer – it enables both IT and the business to quickly adapt to
market and business changes while still ensuring that security-policy requirements are
met.” Adding to the enhanced security toolsets and scalability, the Secure Management
Infrastructure provides flexibility, reliability, and efficiency. It lowers costs by centralizing
management, administration, and resources and improves business agility by enabling
fast provisioning of new services.
As well as delivering a highly available and secure method to access remote data centers,
the infrastructure provides the ability to audit and centralize accounting which is a core
requirement for ISO, PCI, and SAS/70 certifications.
www.rsa.com
©2003-2009 EMC Corporation. EMC, the EMC logo, RSA, the RSA logo, enVision, and SecurID are trademarks or
registered trademarks of EMC Corporation in the United States and/or other countries. All other trademarks
mentioned herein are the property of their respective owners. EMCSBS CP 0911
LOCKHEED MARTIN
Stellar cloud innovation
AT-A-GLANCE
Key Requirements
–– Continuously advance technology
to stay ahead of rapidly advancing
threats
–– Continue to deliver innovative
technology solutions without
compromising on security
–– Develop flexible cloud offering for
public-sector organizations
Solution
–– Starfire Mission Ready Cloud
built-in collaboration with Virtual
Computing Environment (VCE)
–– Adaptable solution offers full range
of RSA® security technologies and
LM Cyber Security Alliance partner
capabilities
–– Flexible model means customers
can tailor their solution to specific
requirements
Results
–– Customers benefit from simpler,
more cost-effective cloud-service
implementation
–– Scalable and flexible, the
infrastructure can adapt to business
growth and unexpected threats
CUSTOMER
PROFILE
“The integrated, mission-focused secure cloud solution
accelerates affordable development, deployment, innovation,
and performance of cloud implementations while reducing
infrastructure costs and risks.”
CURT AUBLEY, VICE-PRESIDENT, NEXGEN CYBER SECURITY & INNOVATION,
LOCKHEED MARTIN INFORMATION SYSTEMS & GLOBAL SOLUTIONS
Headquartered in Bethesda, Maryland, Lockheed Martin is a global
security company that employs 132,000 people worldwide. It is
principally engaged in the research, design, development, manufacture,
integration, and sustainment of advanced technology systems, products,
and services. Lockheed Martin is the largest provider of information
technology services and solutions to the U.S. government and is a
leading provider of cyber security solutions. The Corporation’s 2010
sales from continuing operations were $45.8 billion.
KEY REQUIREMENTS
As a leader in the technology field, Lockheed Martin strives to stay at the forefront of
innovation and high quality when developing new products and services for its
customers.
A key element of ensuring high-quality products is keeping them secure, so in 2009
Lockheed Martin launched the Lockheed Martin Cyber Security Alliance to address cybersecurity challenges through collaboration and innovation. This alliance is committed to
identifying areas where it can add value for its customers, and cloud computing is a key
focus.
“Our customers want to harness the benefits inherent in cloud computing – such as
reduced operating costs and enhanced flexibility – without compromising compliance
and security requirements,” says Curt Aubley, Vice-President, NexGen Cyber Security &
Innovation, Lockheed Martin Information Systems & Global Solutions.
Aubley and his teams were eager to develop a solution that would enable customers to
make use of the cloud while remaining compliant with regulations from Consensus Audit
Guidelines (CAG) industry best practices to Sarbanes-Oxley to the Health Insurance
Portability and Accountability Act. They needed to ensure that the solution was modular
and adaptable as well so that it could be refined to identify and combat security threats
now and in the future.
SOLUTION
“Our customers want to
harness the benefits inherent
in cloud computing – such as
reduced operating costs and
enhanced flexibility – without
compromising compliance and
security requirements.”
CURT AUBLEY, VICE-PRESIDENT, NEXGEN
CYBER SECURITY & INNOVATION, LOCKHEED
MARTIN INFORMATION SYSTEMS & GLOBAL
SOLUTIONS
Having identified the opportunity to develop a new secure-cloud solution for its
customers, Lockheed Martin worked with the Virtual Computing Environment (VCE) –
a collaboration of Cisco, EMC, and VMware – to design and build it.
The solution it developed is Starfire Mission Ready Cloud™ – a secure, mission-ready,
turnkey private-cloud offering for federal, state, and local government agencies as well as
private- sector organizations. It incorporates VCE’s Vblock™ technology and RSA products
to provide a trusted environment that addresses concerns of data security, privacy, and
enhanced performance to meet the cloud-computing objectives of all Lockheed Martin’s
customers.
Customers are able to tailor all aspects of the solution – including security capabilities –
to meet their particular needs. To support this feature, Lockheed Martin chose to build in
a range of security technologies across its virtual and physical infrastructures from RSA,
The Security Division of EMC. These include the RSA® Data Loss Prevention Suite, the
RSA enVision® platform for security information and event management (SIEM), and
RSA SecurID® two-factor authentication. Those needing governance, risk, and compliance
(GRC) capabilities can incorporate RSA Archer™ technologies.
“We carry out continuous evaluation of hundreds of different technology offerings,”
explains Christopher Kachigian, Cyber Architect Sr. Staff. “This ensures that when we
develop modular solutions like this, we know that every component is the best available
and our customers are getting the most effective solutions.”
RESULTS
CONTACT US
To learn more about how RSA
products, services, and solutions help
solve your business and IT challenges
contact your local representative or
authorized reseller – or visit us at
www.RSA.com
Aubley comments: “The value-added, secure cloud-enabling capabilities that are being
offered through this new solution will help to further protect and defend our customers’
critical operations and services while reducing infrastructure costs and risks.”
Starfire is scalable and measurable, combining Lockheed Martin mission-focused cloud
management and cyber-security solutions with VCE’s pre-integrated technologies from
Cisco, EMC, and VMware to deliver a highly secure computing platform that can scale as
organizations’ demands for IT grow. Kachigian adds: “By incorporating RSA technologies
into the mix, we know we’re offering our customers industry-leading security features as
well as benefitting from the wider partnership with EMC.”
The Starfire offering has already generated significant interest among organizations in all
fields of government. As roll-out to these customers gets underway, the team at Lockheed
Martin is already planning further additions to the portfolio in order to continue
enhancing the customer experience.
www.rsa.com
©2011 EMC Corporation. EMC, the EMC logo, RSA, the RSA logo, Archer, enVision, and SecurID are trademarks or
registered trademarks of EMC Corporation in the U.S. and/or other countries. All other trademarks referenced are the
property of their respective owners. LOCK CP 0211
MICROSOFT
Data loss prevention suite helps
technology leader discover sensitive data
AT-A-GLANCE
Key Requirements
–– Regulated data discovery
integrated with policy and process
–– Compliance with Payment Card
Industry (PCI) and Sarbanes-Oxley
regulations
–– Securing intellectual property such
as source code, strategic plans, and
operational information
Solution
–– RSA DLP Datacenter with
distributed architecture and
scanning capabilities
–– Enables scanning of all data stored
across enterprise
Results
–– Rapid scans of 12TB of file system
data and 120,000 SharePoint Sites
make continuous content discovery
a reality
–– False positive rate of less than one
percent ensures recorded incidents
are genuine
“Content identification is not one of those problems that you can
simply throw a lot of hardware at and get the kind of performance
you need. The unparalleled accuracy and unique features of RSA®
DLP Datacenter made it the only viable choice for discovering all
our sensitive content.”
OLAV OPEDAL, SECURITY PROGRAM MANAGER, MICROSOFT
KEY REQUIREMENTS
For global corporation Microsoft, the biggest challenge in preventing data breaches and
complying with privacy regulations isn’t so much a technical data-protection issue, but
dealing with content sprawl.
“Before we could do anything, we knew we had to locate our sensitive information and
measure compliance to the policies already in place,” explains Olav Opedal, Security
Program Manager at Microsoft. “The problem was, we had approximately 30,000 file
shares containing nearly 12 terabytes of data and more than 120,000 SharePoint sites
needing to be scanned and analyzed. How do you get that done in a short time frame and
without causing enormous disruption to your business operations and IT resources? This
was the impetus behind our Information Classification and Data Handling project.”
As part of the security initiative, Microsoft had to tackle the Payment Card Industry (PCI)
Data Security Standard and meet Sarbanes-Oxley’s stringent rules on securing financial
information. It also had to consider intellectual-property security.
“Source code, strategic plans, operational information, and other kinds of sensitive business
information are all types of intellectual property that we needed to secure,” asserts Opedal.
“Of course, some kinds of information are more sensitive than others. Customer data, source
code, and corporate financial data were clearly the most important for us. This is why rather
than trying to secure our information according to the specific regulation, we took the
approach of classifying all data in our managed IT space into one of three categories: High
Business Impact, Moderate Business Impact, or Low Business Impact.”
The question for Microsoft became how to gain a better understanding of the risks posed
by its information-storage and data-handling practices.
“We built a risk model,” explains Opedal, “the purpose of which was to quantify the level
of risk from our data. We decided to start with HBI – which encompasses all of the most
important intellectual property and information regulated under PCI and SOX – then move
on to target other areas. To execute our HBI strategy, we needed a way to scan any managed
space where sensitive data could be stored to ascertain the nature of what we had out
there. This was a content-discovery challenge. That’s where RSA DLP Datacenter came in.”
CUSTOMER
PROFILE
SOLUTION
The parameters Microsoft developed for its Information Classification and Data Handling
project dictated the stringent criteria for judging content-discovery solutions. With
enormous data loads and thousands of locations to scan, enterprise scalability,
performance, and accuracy were all top considerations. Management and operations
were also at the head of the list.
“The unparalleled accuracy and
unique features of RSA DLP
Datacenter made it the only
viable choice for discovering
all our sensitive content.”
OLAV OPEDAL, SECURITY PROGRAM
MANAGER, MICROSOFT
Microsoft executives needed to know that they could handle security threats and
incidents quickly and securely, and be able to document remediation efforts in order to
maintain audit-compliance trails.
“Content identification is not one of those problems that you can simply throw a lot of
hardware at and get the kind of performance you need,” observes Opedal. “The
unparalleled accuracy and unique features of RSA DLP Datacenter – such as incremental
processing – made it the only viable choice for discovering all our sensitive content.”
Microsoft implemented RSA DLP Datacenter, which takes a revolutionary approach to
content discovery with its distributed architecture and scanning capabilities, enabling
them to scan all data stored across their full set of file shares and SharePoint sites.
To boost scanning performance, Opedal opted to use the product’s Grid Processing
capability, enabling him to specify a set of servers at each location to process the scan.
The servers are automatically provisioned and automatically load balance the contentanalysis work for fastest processing. Microsoft is also leveraging the patent-pending
incremental scanning technology for ongoing scans. This enables them to regularly scan
and analyze files and directories that are new, modified, moved, or renamed.
“We really needed the performance, scalability, and highly precise content-detection
capabilities that only RSA DLP Datacenter could provide,” says Opedal. “Grid processing
and incremental scanning were essential for Microsoft given the volume of data that we
store. Also, RSA DLP Datacenter generates matched files with an accuracy rate
consistently at or above 98 percent.”
RESULTS
CONTACT US
To learn more about how RSA
products, services, and solutions help
solve your business and IT challenges
contact your local representative or
authorized reseller – or visit us at
www.RSA.com
As a result, Opedal and his team were able to scan 12TB of file system data and 120,000
SharePoint sites in a matter of nine days while still maintaining the highest levels of
precision. Ongoing incremental scans of just the new, modified, moved, or renamed data
across those same 120,000 SharePoint sites takes less than five percent of the time it
took for the original scan, making continuous content discovery a reality.
Further, with DLP Datacenter, Microsoft is keeping the costs of its information-security
operations as low as possible. In planning the data-discovery project, the team set a
baseline that a single compliance officer or security advisor could handle approximately
250 incidents per day.
“The false positive rate is lower than 1 percent, so we know that the incidents our
compliance staff have to review are genuine,” explains Opedal. “Without RSA DLP
Datacenter, we’d have to hire and train a lot more staff and face a far higher total cost of
ownership. RSA DLP Datacenter has given us a better understanding of the location of our
high-impact business information, and enables us to protect against the proliferation of
that data – something of paramount importance for all of us here at Microsoft.”
www.rsa.com
©2008 EMC Corporation. EMC, the EMC logo, RSA, and the RSA logo are trademarks or registered trademarks of EMC
Corporation in the United States and/or other countries. All other trademarks mentioned herein are the property of
their respective owners. MICRO CP 1208
PREMIER BANKCARD
Financial services company gains bird’s
eye view on 3.5 million customer records
“We can now accelerate our drive to have a single view on all
sensitive customer and company data, which in turn significantly
galvanizes our security strategies and quickens our steps in
meeting security policy objectives.”
AT-A-GLANCE
CHUCK CINCO, MANAGING OFFICER FOR INFORMATION SECURITY, PREMIER BANKCARD
Key requirements
–– Comprehensive view of external
threats, sensitive data, and use of
corporate infrastructure
–– Classifying sensitive data and
responding to it in a timely manner
–– Easy-to-use tools for dashboarding,
compliance reporting, and forensic
analysis
Solution
–– Identify and classify sensitive
data across the network and in
the data center
–– Create the foundation of a
data-loss-management program
–– Integrate across 400 devices
Results
–– Reduced IT complexity which
helps IT become more responsive
–– Ability to quickly identify
compliance and security gaps and
automate responses to incidents
–– Reliable, integrated view of
regulated data and systems
CUSTOMER
PROFILE
PREMIER Bankcard is a sister organization of First PREMIER Bank, South
Dakota. It is the tenth largest issuer of VISA and MasterCard credit cards
in the United States. It serves more than 3.5 million customers
nationwide and was the first financial organization in the world to be
certified to the ISO 27001 standard, the only internationally recognized
information-security standard.
KEY REQUIREMENTS
Several years ago the IT department, which manages technology for both PREMIER Bank
and PREMIER Bankcard, purchased RSA enVision®, a platform that provides collection,
alerting, and analysis of log data across multiple network devices. This was particularly
important within the context of securely handling personally identifiable information (PII)
on behalf of their customers as well as their own mission-critical information.
The platform enabled the two organizations to consolidate log information and provide a
central repository for data aggregation. As such, it allowed the business to minimize its
exposure to data compliance breaches and to ensure that IT added more value to the
business.
PREMIER Bankcard also had a technology that was used to classify and identify sensitive
data on the network, which in turn helped it meet security policy objectives. However, the
product license was coming to an end. As a result, it wanted to take the opportunity to
create a comprehensive view of data usage in order to strengthen security policies.
SOLUTION
The organization began exploring the market for a suitable solution and decided on the
RSA Data Loss Prevention (DLP) Suite from RSA, The Security Division of EMC. The suite
enables organizations to discover and classify their sensitive data, educate end users to
ensure data is handled appropriately, report on risk reduction, and meet security-policy
objectives.
“We now have a multi-layered
view of all activities, enabling
us to really prioritize our
activities and provide a bird’s
eye view on all sensitive
customer and company data.”
CHUCK CINCO, MANAGING OFFICER FOR
INFORMATION SECURITY, PREMIER BANKCARD
Essentially, it wanted to create a security policy that would be well-understood across the
company and be able to enforce it with few or no manual steps.
As a result, the company leveraged the technology in the data center and across the
network. This enabled it to identify sensitive data and helps to enforce policies across file
shares, databases, storage systems, other data repositories, corporate email systems,
web-based email, instant messaging, and web-based protocols.
It then took its first integration steps. Chuck Cinco said: “To date, we’ve put over 400
devices into these systems and have built a security operations dashboard that allows us
a single view of most of our information-security technologies. However, this is just first
the step, and we will deepen the integration as we move forward.”
RESULTS
PREMIER Bankcard now has a comprehensive monitoring capability which it is leveraging
to reduce risk. Audits have become easier, while audit fees, tools, and training
documentation have been reduced.
The company also has clear, harmonized controls that are mapped to regulations,
workflows that streamline and automate compliance processes, and regulated data
discovery that integrates with policy and process.
Given that the company now has in place non-compliance triggers that provide immediate
and automated notification of data alerts, it is planning to integrate other technologies
into its data-collection and reporting platform.
CONTACT US
To learn more about how RSA
products, services, and solutions help
solve your business and IT challenges
contact your local representative or
authorized reseller – or visit us at
www.RSA.com
www.rsa.com
The company is now expanding this capability into other areas such as telecoms, which
is greatly simplifying some of its processes. Automated collection of event and incident
management data has saved a lot of time, while reports and dashboards now provide
business-relevant views.
“We now have a multi-layered view of all activities, enabling us to really prioritize our
activities and provide a bird’s eye view on all sensitive customer and company data,”
added Chuck Cinco.
©2011 EMC Corporation. EMC, RSA, the RSA logo, and enVision are trademarks or registered trademarks of EMC
Corporation in the U.S. and/or other countries. All other trademarks mentioned are the property of their respective
owners. PREM CP 0311
REGIONAL HEALTHCARE PROVIDER
Regional hospital operator increases
the health of its corporate network
AT-A-GLANCE
Business Challenge
–– Maintain the security and high
availability of a large and complex
corporate network, holding
sensitive information
–– Improve visibility of the traffic
traveling over the network,
enabling the organization to move
from a reactive to a proactive
security stance
–– Maintain Health Insurance
Portability and Accountability
Act (HIPAA) compliance
Solution
–– Evaluated the performance of the
top three Data Loss Prevention
(DLP) solutions on the market
“By deploying RSA Data Loss Prevention we have been able to
take control of the information that is shared across our large
and complex corporate network. Using the solution’s easy-touse interface we have accelerated the process of identifying
when there is a risk to sensitive information and our ability
to develop a proactive, targeted response that minimizes
disruption to other users.”
INFORMATION SYSTEMS PROJECT MANAGER, REGIONAL HEALTHCARE PROVIDER
This regional healthcare provider operates a multi-hospital medical
network in its local area. Its medical centers help improve the health
of thousands of people each day.
BUSINESS CHALLENGE
This regional healthcare provider manages a large and complex IT infrastructure spanning
multiple hospitals and medical centers across the state it operates in.
Results
A Metropolitan Area Network (MAN), managed by the organization, connects these
separate and geographically dispersed sites. Thousands of employees and medical
students use the network to get online or send internal messages. Traffic from a range of
applications, including Facebook, Twitter, Yammer, Google, corporate email and instant
messenger systems, and cloud services, travels over the network.
–– Able to identify potential issues
early, so that they can be dealt
with before they become a major
problem
The already challenging task of managing this network is further complicated by the fact
that it has grown sporadically and organically, as the separate sites have joined together
over the years. The network is made up of heterogeneous technologies that result in
complicated, interconnected IT issues, and potential vulnerabilities.
–– Now fully deployed a best-practice
DLP solution to collect information
regarding traffic on the corporate
network
–– Now fully prepared to swiftly
comply with any existing or
new pieces of legislation
–– Better able to act as technology
advisors to the rest of the
organization
CUSTOMER
PROFILE
Due to the nature of the traffic passing over the network – often carrying sensitive
Personally Identifiable Information (PII) – the organization cannot afford security threats
or data loss. Also, since the MAN connects healthcare sites, maintaining a high level of
patient care relies on its high availability.
To this end, the organization wanted to improve its visibility of traffic on the network so that
it could proactively identify and address vulnerabilities, ensuring that sensitive information
is not exposed or unprotected at any point, and that high availability is maintained.
SOLUTION
In line with President Obama’s Health Care Reform Bill, which aims to deliver a tidal wave
of healthcare Information Technology innovation, the regional healthcare provider was
keen to find an IT solution that would help it gain further visibility into the traffic on its
network. Armed with this extra insight, it would then be able to move from a reactive to
a more proactive position – identifying and solving potential issues before they become
a major problem.
“By having this best-practice
approach in place, we are
able to act as advisors to the
rest of the organization. We
can recommend the best
technologies to have in place
for any given situation and we
can ensure they run efficiently
and are fully compliant.”
INFORMATION SYSTEMS PROJECT MANAGER,
REGIONAL HEALTHCARE PROVIDER
The organization decided to evaluate the performance of the top three Data Loss
Prevention solutions on the market. During the 30-day pilot, it set up each technology to
capture information regarding the same network traffic. Analyzing the results, it found that
the solution from RSA, The Security Division of EMC, returned the fewest false positives.
An Information Systems Project Manager at the organization comments: “We were very
impressed by the results returned by the RSA solution – the false positives were low. But
more than that, it had an intuitive and user-friendly interface, which would make it easy
for us to encourage users to adopt the technology.”
RSA® Data Loss Prevention (DLP) Network provides complete data loss prevention for
sensitive information in transit. It identifies and enforces policies for sensitive data
transmitted through corporate email (SMTP), webmail, instant messaging, FTP,
web-based tools (HTTP or HTTPS), or any generic TCP/ IP products.
It took just a few weeks for the organization to deploy the technology and it is now
up and running collecting valuable information regarding the data moving across its
network. Over the next few months, the organization will focus on analyzing this data,
from which it will establish a raft of security policies.
RESULTS
Thanks to its new Data Loss Prevention solution, the regional healthcare provider has a
complete view across its network of relevant threats and potential vulnerabilities. This
enables it to identify potential issues early on, so that necessary remediation actions
can be prioritized and tracked. It is enabling the organization to take a proactive stance,
rather than a reactive one.
CONTACT US
To learn more about how RSA
products, services, and solutions help
solve your business and IT challenges
contact your local representative or
authorized reseller – or visit us at
www.RSA.com
The healthcare provider is now able to deal with incidents swiftly and with minimum
impact to the network users. This also makes it much easier for hospitals to maintain
high network availability, since it now has insight into when and where additional
bandwidth is required, for example.
This additional insight also means that the organization is fully prepared and able to
swiftly comply with any existing or new pieces of legislation, such as the Health Insurance
Portability and Accountability Act (HIPAA).
“By having this best-practice approach in place, we are able to act as advisors to the rest
of the organization. We can recommend the best technologies to have in place for any
given situation and we can ensure they run efficiently and are fully compliant,” concludes
the Information Systems Project Manager. “We are now looking to deploy DLP Datacenter
and Endpoint to extend this visibility across our entire IT infrastructure.”
www.rsa.com
©2011 EMC Corporation. EMC, the EMC logo, RSA, and the RSA logo are trademarks or registered trademarks of EMC
Corporation in the U.S. and/or other countries. All other trademarks mentioned are the property of their respective
owners. REGHC CP 1211
STATE GOVERNMENT AGENCY
Government Organization Protects the Public
with RSA® Data Loss Prevention and RSA Archer®
AT-A-GLANCE
Key Requirements
–– Keep sensitive personal and financial
data pertaining to state residents
from being shared externally or
accessed by unauthorized individuals
–– Manage data vulnerabilities across
fragmented IT environments,
tracking data at rest, in motion,
and on end-point devices
–– Actively educate employees to
increase awareness of dataprotection requirements when
they put sensitive data at risk
Solution
–– RSA Data Loss Prevention (DLP)
identifies at-risk sensitive data in the
datacenter, network, and on endpoint
devices and alerts users when
protective measures are needed to
enforce controls to protect data
–– Analysts can view the security risk
posture of the entire infrastructure
from one central control panel
–– Feeds from RSA DLP are managed
by RSA Archer eGRC Suite to
automate mitigation workflows
Results
–– Users are now more regularly
encrypting their sensitive files
before transmitting them, and are
aware of their role in keeping
sensitive data protected
–– Management and IT analysts have an
enhanced, comprehensive view of
data risk and its business implication
–– Risks are identified more quickly
and accurately than before, and
can be dealt with faster
CUSTOMER
PROFILE
“We chose RSA as a partner to assist in our objective to prevent
data loss. RSA provided support for a broad range of technologies
that integrated well with solutions we had previously implemented
within our security operations. One solution to cover data at rest,
in motion, and in use on endpoint devices was a significant
requirement.”
CISO, STATE GOVERNMENT AGENCY
This government agency is responsible for supporting the needs of
millions of state residents on a daily basis, many of whom belong to
vulnerable groups such as children and the elderly. The organization
handles sensitive personal data about state residents – including
Personally Identifiable Information (PII), financial information, and
Protected Health Information (PHI) – and is responsible for administering
significant volumes of funds totaling tens of billions of dollars per year.
KEY REQUIREMENTS
Any government organization exists to serve its citizens. As well as delivering lifeenhancing services, the state agency has an obligation to keep safe any personally
identifiable information (PII) that it holds about its constituents, in order to protect them
from identity theft and fraud. However, the larger the volume of personal and financial
data held, the greater the risk.
With thousands of projects being managed across the organization’s various
departments, and a large number of employees, the agency needed a better way to track
and protect employee and customer confidential data. Other government organizations
have fallen victim to ID theft attacks, so this agency took proactive steps to ensure that
sensitive information was not accessible to unauthorized individuals, and that files were
transmitted appropriately by the organization’s personnel.
The organization’s fragmented IT environment presented significant challenges. The
merging of a number of different organizations left duplicate and disparate technologies
managed by numerous groups across the organization. With some environments being
hosted in outsourced data centers, the organization needed a data loss prevention (DLP)
solution that would work across a highly complex IT infrastructure.
“As well as putting more stringent controls in place to keep sensitive data from leaving
the organization, we wanted to better educate our employees about the potential impact
of their actions on their clients’ security,” explains the CISO. “They’re focused on getting
their jobs done, meaning they sometimes don’t think about the potential risk they are
introducing when transmitting sensitive data. We needed to train them to think about the
security implications of what they do.”
SOLUTION
“We’re also very excited about
the possibility of integrating
RSA Archer and DLP with RSA
NetWitness to add even more
value to the organization and
make our risk-management
workflows even more
effective.”
CISO, STATE GOVERNMENT AGENCY
The organization looked at a number of DLP solutions. Starting with a shortlist of 10
vendors, it whittled down the options through a series of questionnaires, use-case
evaluations, and product-viability assessments until just one was left.
“We chose RSA because it provided support for the broad range of technologies that we
already had in place, as well as offering one solution to cover data at rest, in motion,
and in use on endpoint devices,” says the CISO. “We knew it would give our analysts
comprehensive visibility of the location and flow of sensitive data across our extensive,
state-wide IT environment, all at once. It would also enable them to assess risk based on
parameters we set ourselves.”
This integrated visibility was essential to help the agency keep tabs on the entire
infrastructure.
After piloting RSA DLP in its data center, across its network, and on end-point devices, the
agency began its full-scale deployment with RSA DLP Network to actively monitor email and
other internet traffic for unsecured files and PII data. Any risks are flagged immediately to
the sender, helping educate users about the risks they are creating while ensuring any data
they transmit is appropriately encrypted – either by the user or automatically by the DLP
solution. “We saw an immediate impact after implementing this solution, as employees
started to encrypt their emails much more regularly. This showed that the educational
aspect of the RSA DLP solution was having the desired effect,” the CISO recalls.
The pilot also uncovered a large number of files that had not been accessed for a long
time – years, in some cases – and identified where files were duplicated across the
system. “With RSA DLP we can assess the criticality of a file based on our own criteria,
move it to a secure site, and protect it appropriately,” adds the CISO. The results of this
pilot exercise were shared with the agency’s senior management, who quickly approved
a wider-than-planned roll-out for the RSA solution.
With RSA DLP Network in place, the agency is integrating its feeds into the Risk Remediation
Manager On Demand Application of the RSA Archer eGRC Suite, which runs a standard
workflow to respond to and deal with each incident. “When alerted to a new risk by RSA
DLP, the RSA Archer module sends an email to the appropriate manager, asking them to
confirm whether the data at risk is relevant for HIPAA or any other regulations, then routes
it to the appropriate remediation team,” the CISO explains. “This automated process is
much quicker and more reliable than we could have achieved before.”
RESULTS
As a next step, the organization plans to fully implement RSA DLP Endpoint to protect
data on employees’ PCs. It is also looking into further integrating the DLP and RSA Archer
solutions so that whenever DLP identifies a ‘dead’ file, it is automatically dealt with
through a workflow held and managed within the RSA Archer eGRC Suite.
“We’re also very excited about the possibility of integrating RSA Archer and DLP with
RSA NetWitness® to add even more value to the organization and make our Security
Operations Center and risk-management workflows even more effective,” says the CISO.
page 2
Despite its big plans for future developments, the agency is already able to point to some
significant benefits from its new risk-governance model. “The two solutions work very
well together. DLP identifies the risks, and RSA Archer puts the business context around
them,” the CISO reflects. “This has led to an overall increase in the understanding of risk
by all stakeholders within the organization – the IT analysts, senior management, and our
thousands of business users. By being able to show specific risks and their implications
for the organization to individual employees and management, we’ve succeeded in
getting everyone to take their role in risk mitigation seriously.”
CONTACT US
To learn more about how RSA
products, services, and solutions help
solve your business and IT challenges
contact your local representative or
authorized reseller – or visit us at
www.emc.com/rsa.
www.emc.com/rsa
©2012 EMC Corporation. All rights reserved. EMC, the EMC logo, RSA, the RSA logo, Archer, and NetWitness are the
property of EMC Corporation in the United States and/or other countries. All other trademarks referenced are the
property of their respective owners. STATEGOV CP 0113
TIVIT
Brazilian IT Outsourcing Company
Reinforces Security Compliance with RSA
AT-A-GLANCE
Key Requirements
–– Reinforce the security of internal
data and remote access processes
–– Ensure compliance with industry
standards, such as those set by
the PCI DSS
–– Extend use of flexible, remote
working among employees
Solution
–– R
SA® Data Loss Prevention Network
identifies and protects sensitive
and regulated data being sent out
of the organization via email and
other network traffic
–– R
SA SecurID® delivers two-factor
authentication to enhance security
when employees access systems
remotely
–– Local RSA Professional Services
team provided tailored support,
with deployment completed in
just three days
Results
–– More insight and control over the
security of sensitive data leaving
the network
–– Able to demonstrate full
compliance with security standards
to customers in any industry
–– Enhanced expertise in IT security,
with this incorporated into service
portfolio
CUSTOMER
PROFILE
“Implementing RSA Data Loss Prevention and RSA SecurID has
helped us accelerate our efforts towards ensuring compliance
with our customers’ security demands and regulations, such as
PCI DSS. As well as ensuring our own operations are secure, this
provides extra reassurance to our clients and partners, many of
whom operate in industries where these regulations apply.”
SELMA APARECIDA MALAGUTI AGUILERA, CORPORATE IT AND COMPLIANCE, TIVIT
Based in Sao Paulo, TIVIT provides integrated IT, application systems,
and business process outsourcing (BPO) services to clients in Brazil
and the rest of the world. With an extensive portfolio of services and
a consultative approach to assisting clients, it delivers solutions to
organizations in the finance, manufacturing, healthcare, professional
services, and utilities sectors.
KEY REQUIREMENTS
IT security is a key concern for TIVIT and its clients, many of whom operate in industries
where specific data protection regulations, such as the Payment Card Industry Data
Security Standard (PCI DSS) apply.
With this in mind, TIVIT is committed to enhancing its internal systems and working
environment to ensure full compliance with regulatory requirements. As part of its efforts,
it identified the need for enhanced insight into the information that was being shared on
its network to help identify potential risks more readily.
In addition, as a client-centric organization, TIVIT aimed to enhance its employees’ ability
to work flexibly on-site at clients’ offices. It wanted to further secure the process of
establishing a remote connection to its servers by introducing multi-factor authentication.
Selma Aparecida Malaguti Aguilera from TIVIT’s Corporate IT and Compliance department
explains: “As an organization, we understand the need for a comprehensive approach to
ensuring the security of our operations, taking into account the IT systems used to access
and share data, the behavior of our employees when handling sensitive information, and
how good practices are enforced. The work we do has a fundamental impact on the IT
security of our clients’ organizations. It is crucial, therefore, to ensure the thoroughness
of our own approach to data protection.”
SOLUTION
After assessing network-monitoring solutions from RSA and its competitors, TIVIT
commissioned Proof-of-Concept (PoC) trials of RSA Data Loss Prevention (DLP) Network
and a competitor’s offering to better determine their suitability for its requirements. It
also undertook a broader evaluation of the overall strength of their security offerings.
“With the security solutions
in place, we are in a better
position both to serve our
existing clients and pursue
new business opportunities.
Demonstrating the strength of
our internal security measures
has enhanced our reputation
as an IT partner, and the
development of our
relationship with RSA offers
the potential for us to develop
related services in the future.”
SELMA APARECIDA MALAGUTI AGUILERA,
CORPORATE IT AND COMPLIANCE, TIVIT
Following its evaluation, TIVIT chose to implement RSA DLP, based on its performance
during the PoC and taking into account the strength of RSA’s full product range and its
broader position within the security marketplace. In particular, TIVIT selected RSA for its
proven experience of deploying DLP globally and the better cost-benefit ratio it offered.
TIVIT enlisted the support of a local RSA Professional Services team to support the
deployment. This proceeded smoothly, taking just three days to roll the solution out to
about 3,000 users across the company’s network.
It also deployed 1,300 RSA SecurID hardware tokens to enhance the log-in process for
employees when accessing its systems remotely or connecting to its wireless network.
As part of its support for the project, the RSA team helped ensure that TIVIT was fully briefed
on how to use the new solutions. It conducted knowledge-transfer sessions with specialists
at the company, enabling them to share their learnings within the organization.
RESULTS
Following the implementation, TIVIT is able to maintain a much stronger position on security
and compliance. By using RSA DLP Network to provide full visibility into the information that
is sent across its network, it is easier for administrators to identify potential data-protection
risks and enforce security best practices among employees. For example, DLP can highlight
if a user is detected sharing unencrypted financial or personally identifiable information,
allowing administrators to take corrective action if necessary.
TIVIT has used DLP to create security rules to identify sensitive internal data, such as
credit card numbers and data which is covered by TIVIT´s classified-information policy,
and improve the way this is handled.
CONTACT US
To learn more about how RSA
products, services, and solutions help
solve your business and IT challenges
contact your local representative or
authorized reseller – or visit us at
www.emc.com/rsa.
With a greater understanding of how its network is used, TIVIT can develop more effective
security policies and provide more targeted advice to users on how to ensure information
is kept safe. In the event of an incident, DLP allows TIVIT’s administrators to take control
of the situation faster and quickly identify any issues that need to be resolved.
By using RSA SecurID to enhance security when employees connect to its network,
TIVIT has further minimized the risk of sensitive information being accessed without
permission. The deployment has reinforced its compliance with data-security regulations
such as the PCI DSS.
Aguilera comments: “With the DLP and SecurID solutions in place, we are more confident
than ever that the data on our systems is secure. By deploying these technologies, we’ve
been able to send a clear message to our clients and partners that we take the security of
our information seriously and share their priorities when it comes to ensuring compliance
with industry data-protection requirements.”
As well as enhancing TIVIT’s reputation among its client base, the success of the
relationship with RSA has also presented an opportunity to potentially add security
services to its offering. With the security of its own systems ensured, TIVIT is now
considering partnering with RSA to further extend the benefits of RSA solutions to its
clients.
www.emc.com/rsa
©2012 EMC Corporation. All rights reserved. EMC, the EMC logo, RSA, the RSA logo, and SecurID are trademarks
or registered trademarks of EMC Corporation in the United States and/or other countries. All other trademarks
referenced are the property of their respective owners. TIVIT CP 0312
U.S.-BASED FEDERAL AGENCY
Federal agency establishes comprehensive
protection for sensitive data with RSA solution suite
AT-A-GLANCE
Key Requirements
–– The agency needed a means of
accurately identifying data-security
risks
–– It aimed to put in place effective tools
for managing and responding to alerts,
in accordance with existing policies
–– It wanted to control access to data in
web applications as well as
standalone files
Solution
–– R
SA® Data Loss Prevention (DLP)
supports real-time, automated
identification and alerting of
vulnerable information, with high
accuracy
–– RSA Archer® supports organizational
response and planning around data
security with powerful management
and reporting tools
–– RSA Access Manager provides a
central point for authorizing single
sign-in access to RSA DLP and
RSA Archer
Results
–– All three RSA solutions work in
conjunction to support the
identification, tracking, management,
and prevention of data-security risks
–– RSA DLP provides real-time insights
into risk across the organization, with
customized, automated responses and
reporting, which reduces admin
overhead
–– RSA Archer provides a single
dashboard for detailed tracking of
specific incidents, through to providing
global insight into security trends
CUSTOMER
PROFILE
“It was important that the tools to support this federal agency’s datasecurity efforts could be adapted to meet the complex needs of the
organization, and that it could trust them to provide consistently
accurate and effective protection. The close integration among
RSA’s solutions is a unique, industry-leading approach to
identifying, managing, and responding to data-security risks.”
BRIAN KAFENBAUM, MANAGING PARTNER, PHOENIX DATA SECURITY
This U.S.-based federal agency has extensive operations across the
country, with local teams supported by central management. As with
other government organizations, the agency prioritizes the security of
employee data, including personally identifiable information (PII), and
must ensure it meets the requirements of a number of data-protection
regulations. Given the complexity of its operations, it is important that
both local and central teams have accurate insight into the organization’s
security position and the tools to effectively manage the resources
devoted to support this.
KEY REQUIREMENTS
This federal agency was looking to replace its existing legacy data loss prevention system
after experiencing several operational, technical and compliance challenges; including
false positive rates, manual reporting and lack of user certificate authentication. Besides
having a more accurate solution to monitor and alert security personnel to potentially
vulnerable data, such as unencrypted PII, the agency aimed to put in place a framework
of tools to assist staff at all levels to respond effectively to incidents and gain a better
insight into the data-protection issues facing the organization. The agency had already
established a range of security policies, and it was important that these tools could be
adapted to work within its existing procedures, avoiding the high cost and inconvenience
incurred if staff needed to change their working processes to fit with the technology.
The agency worked with Phoenix Data Security, its long-standing advisor on IT-security
planning, to determine the solutions that could best support its requirements. Brian
Kafenbaum, Managing Partner at Phoenix, explains its objectives: “The complexity of the
agency’s operations required a solution that could seamlessly support the efforts of
security and management staff across the entire organization. The volume of potential
risks that the staff needs to manage meant that support from automated processes was
key to an efficient, coordinated approach.”
SOLUTION
The agency decided to implement an integrated selection of three solutions from RSA –
The Security Division of EMC – based on the advanced level of maturity demonstrated
by RSA’s offering, which the agency saw as leading the rest of the industry. Kafenbaum
adds: “The agency was also reassured by the close integration among all three RSA
solutions, and their ability to work in concert to support an efficient and effective
response to the challenge of protecting sensitive data.”
“The reliability of RSA DLP
makes it possible for security
staff to set automated
response protocols for certain
types of alerts. This will help
reduce admin overheads by
reducing the need to manually
respond to incidents. RSA
DLP’s automated reporting
capabilities have also enabled
the organization to reduce the
resources it previously had to
devote to manually producing
reports, helping reduce costs.
Reports can now be run in
real-time, rather than on a
monthly basis.”
BRIAN KAFENBAUM, MANAGING PARTNER,
PHOENIX DATA SECURITY
CONTACT US
To learn more about how RSA
products, services, and solutions help
solve your business and IT challenges
contact your local representative or
authorized reseller – or visit us at
www.emc.com/rsa.
The organization purchased RSA DLP Datacenter, Network, and Endpoint and began a
phased roll-out starting with the Datacenter module, with Phoenix Data Security
supporting the deployment. As part of this, Phoenix worked with technical experts from
RSA Professional Services to fast track the project integration with a custom RSA Archer
application modeled on the agency’s existing internal business processes. With the
integration, the insights and alerts created within RSA DLP are automatically channeled
into RSA Archer to support an effective management response.
As the primary management tool for the intelligence generated by RSA DLP, RSA Archer has
been rolled out to both general and security managers across the organization. Besides
providing an all-in-one platform for tracking and responding to individual incidents, this also
supports resourcing and top-level business decisions by providing managers with real-time
insights into security trends and projects that staff are currently working on.
To ensure consistency and control over what information can be accessed through
software applications, the agency also deployed RSA Access Manager. This provides a
single portal for authorizing access to RSA DLP and RSA Archer, supporting the Common
Access Cards (CACs) that employees require to gain access to computers and applications.
RESULTS
With RSA DLP, staff now have powerful tools for identifying and resolving potential risk
points where confidential data or PII may be exposed, such as in departmental file shares
or Microsoft SharePoint Enterprise, where sensitive information types are not authorized
to reside. The security team has also used these insights to improve staff training and
development. A key benefit over the agency’s previous solution is the accuracy of RSA
DLP, which operates with a lower than five percent false positive rate.
Kafenbaum comments: “The reliability of RSA DLP makes it possible for security staff to
set automated response protocols for certain types of alerts. This will help reduce admin
overheads by reducing the need to manually respond to incidents. RSA DLP’s automated
reporting capabilities have also enabled the organization to reduce the resources it
previously had to devote to manually producing reports, helping reduce costs. Reports
can now be run in real-time, rather than on a monthly basis.”
Besides protecting standalone files with RSA DLP, the agency uses RSA Access Manager
to enable a single sign-in process for RSA DLP and RSA Archer, reinforcing the two-factor
CAC-based authentication it already has in place to secure computer terminals.
RSA Archer is used by security personnel to effectively respond to the risk alerts
generated by RSA DLP. The adaptability of the solution has allowed the security team to
map the response process on the organization’s established security policies, ensuring it
is consistent and familiar to staff.
RSA Archer is also used by managers around the agency to gain an up-to-date insight into
security trends affecting the organization and how these are being responded to. This
supports more effective decision-making around security planning, policy development,
and resourcing issues.
www.emc.com/rsa
©2013 EMC Corporation. All rights reserved. EMC, the EMC logo, RSA, the RSA logo, and Archer are the property of
EMC Corporation in the United States and/or other countries. All other trademarks referenced are the property of
their respective owners. h11838 USFED CP 0513
H12158