About The Customer
A multinational company providing engineering, IT and staffing services to clients in a range of industries faced a demanding challenge; with a small security staff, they had to quickly develop, adopt, and rollout a new approach to data protection for an aerospace client – in less than six months.
The Business Challenge
The aerospace client had worldwide operations and was a major supplier to the U.S. Department of Defense. It shared sensitive information in multiple formats with its supply chain. As a defense contractor, some, but not all the data they used was subject to ITAR/EAR requirements. Under ITAR, specific design components and data may not be shared with non-US citizens, even if they are active in the manufacturing of components.
The client’s requirements addressed multiple attack vectors, and consequently the potential for multiple solutions. This included Data Loss Prevention (DLP), network access control, removable media management, and Digital Rights Management (DRM). The company’s IT resources were fully utilized with existing operations. Sourcing, evaluating, and implementing multiple point solutions in the required timeframe was too big a task for the security team, and the risk of failure, and noncompliance, was substantial.
Critical Success Factors
- Comply with ITAR/EAR requirements
- Secure sensitive, regulated data without adding IT and security overhead
- Support multiple use cases and attack scenarios
- Meet the aggressive timeframe for adoption and rollout
The Solution
Fortra worked with the firm to determine the best way to address the client's security requirements and meet the tight deployment deadline with as little disruption to employee workflow as possible. Fortra DLP — a data-aware solution that protects the data directly while enforcing appropriate use — provided a single solution for all their data protection needs. Data loss prevention, network access control, removable media management, and ITAR-compliant features can all be managed with Fortra DLP. Due to its aggressive deadline and limited internal resources, the firm chose Fortra's Managed DLP Solutions. As part of our Managed Security Services, Fortra's Managed DLP offering enabled the firm to focus on existing operations and rely on Fortra's security experts to manage and monitor all threats to their data — from inside and outside the organization. Moreover, the organization's ITAR-regulated information could now be masked or displayed based on the privileges and clearance level of each individual user. The client’s requirements were unexpected, and therefore unbudgeted, but the decision to go with Managed DLP eliminated the need to adjust their capital budget; no new servers, capitalized software, or added IT personnel were required.
The Results
- Fully operational within 90 days
- A single, managed solution for all data protection needs
- No additional IT or security overhead
- No additional capital expenditures
- Fully compliant with ITAR/EAR requirements
Data Types We Protect
