Overview
Executive Summary
Data Loss Prevention (DLP) is crucial to every digital enterprise. Preventing data loss and recovering it if something happens is vital, as is managing that data according to business and regulatory environments.
Yet DLP is not a once-off solution. It is a living and evolving service that keeps adapting to the business and its data requirements. For our customer, a multinational chemicals giant, DLP is crucial yet tricky to manage. It must handle DLP requirements across a sprawl of different business units and geographies while also meeting some of the planet's strongest data compliance laws. It also competes in a sector where information is crucial for success, such as safeguarding intellectual property that took decades to create and may need years to generate returning value.
Performanta's customer needed clear and direct control over its DLP programme, a responsibility channelled through a small yet dedicated DLP team. This team sought to enhance their DLP capacity and asked Performanta for solutions. A managed service turned out to be the best option; Performanta took on day-to-day DLP tasks and helped develop the relevant DLP frameworks, policies and architectures, a relationship that continues today.
By opting for Performanta's tailored managed DLP service, our customer has enhanced control and choice for its DLP environment, augmented by our embedded experts. We take care of the intricacies while their DLP team can focus on changing requirements and requests from different parts of the business. They now do much more with less, saving time and effort while knowing they have a reliable service partner in their corner.
The Challenge
Even though this Performanta customer employs tens of thousands globally, its DLP team is tiny. They are responsible for a wide range of sensitive data, including employee Personal Identifiable Information (PII), customer data, logistical and operational information of sensitive industrial sites, and intellectual property such as research and patents. This company operates largely from Europe, so it has many rigorous laws to comply with, particularly around employee information.
DLP requires more than good software. It relies on specialised skills and experience to configure DLP systems, develop appropriate policies, and establish the most suitable infrastructure. Since data is continually evolving in size, type and regulatory requirements, so must DLP environments. Yet due to the nature of its business and the regulations of its operating environments, our customer cannot simply outsource all DLP work. Instead, they needed a solution that complemented their established internal DLP expertise, adding the necessary resources and skills.
The Solution
Performanta has worked with this customer for several years across different security needs. They realised they required additional resources and expertise when they decided to evolve their long-term DLP policies and architectures. They requested feedback from Performanta, and we proposed several options, including a managed service.
The customer decided that a tailored managed DLP service best fits its needs, supporting its core DLP team with Performanta's capabilities and solutions. Our service solution enhanced their DLP environment, including a leading DLP vendor's software. Performanta assigned a staff member to focus exclusively on this DLP environment, embedded within their team. We also collaborate with the customer to create appropriate policies and processes, and supply additional staff to address specific requirements.
The Results
DLP is less about the technology and more about how one manages that technology. Performanta’s managed DLP service has been shaped to fit our customer’s requirements. They own the DLP programme, and their DLP team continues to look after data across global locations, keeping in step with regional laws. Since Performanta doesn’t store or manage any of the data, our customer retains direct control and data sovereignty. Yet they have the advantage of purposely-designed systems and policies, including areas such as alert management and reporting.
Today, our customer has a well-defined and living DLP programme. It determines who owns DLP and its components, how different parts of the business leverage appropriate DLP features, and which modules to use. Performanta’s DLP managed service reduces noise and helps incorporate DLP into our customer’s strategy and direction.
Talk to our experts
About Performanta
Performanta was founded in 2010 and has over 150 staff worldwide, including former CIOs/CISOs from large enterprises. It has a global footprint with a team of 80 analysts working in two SOCs, helping to secure customers across 50 countries, from offices in the United Kingdom, Australia, Germany, South Africa and the USA. Performanta offers a consultative approach to people, process and technology, focusing on security projects in line with adversarial, accidental and environmental business risk. With a holistic cybersecurity view, we understand the modus operandi of the perpetrator and accordingly build an intelligent defence mechanism to make customer environments less susceptible to attacks.