CASE STUDY

FINANCIAL SERVICES FIRM BANKS ON DATA LOSS PREVENTION SOLUTION TO SECURE SENSITIVE INFORMATION

A Fortune 25 financial services firm delivering a variety of banking services in more than 100 countries needed to protect the data traveling to and from its 400,000+ endpoints, and ensure that sensitive information was securely transmitted and safe from unauthorized copying, transfer, and misuse. Since the endpoints spanned multiple countries, languages, and legal jurisdictions, it was critical the firm employ a data loss prevention (DLP) strategy that met regional legal and regulatory requirements; enforced data protection policies with full governance; and educated end users on the proper transmission and usage of data.

A DAUNTING TASK DEMANDS EXPERIENCED HANDSLacking the experience to manage a DLP implementation of this scope, the firm sought a qualified partner to help it select a vendor to meet current and future data protection needs. It was important the advisor have global reach, proven security expertise, and international staff well versed in information security requirements. The financial services firm called on Verizon’s professional security services consultants to validate and expand on their initial selection criteria, conduct a vendor selection process (including onsite viability of available solutions), and recommend a solution that would satisfy functional and operational requirements, meet deployment timelines, and yield quantifiable results.

SETTING THE STAGE FOR A SEAMLESS IMPLEMENTATION Using its proven operational maturity mode—which includes a methodical approach to determine a client’s stage of development and adoption of a DLP strategy—Verizon was able to help the firm determine the necessary level of support. This allowed the firm to verify that existing data loss prevention measures were validated and acceptable, and avoid duplication of measures already taken and the associated consulting expense.

Verizon determined the firm met requirements for the “Acquiring” stage and helped the client establish a plan to put an effective DLP strategy in place. This included a methodical review of use cases modeling not only specific information types and uses, but illustrating how the firm would need to support engineering, reporting, monitoring, auditing, internationalization, and associated duties to secure such data.

ACQUIRING STAGE: RIGOROUS VETTING THINS THE CANDIDATE POOLVendors most capable of meeting the firm’s requirements were invited to participate in an on-site proof of concept (POC) effort. Verizon identified regulatory and vendor management requirements during this effort, and made recommendations to the firm by evaluating both vendor criteria and execution capability.

Key factors in this recommendation included the vendors’ ability to:• Deploy and operate effectively in the client’s virtualized environment• Separate duties between incident analysts operating in different countries• Support the volume of reporting required• Provide discovery capabilities related to large data sets• Integrate with the firm’s existing systems

DEPLOYING STAGE: VALIDATION AND PLANNING EQUAL CONFIDENCE IN EXECUTION Receiving clear planning documentation from Verizon based on the operational maturity model, the firm was able to choose a vendor that could meet their specific needs, track clear progress, and move to the “Deploying” phase of the DLP implementation with confidence that their appropriate policy and regulatory requirements were met.

During this stage, Verizon supported engineering validation tasks on all components of the chosen vendor solution and conducted initial User Acceptance Tests (UATs) and pilot deployments to confirm proper functionality. Beyond that, Verizon helped develop and execute a staged global deployment of all systems associated with the DLP solution, across multiple countries.

DATA LOSS PREVENTION: OPERATIONAL MATURITY STAGES

Verizon’s operational maturity model allows for greater understanding of where a client resides in its progress toward an operational DLP deployment. Using targeted analysis, Verizon can help create a plan to help clients meet appropriate prerequisites for each stage—and move toward achieving fully operational, validated, and auditable DLP programs with set processes and educated staff. Stages include:• Exploratory: Client is exploring DLP benefits, provides “spot” DLP solutions

or has no DLP solutions currently in place • Acquiring: Client is evaluating and developing plans for DLP acquisition • Deploying: Client has acquired and is implementing the solution,

in early stages of maturity• Operationalizing: Client is developing governance processes and structure

for a mature, validated, and auditable system• Maturing: Client is adding new functionality, developing processes,

and implementing advanced discovery/control policies• Steady State: Client is already operating DLP processes using defined

and documented structures

OPERATIONALIZING PHASE: CHECKS, BALANCES, AND EDUCATION STRENGTHEN THE DLP SOLUTIONUnderstanding that deploying a DLP tool without appropriate education or controls can result in unregulated access to sensitive information, Verizon worked with the client as it moved into the “Operationalization” phase to put proper governance, operational, and administrator frameworks in place to help ensure business processes ran smoothly.

As part of this phase, Verizon coordinated the establishment of a governing body to oversee and approve policy, reporting, and remediation efforts to maintain consistency, auditability, and growth of the DLP deployment. Verizon also developed detailed training materials and a communications plan to educate employees about the DLP solution and its impact on the enterprise.

MATURING PHASE: INSIGHT AND STRATEGY YIELD POSITIVE RETURN ON INVESTMENTThis helped move the firm to the “Maturing” stage of its DLP deployment, during which, with the proper insight, clients may develop more complex strategies, increase tool adoption, and get the most value from their DLP solution. During this phase, Verizon worked with the firm to integrate their existing DLP solution into their larger security program, while also helping the organization adopt additional DLP capabilities.

To do this, Verizon consulted on the development of incident and log analysis tools; supported the creation of a policy request process; advised on scanning strategies; developed advanced detective policies; and helped create governance and training documents for discovery scanning teams.

Additionally, Verizon coordinated and assisted in system validation, installation processes, and global deployment strategy—including engineering, governance, operational, regulatory and employee education support.

STEADY STATE STAGE: MAINTAIN OR AUGMENT THE DLP DEPLOYMENT WITH ONGOING SUPPORTA stage in which a client maintains ongoing operations of a matured DLP solution, the “Steady State” is achieved when DLP analysts, engineers, and system owners conduct regular tasks using the tools and processes created throughout the operational maturity cycle.

Verizon works with clients toward achieving this phase through the development of transition tasks, resource documents, and workshops. Additionally, Verizon offers personnel, connectivity, and cloud-based systems to help businesses of all kinds support ongoing operations.

LASTING BENEFITS ON A GLOBAL SCALEThe firm was ultimately able to execute and maintain a DLP deployment that yielded:• An operable means of addressing security compliance requirements across every region

in which the client does business• A governed approach to protecting enterprise data in its various states, whether traveling across

endpoints, in use, or being stored• Knowledgeable employees and administrators, continuously educated about security trends

sand requirements to maintain compliance, secure data and protect corporate reputation• Methodical vendor selection guidance helping manage related expenses• A worldwide approach to data security, implemented at both the local and global level.

ENVISION A MORE SECURE FUTURETo learn more about protecting your enterprise with Data Loss Prevention services, contact your account manager or visit verizon.com/enterprise

Verizon is a global leader in driving better business outcomes for mid-sized and large enterprises and government agencies. Verizon combines integrated communications and IT solutions, professional services expertise with high IQ global IP and mobility networks to enable businesses to securely access information, share content and communicate. Verizon is rapidly transforming to a cloud-based ‘everything-as-a-service’ delivery model that will put the power of enterprise-grade solutions within the reach of every business. verizon.com/enterprise

Verizon Communications Inc. (NYSE, NASDAQ:VZ), headquartered in New York, is a global leader in delivering broadband and other wireless and wireline communications services to mass market, business, government and wholesale customers. Verizon Wireless operates America’s most reliable wireless network, serving more than 93 million customers nationwide. Verizon also provides converged communications, information and entertainment services over America’s most advanced fiber-optic network, and delivers innovative, seamless business solutions to customers around the world. A Dow 30 company, Verizon employs a diverse workforce of more than 195,000 and last year generated consolidated revenues of $106.6 billion. verizon.com

© 2012 Verizon. All Rights Reserved. The Verizon name and logo and all other names, logos, and slogans identifying Verizon’s products and services are trademarks and service marks or registered trademarks and service marks of Verizon Trademark Services LLC or its affiliates in the United States and/or other countries. All other trademarks and service marks are the property of their respective owners. CA15459 10/12