Embed Size (px)
Citation preview
Case Study: Data Protection and PCI-DSS Compliance for Multinational BankFinancial Services Customer Success Story
Background: A multinational banking and financial services company, with over 50,000 employees worldwide, was subject to a wide range of regulatory requirements. In addition to Sarbanes-Oxley (SOX), Graham, Leach, Bliley (GLB), and Payment Card Industry (PCI) standards in the US, they were subject to international regulations such as the EU Data Protection Directive. While the requirements for each standard vary, all focus on protecting information. The frequent news regarding data breaches and stolen credit card information made it clear that security had to be a priority.
When this organization decided it needed to improve protection of its credit card customers’ data, it called Digital Guardian (DG).
Banking and Financial Services Case Study
Company: Multinational Bank Challenge• 50 million credit card customers
around the world• Needed to permit some employees
access to social security numbers, others to access to PANs only, while still protecting customer information• Needed to improve controls over
removable storage devices
4
Banking and Financial Services Case Study
Critical Success Factors• PCI-DSS compliance• Automatic identification and
classification of sensitive data• Protection of all critical data on
network file servers• Mask some data, while leaving other
data visible• Allow administrators to back up files
containing sensitive data such as PAN and social security numbers, but not decrypt them
Banking and Financial Services Case Study
Environment• 12,000 Windows workstations
Solution• Used Digital Guardian automatic classification to identify social
security numbers, PAN, and other personal information• Digital Guardian endpoint agents monitored all user actions
and enforced controls, including:• Automatically encrypt sensitive files when those files are moved to
network file servers• Prevent decryption of PCI PAN and/or SSN data by unauthorized users• Automatically encrypt all sensitive data written from workstations to
authorized removable storage devices
6
Banking and Financial Services Case Study
ResultsContextual and content-based
classification of all sensitive dataVisibility into location and use of all PCI regulated information
Compliance with PCI requirements for PAN encryption based on data usage
Removable device control with automatic encryption on non-company devices
7
About Digital Guardian
Digital Guardian Facts Over 250 customers 130 of the Global 2000 and government
agencies Over 2,100,000 endpoints protected 130 of the Global 2000 and government agencies Used by 7 of the top 10 patent holders Only solution to scale to 250,000 agents Deployment Models Available:
• Managed Security Program (MSP)• On Premise• Hybrid MSP
At Digital Guardian, we believe your data is your business. We are the only patented data protection platform trusted by millions of endpoints to secure against insider and outsider threats!
8
Want More Information?
http://bit.ly/InsiderThreatsRiskWP
Get the best tips on protecting your data by Dan Geer by signing up to our whitepaper “How to Mitigate the Risk of Insider Threats”
Join the conversation!
