Spirion Resource Icon
Case Study

Financial Services Firm Conquers Compliance with Spirion-First Approach

Customer Challenge

Patelco logoIn the short term, Patelco needs to meet more stringent Payment Card Industry (PCI) compliance regulations. In the long term, it needs to stay in compliance with a growing number of increasingly strict regulatory requirements.

Spirion Solution

Patelco took a Spirion-First approach by inventorying and classifying all of its data, and gaining full visibility to determine strategic protections and actions. Further, integration with its industry‑leading Data Loss Prevention program strengthens the effort

Spirion Results

With Spirion, Patelco rapidly located all of its sensitive data, discovered the data that needed to meet specific regulations, and took proactive action to maintain compliance on a tight deadline

The Mission: Rapid data protection for compliance leveraging existing DLP investments

Rapidly growing credit union Patelco serves more than 325,000 members nationwide as a federally insured, not‑for‑profit financial institution. With more than $6 billion in assets, Patelco is in the top 1% of U.S. credit unions.

For Patelco to meet the Payment Card Industry’s stringent new compliance requirements by a tight deadline, accurate data discovery and persistent classification was non-negotiable. So, a rapid and successful Spirion data discovery, classification and protection step was critical.

This step allowed Patelco to inventory and classify its full slate of data, know where all of its data lived, and put procedures in place to better govern, reduce risks, and meet compliance standards. It also enabled Patelco to simultaneously leverage Intel Security’s EPO endpoint technology for corporate policy enforcement.

“Spirion is a great company with a great product — it’s world-class in my opinion,” said Chief Information Security Officer, Brent Gifford. “Combined with Intel Security’s McAfee DLP, it’s a perfect marriage.”

Lean discovery across network and cloud

During the DLP integration, the Patelco team performed an audit across 350 terabytes of data on 180 servers and 1,700 endpoints. Next, Brent reviewed the findings with every department. Then he reviewed the discovery process and company policies, and began strengthening remediation processes and procedures. During the process, Spirion allowed Patelco to locate all of its sensitive data with a high degree of accuracy.

“Spirion is very robust,” said Brent. “It does a grand job of presenting discovery results across our entire network and cloud, so we can present comprehensive options. Spirion is efficient and effective. As a result, we’re able to run lean.”

Preparing for a world with stricter regulations

Preparing for the PCI’s stricter regulations is just one of many compliance hurdles Patelco must conquer. Other critical compliance regulations for financial services firms are the Federal Financial Institutions Examination Council (FFIC) and the National Credit Union Association (NCUA). Like many regulatory bodies today, they are issuing increasingly demanding mandates for compliance and penalties for non‑compliance.

Further, once the rapidly growing financial services organization hits the $10 billion mark, it will be subjected to even more stringent and punitive compliance regulations imposed by other agencies. One of these is the Consumer Financial Protection Bureau (CFPB), which is free to impose severe restrictions on member credit unions at its discretion.

Requirements are going to be “extremely intense and we’re preparing now,” said Brent. For his team, this means building on top of their current data discovery and data classification capabilities.

Staying in command and control of data

Brent is confident the organization will be successful in meeting all data compliance regulations. “Spirion’s accurate discovery and data classification capabilities have helped us better assess the organization’s data environment,” so the company can prepare for complete compliance.

The executive team and board are easily kept in the loop, said Brent. Spirion provides “the necessary data to update our CEO and CIO with more detailed metrics, process review findings, compliance updates, and organizational status updates.” He also shares insight with the Board of Directors in a quarterly report.

Looking ahead to new compliance challenges, Brent and his team are putting systems and processes in place to meet the impending requirements, making Spirion’s role all the more important in the future of the financial services firm.

“Spirion is efficient and effective. As a result, we’re able to run lean.”

-Brent Gifford, CISO, Patelco Credit Union

Related Resources

The essential guide to detecting and protecting sensitive data-at-rest
Supercharge Your DLP Security Program
Supercharge your DLP investment with accurate and automated data classification
Complimentary Forrester report: “The Zero Trust eXtended Ecosystem: Data”
Practitioner’s Guide to Meeting PCI DSS Audit Deadlines at Rapid Speed
Automate Your NIST Security Framework with Context-Rich Data Classification