A world-leading petrochemical company is seeking a world class Enterprise Data loss prevention solution that is capable of protecting sensitive data and critical information which represent the essence of the brand allowing monitoring, detecting and blocking the sensitive data while in use, in motion or at rest. This requires building clear policies to classify data from unauthorized end users touching bases across Network and Endpoint whole also providing Data Discovery without additional agents, software or services. The proposed DLP solution must allow the client to monitor network assets (routers/switches) for detection while providing the next generation prevent capabilities targeting windows workstations.
The solution should be a recognized large enterprise class Data Loss Prevention solution that provides the ability to apply content aware policies to Endpoint, Network and Discovery.
The scope should cover all client assets that are summarized below:
- Network DLP:
- Estimated 257 asset locations
- Estimated 7 data center locations
- Solution hardware to support 1Gb Ethernet throughput (with fail open capability)
- Endpoint DLP:
- Estimated 38000 seats
ADACOM provided a phased approach through targeted milestones, which are described below:
- Milestone 1: Analysis and Design
- Milestone 2: Installation- Configuration (Development Environment)
- Milestone 3: User Acceptance Testing (UATs)
- Milestone 4: Deployment of the solution ( Production Environment)
- Milestone 5: Training- Knowledge Transfer
This phased implementation approach included the following services:
- Project Engagement Services, which included the detailed project plan, the structure of and the frequency of periodical status reports, the project deliverables structure, the project milestones and the project’s risk register, in alignment with the client’s STEP project management methodology,
- Business Engagement Services, which included the requirements analysis, completed through a series of business and technical workshops with key-stakeholders from client’s business units. This synergetic approach helped the project teams to reach a common understanding of the proposed solution, set the expectations in terms of operations and security, as well as identify and classify SABIC’s sensitive information and intellectual property. The deliverables included the project scope, the detailed definition of the business use cases that should be supported by the proposed solution, the technical and network design, as well as the infrastructure sizing requirements.
- Product Engagement Services, which included the installation and configuration of the solution in a development environment. Among the technical tasks, a series of workshops took place to review and finalize the DLP policies, remediation process, incident response procedures, as well as associated reports and notifications. In addition to this, a large set of operational and non-operational user acceptance tests were performed to verify the policies efficiency and effectiveness, accuracy of the reports and remediation workflows as well as the impact of every component of the solution to the client’s environment. Following the solution acceptance, the DLP modules were rolled out to and were integrated with the production environment, while detailed monitoring was enabled to measure and verify the operational user acceptance tests. Finally, a series of administrator, operational and C-Level handbooks were created, to leverage the solution’s efficiency in the client’s everyday operations followed by a series of training classes, knowledge transfer sessions and the development of training guides.
The client expects a balanced approach between operational efficiency and security, and the proposed solution functions towards exceeding this expectation. Primarily, the client has gained a detailed visibility of their internal and external information flows, including sensitive data and intellectual property, created a baseline of information classification and protection levels as well as enhanced their incident response processes. Currently, the client is able to detect an accidental or malicious transfer of information through a series of channels (email, web, USB, FTP, instant messaging, etc.), receive instant notifications and select appropriate remediation actions (from user notifications to blocking of information flows). Furthermore, the solution operation has raised the user awareness, through custom-made notifications, which supports a better overall security stance of the organization. Finally, through a series of customized reports, the client can view the overall risk reduction and therefore measure the solution effectiveness, verify compliance with data protection standards and plan additional security measures that will further enhance the Data Loss Prevention solution installed.
The project required 85 mandays.