How Paramount enabled a conglomerate implement a group-wide information governance mechanism and reduce its data loss risk by over 80%

Summary

A UAE-headquartered conglomerate was able to reduce the risk of loss of sensitive data and significantly raise its governance around data/information handling/protection thanks to Paramount’s deep and broad domain expertise in security and data protection, together with its implementation capabilities in a range of Microsoft security products

Icon Challenge

  • Customer data was scattered among 200 businesses and lacked central visibility.
  • Lack of awareness and structured data handling rules posed risks to the business.

Icon Solution

  • Design thinking workshops on data management were conducted with stake holders.  A data classification policy framework created and classified into 4 levels as public, internal or private.
  • Data sensitive SAAS based  catalogue built using Microsoft purview information protection.  Loopholes in data handling plugged on prem and cloud using CASBI and DLP .

Icon Impact

  • Reduced DLP losses by 80%.
  • Enhanced visibility, identified high-risk users and optimized the existing MS license to develop a robust data protection plan.
  • Eliminated capital expenditure (capex), maintenance, and management costs by 90%.
Image

Overview

A UAE-headquartered conglomerate was able to reduce the risk of loss of sensitive data and significantly raise its governance around data/information handling/protection thanks to Paramount’s deep and broad domain expertise in security and data protection, together with its implementation capabilities in a range of Microsoft security products. Our client is a large UAE-headquartered conglomerate with several lines of business. Their presence spans the Middle East, Africa, as well as South and South East Asia. Their wide geographic and operational footprint means they routinely generate and store gigabytes of data- a lot of it confidential or business sensitive. Their infrastructure includes both on-premises and on cloud. 16000+ users routinely share information within the organization and with partners, customers, regulators etc. This information includes emails, documents, quotations, financial statements, regulatory filings etc. The absence of a robust data governance and protection mechanism put them at high risk of potential data loss and non-compliance with data privacy rules. (Were any data losses suspected or reported?)

Through a combination of consulting and implementation services, Paramount assisted the client in achieving significantly higher levels of data loss prevention, along with enhanced data governance. What was especially commendable was that the client did not need to incur any additional financial outlay (either capex or opex), because savings from optimization of existing licenses within the group funded the new licenses needed

 

Specific Challenges

Our team’s initial assessment found the existing situation to be a CISO’s nightmare. The group did not have in place a data catalogue to classify different types of data that existed and travelled inside and externally. Nor did they have an automated tool to help them manage data on an end-to end basis, i.e. from discovery to classification, protection, and governance of information. The enterprise also had no information (and hence, control) over which user(s) accessed what data from which application using which device over the cloud. All this meant that users were free to share any kind of information with internal/external parties without inspection or any restrictions.

In addition to data loss risks that could compromise the group’s competitive edge, there were compliance risks around violation of GDPR and other such regulations. What made matters worse was the limited awareness of the magnitude of the loopholes that existed and the consequential risks to the business.

The Solution

Once this data classification policy framework was approved, we moved to implementing automated solutions. Our client already had various licenses in place for a slew of Microsoft products. By assessing redundance and optimizing licenses, we were able to secure licenses for the Microsoft Purview Information Protection (MIP) and Microsoft Data Loss Protection (DLP) tools. We configured the Data Classification tool to handle both structured and unstructured data and analysed all legacy files to classify them appropriately. In addition to implementing the Microsoft Purview Information Protection and DLP tools, we also implemented Microsoft Defender for Cloud App, in order to institute a security enforcement point between cloud providers and users. This improved security of data exchanged over the cloud across devices and applications and enhanced protection against data loss and certain types of threat.

Our multi-pronged approach has equipped the client with a robust foundation on which to build further, to handle a wider range of threats to its data.

Image

Outcomes

Icon

Improved robustness of data handling and related governance

Icon

Enhanced level data protection (reduced risk of data loss by 80%- how was this measured?)

Icon

Enabled identification of risky users so that corrective actions could be taken

Icon

Automation increased overall efficiency of information handling across the group

Icon

Superior regulatory compliance and protection against threats

Icon

Cost savings by better utilization of licenses and 90% reduction in expenses

About Paramount

Paramount’s expertise in Cloud security has already benefited 100+ customers. We combine capabilities in consulting with implementation and managed services to deliver comprehensive and customised security solutions. Our solutions draw upon our broad and deep expertise in areas including infrastructure and device level security, data protection, identity authentication, threat intelligence/monitoring and endpoint/application security.

We are a Microsoft certified Cloud Security expert as also a Microsoft designated solution partner for both Security and Modern Work. This partnership enables us to deliver accelerated deployment of Microsoft cloud solutions while also lowering implementation costs. The customer project in this case study relied on three tools from the Microsoft Purview Information Protection (MPIP) suite for cloud security- Azure Information Protection; Purview Data Loss Protection; and Defender for Cloud Apps.