Implementing a Data Protection Strategy for an Australian Retailer

The retailer had been working closely with SECMON1 on improving their cybersecurity posture for a couple years when they decided it was time to tackle 20 years of data that had accumulated at their corporate office. The client had attempted in the past to accurately identify their sensitive data but furloughed the project as the technologies they used had high false positives, leaving them with little confidence to achieve acceptable results. Through Nicholas’ direction, his team was able to outline how they could help in addressing their data concerns and suggested using Spirion’s technology to add insight into what data they had, where it was located and how it was being used.

SECMON1 spent time interviewing the CISO, the information security team and key stakeholders to determine where they should prioritize their efforts given the sheer amount of data related to employees, customers and their IP. Through their efforts they were able to pinpoint where to begin and found key areas in the business that likely had the most sensitive data to discover, classify and remediate. In their first pass, SECMON1 and their customer began by looking at 18 Terabytes of unstructured data in SharePoint, OneDrive and on 1,000+ desktops.

Also identified were a few Network Attached Storage (NAS) file shares that had significant amounts of consumer records.

Immediately upon deploying Spirion, telling results emerged and surprised everyone. Clear text passwords were found throughout SharePoint and customer PII that was thought to be deleted long ago were found in open file shares and was still accessible. To begin, the findings were validated on small datasets, followed by a larger deployment on larger datasets. This resulted in providing confidence to the client that the results were accurate for appropriate remediation to be deployed.

The retailer was very pleased with the end results and pointed to several things that won them over. First, was Spirion’s ability to accurately discover data across vast sets of disparate data on the cloud, on-premise, and hybrid solutions. The sheer amount of unstructured data that the retailer collected over 20+ years was an ongoing headache that they finally found a solution for. Once the data was found, Spirion’s classification assigned values to the data which enabled them to make the best decisions within the context of their business. Through using SDM, the retail client deployed a data shredding strategy to delete cache files that had accumulated, freeing-up significant storage. Data that was over 90 days old, and rarely used became quarantined. And lastly, the classification tagging used in combination with their Data Loss Prevention (DLP) system and Microsoft applications set a course for the future for better decisions regarding data sent externally.

The client recognized they needed to manage their data before they had a breach and desired address compliance laws. Further, the client learned through a proof of concept how much data was in fact at risk and were presented with a remediation strategy by the team at SECMON1. An unintended outcome of their data security project was
savings on storage and the ability to see what data was being used, thereby adding value to the company’s sales strategy. The client found that they could set up workflows and policies to address data at is origination, making an effective solution that had positive impact on their workforce productivity.