Leveraging DLP to gain customer confidence: The Cognizant way

By Dhwani Pandya, Principal Correspondent 12 Jan 2010 | SearchSecurity.in

Enterprise IT news roundup Digg This!     StumbleUpon     Del.icio.us

More resources on DLP Tackling the data loss challenge Data protection strategies: Unraveling the data leakage riddle Reliance Capital's DRM and DLP team up for data protection Data loss prevention addition to CIBIL's security arsenal

Cognizant, which serves sensitive verticals like healthcare, BFSI, technology and energy has a clear mandate to protect client as well as corporate data from theft or leakage. Moreover, the company felt a strong need for a data protection system that would protect its intellectual properties and also adhere to international regulatory standards and customer policies. Having understood emerging threats and adopting security tools and processes, it has put in place a dedicated security group responsible for defining information security policies, evaluating security products and auditing systems for compliance. Cognizant already has a number of sophisticated security tools like antivirus, spam management, intrusion detection systems, identity management systems and internet filtering software.

"DLP was developed as part of our enterprise risk management (ERM) program. We wanted a holistic view of the key risks faced by us, and the optimum strategy to manage them," says Satish Das, the chief security officer and assistant vice president for ERM of Cognizant.

Cognizant first created a separate information leakage monitoring policy to bring in more clarity on the operational fronts of DLP. Identification and classification of confidential data is the foremost step in DLP implementation. Due to presence of a heterogeneous environment to service customers across sectors and verticals, data classification was a difficult task. But since Cognizant was already compliant with BS7799/ ISO27001, this ensured that all information assets are labeled, and all data is handled as per labeling and standards.

Das' team began scouting and evaluating DLP tools from well-known vendors. "They were technically comparable. But our requirement was a solution that would seamlessly integrate with our existing URL filtering solution. This would help us define customized policies related to the existing URL filters," says Das. Policy management, accuracy in content monitoring, administration and reporting,

User acceptance, data classification, and rule streamlining over the company's wide footprint were some of the major challenges of the DLP implementation Satish Das chief security officer and assistant vice president for ERM, Cognizant

comprehensive protocol support, forensic capabilities, and product support were some of the other selection criteria. The company opted for Websense's DLP solution, as it has been using a URL filter solution from the same vendor for the last three years. The data discovery module of this solution simplified scan of projects segments for critical or sensitive documents over the network, which was time consuming and an error prone activity earlier.

Cognizant has finished the initial phase of its DLP implementation across all locations. The information leakage policy has been rolled out for critical accounts and internal projects. The DLP solution addresses three kinds of data -- at rest, in motion and in use. Cognizant has currently deployed Web and email modules of the solution, which will help the company monitor and block usage of any confidential data over Web and email.

As part of its data loss protection strategy, Cognizant has also implemented Microsoft's Document Right Management System (DRMS) solution. "We are at present working with Websense to integrate the DLP solution with the Microsoft DRMS platform," says Das.

User acceptance, data classification and rule streamlining over the company's wide footprint were some of the major challenges of the DLP implementation. However, according to Das, an extremely supportive management made it easier for the information security group to bring out this activity.

The DLP implementation has significantly improved awareness about data security and privacy among Cogizant's associates. "Till date, we were only educating the associates based on statistical figures and third-party exposures. Now, thanks to DLP, we are able to showcase the incidents directly affecting the associate," says Das. Employees now realize the potential of information leakage and its repercussions as well. On the business front the company has been able to significantly increase customer's confidence on its efforts in information protection. "This has helped our business teams in the bidding processes as well," says Das.

In the next phase, Cognizant wants to deploy fingerprinting of critical documents. Fingerprinting mainly keeps an image copy of important documents and monitors their movement on the network. Post this, the company plans to roll out the end-point DLP agents in project-specific laptops.

Tags: Data loss prevention technologies,  Network and endpoint security tools and technologies,  Identity management, authentication and access control solutions,  Hacking countermeasures,  Windows and other OS security best practices,  Enterprise risk management strategies,  Business compliance management,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Data loss prevention technologies Information rights management helps L&T protect its knowhow Interest in data leakage protection, event log management rises Considerations for buying and implementing DLP solutions Data classification as an insurance to protect information Security trends for Indian organizations: The 2010 edition IT (Amendment) Act, 2008 has information security market on toes Using data loss prevention software to comply with new HIPAA policies Basic Database Security: Step by Step How Windows servers get hacked Five things to do before your first PCI DSS compliance audit Network and endpoint security tools and technologies Two factor authentication gets token agnostic at Central Bank of India Considering two-factor authentication? Do cost, risk analysis How to perform an Active Directory health check Information rights management helps L&T protect its knowhow Voice data security risks on the rise, say experts Firewall audit tools aid compliance Interest in data leakage protection, event log management rises Zeus Trojan continues reign infecting 74,000 PCs in global botnet Fraudulent mobile applications will threaten mobile banking security Mobile Reputation Security prototype from Symantec: A closer look Identity management, authentication and access control solutions Two factor authentication gets token agnostic at Central Bank of India Considering two-factor authentication? Do cost, risk analysis PCI tokenization push promising but premature, experts say How to perform an Active Directory health check Information rights management helps L&T protect its knowhow Voice data security risks on the rise, say experts Security awareness is the key... cultivate employee loyalty Preventing password fatigue with single sign-on (SSO) authentication How to choose online data backup services for data protection Protecting enterprise networks from new mobile application downloads

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary