How Data Classification Enabled An 80% Reduction Of DLP False Positives
Customer: DeltaCredit Bank
Requirement: Data Classification To Protect Valuable Data
Solution: Boldon James Email, Office, File Classifier and SharePoint Classifier
DeltaCredit Bank is among the five largest banks in the Russian Federation in mortgage lending volumes and is owned by Société Générale, one of Europe’s leading banking and financial services groups. They are based in Moscow with 17 regional branches.
In common with many banks who operate at the heart of national financial systems, DeltaCredit face increasing challenges with risk, compliance and data protection. Without a data classification process, they found themselves treating all information equally, making incorrect risk assessments and underestimating or overestimating the value of information.
The Central Bank Of Russia requires Russian banks to have a data classification process, and DeltaCredit felt that implementing data classification software would achieve both compliance with this and other regulatory requirements, as well as giving them better visibility of what data they had and how to protect it. DeltaCredit identified that classification could not be successful as a one-off exercise just focused on specific applications or data sources but it needed to be continual and for all information they had; every file and email.
Supported by Boldon James’ Elite reseller, Adacom, DeltaCredit shortlisted two possible user-driven data classification tools. Whilst both products were able to provide a range of functionality, they selected Boldon James Classifier as it gave them the functionality they actually needed, at a more competitive price.
"The goal of this project was to implement a solution that can help to manage our data. We evaluated a few solutions and chose Boldon James as they were the best in both price and quality. With the implementation of Boldon James’s solution, our company has seen significant improvements to user awareness around the value of data. In combination with Data Loss Prevention systems, Boldon James has helped to reduce DLP false positives by over 80%.”
The team initially ran a pilot project comprising 40 users, with representatives from different departments. With the data classification tool impacting every employee in the bank, they felt it was critical to get detailed feedback on how to best implement the solution and what rules to use for each functional area. The pilot was successfully completed within a month and Delta purchased Email, Office, File and SharePoint Classifier for use across their business. Utilising the flexible multilingual capability available within the Classifier Administration console, Delta Credit were also able to configure their policy in Russian.
Communication of the new process was identified as a priority and the team considered doing face-to-face training. As they felt that both their policy and Classifier were simple to understand, they chose instead to communicate changes by email, reminding users about the policy and providing details on which classifications levels to choose. Within the first four weeks, they were able to easily change the rules, altering notifications in response to feedback and tailoring implementation to the needs of the users to make life easier for them.
One of the greatest concerns was that the users wouldn’t like it and that it would have to be mandated, but in fact the DeltaCredit users treated classification as a game, surprising the ISO team with how positively it was accepted. During the phased implementation those users who did not yet have the tool were curious about others using it and requested it too. The software was implemented in just one week without the need for any specialist consultancy, skills or knowledge. “Once you’re done with the rules, you’re good to go, it doesn’t need a lot of attention, and it can just run. It’s very easy to maintain and we didn’t need a lot of specific knowledge or training” said Alexey Lola, Chief Information Security Officer.
The ISO team say they knew the project had been successful when they could see users were using the software and policy appropriately, and not simply using the default classification all the time. The team report a transformation of culture in relation to IT security, where classification is now automatic for the users and has become part of their normal daily routine. Alexey Lola continues “Classifier is not just about protection of the information – it’s there to change the security culture in the organisation as it affects every employee in your organisation.”
Classifier has also been integrated with DeltaCredit’s existing Data Loss Prevention (DLP) solution provided by InfoWatch, giving predictable and meaningful metadata that greatly improves the performance and reliability of the DLP decision-making logic. The combination of Classifier metadata and DLP has reduced false positives by over 80%, from around 150 events per day to 30-35 per day.
With the implementation of Boldon James Classifier, DeltaCredit Bank has seen significant improvements in security culture and user awareness around the value of data. In combination with Data Loss Prevention systems, Boldon James has helped to mitigate many data leakage risks, reduce false positives by over 80% and change the IT Security culture across the entire organisation.
Download the Forcepoint & Boldon James Solution Paper - Enhancing DLP with Classification.
"User friendly Administration console helps to easily understand and implement classification"
Implementation is rather easier than other competitive products, administration console is also easier to understand and everything relevant to classification is there.
Also there are number of default templates and default messages to use with classification rules.
With unrivalled customer service and best-of-breed data protection and governance solutions,
we are helping many of the world’s most successful organisations take control of their business data.
Everyday, our customers enjoy more effective, secure and streamlined operations -
protecting their business critical information and reducing risk.
We integrate with powerful data security and governance ecosystems.
We protect business critical data, improve data control and reduce risk.
We deliver improved and streamlined business performance.
We are a “safe pair of hands” that constantly deliver success.