CASE STUDY

Securing What Matters: How a Credit Union Strengthened Data Protection with Spirion + Microsoft Purview

About the Organization

A U.S. credit union serving consumers and small businesses was focused on protecting sensitive member data. They turned to Spirion to integrate with Microsoft Purview to strengthen data classification, improve visibility, and enforce protection across legacy files, and endpoints.

“Labeling accuracy and integration with our Microsoft tools were key goals for us.”
— Senior Information Security Analyst, Credit Union

Download PDF

Challenge 

A regional credit union serving thousands of members recognized the urgent need to improve its data classification and protection strategy. While Microsoft Purview was in place, the team lacked full visibility into their environment—particularly legacy documents stored in uncontrolled locations. In one case, a scan of the IT share revealed that a former administrator had stored a significant volume of members’ personal information in unsecured folders. Nearly 95% of sensitive data matches were concentrated in a few files, highlighting both a visibility gap and a pressing risk. 

Additionally, they were challenged by a lack of clarity on who should manage or remediate the discovered data, how to share scan results securely with other departments, and how to operationalize audits with minimal disruption. 

“We were looking to get a better grasp on data classification,” shared a Senior Information Security Analyst. “Labeling accuracy and integration with our Microsoft tools were key goals for us.” 

The credit union needed a DSPM solution that could quickly identify high-risk data and facilitate targeted remediation. 

Solution 

The credit union chose Spirion’s Sensitive Data Platform (SDP) and implemented it through Spirion’s QuickStart Program for fast onboarding. The team began by scanning shared file servers, revealing unsecured files containing highly sensitive information, such as loan applications with Social Security numbers. Spirion’s reporting tools—including Power BI templates—helped the team quickly visualize and prioritize risk. 

Key capabilities included: 

  • Automated sensitivity labeling via Microsoft Purview, even for older file types like CSV and legacy Word documents. 
  • Redaction and shredding actions enabled for files containing personal information, with options to apply user-level remediation or retain files with sensitive data redacted. 
  • Targeted remediation support, focusing on high-match files to drive down exposure quickly. 
  • Role-based access controls, allowing selective visibility and action capabilities for department stakeholders. 
  • Flexible reporting that enabled stakeholders to view high-risk locations and understand data distribution without being overwhelmed. 

The team also explored differential scanning using updated agents, which allowed them to avoid rescanning unchanged files and speed up the overall scan cycle. Internal deployment testing of upgraded agents helped ensure operational reliability before expanding to other departments. “We even tested the label by sending an external email, and it blocked access like it should. It’s working exactly as expected,” said the Assistant VP of IT at the credit union. 

Results 

The Spirion implementation team delivered immediate impact and strong alignment with the credit union’s strategic goals. By uncovering and remediating risky legacy data and automating classification, the credit union expects to significantly reduced exposure and lay the foundation for future DSPM expansion. 

Key benefits realized: 

  • Working towards rapid risk reduction: Identifying and remediating high-volume sensitive data stored in insecure locations. 
  • Operational insight: Stakeholders were able to visualize data risk via intuitive Power BI dashboards, supporting clear communication across teams. 
  • Ease of use and value: “The product does what we need it to do—what it’s advertised to do,” the security analyst confirmed. 
  • Seamless Purview integration: Accurate, automated labeling across diverse file types. 
  • High satisfaction: Scored 10/10 on likelihood to recommend Spirion. 

The credit union has introduced Spirion’s results in leadership and security committee meetings, using data visualizations to demonstrate value and generate excitement across departments. The team is currently developing department-specific reporting templates and building processes for ongoing audits, data owner engagement, and policy enforcement. 

With quarterly strategy check-ins with their dedicated Customer Success Manager and support by Spirion’s Customer Enablement Engineer, the organization is positioned for continued DSPM maturity and cross-department adoption. “Getting a good grasp on data classification was the goal, and it delivers,” the Assistant VP of IT concluded. 
 

Ready to get started?

Schedule a personalized demo with one of our data security experts to see Spirion data protection solutions in action.

Watch demo now
Discover, protect and comply.

Protect sensitive information with a solution that is customizable to your organizational needs. When your job is to protect sensitive data, you need the flexibility to choose solutions that support your security and privacy initiatives.

Governance Suite →

Industry Solutions

Not knowing where sensitive client financial data resides and failing to take the right security precautions can be a costly mistake for your organization. Find out how Data privacy is treated in your sector.

Read more →