Flexibility in Identification of Highly Sensitive Data and Ability to Quickly Remediate Leads Global Retailer to Choose Spirion for their Data Security Needs

During a project with a large retail client, the Protiviti team identified data discovery and classification as a key need. The retailer believed that sensitive data was scattered about their environment. Using homegrown technology, they were able to validate this assumption. Their security team was confident that their efforts identified the problematic file shares. After locating the data, they planned to add additional security protocol to protect these areas. Through their work with overall governance strategy, Protiviti expressed concern about vulnerabilities that went unaccounted for in the initial pass to identify sensitive data.

The Protiviti team contacted Spirion and they worked quickly to scope out a basic data discovery scan on the same locations that the client already scanned. To the surprise of the security project manager and the Protiviti team, the Spirion scan produced a litany of sensitive data in the first two days. It was so much data that the retailer paused the scan to confirm these were not false positives coming back. Upon realizing the data in the results was both highly accurate and sensitive, they continued the scan to collect data to present to the CISO for a budgetary request to remediate their environment’s sensitive data using Spirion’s Sensitive Data Manager.

Over the years, the retailer built out a tool set to help them evaluate and identify data within their network. Through these efforts, they saw a high number of ‘hits’ come back on about 400 terabytes of data located in fileshares. Given that the company knew where the data was, they attempted to manually remediate to help limit risk tied to the data. Imagine attempting to go through three years of email to find and delete sensitive data to understand the monumental task for one person or a team of people to manually remediate 400 terabytes of data.

Regardless of the magnitude of the challenge, the retailer attempted this project, but then decided to budget for additional security to protect the data set. This strategy didn’t account for the fact that this sensitive data was fluid and was moved through thousands of employees all around the globe. It was at this stage that the retailer notified Protiviti and Spirion was engaged.

Following the initial scan that provided the results needed to validate budget, the retailer moved forward quickly with the purchase of Spirion for a multi-year contract. Working closely with Spirion professional services in phase one, the retailer outlined their need to scan the 400 terabytes of data in the file shares. However, after realizing the full functionality that Spirion’s Sensitive Data Platform provided, the retailer included discovery and classification at the endpoint of their workforce as well. As part of phase two, they chose to begin deploying Spirion to find sensitive data in their databases and mapped out their strategy to find unstructured data in pockets of their cloud-based infrastructure.

In addition to Spirion’s proven ability to identify sensitive data, the retailer was impressed with the flexibility of the solution’s discovery capabilities. They were also happy to see how easy it was to feed the scan results into automated workflows mapped directly to classification policy defined at the corporate level.

One of the immediate outcomes of the retailer’s project with Protiviti was that their use of Spirion as a one-time scan would not be enough. The amount of sensitive data copied, modified, emailed, saved, and created every day among their global workforce was enough to warrant an ongoing investment. The primary objective in the first phase of the project soon dovetailed into looking at larger swaths of both unstructured and structured data, at the endpoint, on premise and in their cloud applications. Working together with Protiviti and Spirion, the retailer has outlined a multi-layered approach to catch sensitive data and then course correct according to the rules that were defined during the project. The ongoing and continuous protections afforded by their Spirion investment drove home the value for the client.