- Protect structured and unstructured data in an open academic environment
- Improve information security strategy
- Strengthen internal culture of security
- Proofpoint Managed Services for Information Protection
- Deployed managed data loss prevention (DLP) program in phases
- Deployed and tuned DLP technology with minimal false positives
- Enabled ongoing alerting, reporting and incident response processes
Making the case for information protection
The cancer centre had already made major cybersecurity investments to protect its perimeter. But it also needed to update its information security so it could comply with healthcare privacy regulations and policies. The centre was committed to stopping threats from both inside and outside the organisation.
Because of the open nature of the university network, the security management team was especially interested in DLP technologies for protecting both their structured and unstructured data. The team reached out to Proofpoint to help with several things. They wanted to identify and prioritise their critical assets. They also needed recommendations on technologies to help them meet their requirements. And finally, they wanted to set up and manage a comprehensive security program.
Safeguarding critical assets and information
Proofpoint Information Protection Programs are deployed using a phased approach to help guide organisations in protecting their most important assets. The team worked with the cancer centre to identify and prioritise its patient data, along with its other intellectual property, such as research. The team also helped establish security policies and workflows specific to the centre’s needs.
“One of our most important tasks was to work with Proofpoint in the planning phases. We wanted to learn and thoroughly understand how people use our information technology,” said the centre’s information security project leader. “We both learned a lot about our business during that initial consulting and technology evaluation phase.”
Proofpoint and the cancer centre looked at several different DLP technologies using a 700-point use-case evaluation matrix. The results helped them to identify the best solution for the centre’s needs. This included technology for protecting data in motion, in use and at rest.
Going beyond the standard patient data and compliance security requirements, Proofpoint helped identify the cancer centre’s genomic research as a priority for protection. And together, Proofpoint and the centre developed a set of DLP policies for all of the centre’s key assets.
Understanding how cancer centre employees created, stored and transmitted their key data was critical. And it allowed Proofpoint Professional Services to fine-tune its technology from the start. This helped ensure the security staff would not be overwhelmed with noise from hundreds or even thousands of alerts. From day one there were very few false positives. Proper tuning also ensured that security analysts could review the information that was the most relevant to the cancer centre. And do so as quickly and accurately as possible.
Putting information protection in action
After helping the centre deploy its solution, Proofpoint moved on to the next phase. It took charge managing the program through its Managed Security Services for Information Protection. The Proofpoint SOC includes two key teams that help. The cancer centre worked with both security monitoring and analytics (SM&A) experts as well as a security platform engineering (SPE) group to manage its information protection program.
Proofpoint SM&A team members constantly observe, extract and correlate data on how information is moving in and out of the cancer centre. Then they use these insights to provide the centre with actionable recommendations as the program evolves. Knowing the business drivers for the client Information Protection Program is critical. It lets the team identify, triage, remediate and report any suspicious events. And it gives them the ability to do it much faster than traditional MSSPs.
The Proofpoint SPE group assists the SM&A team with technical support. This ensures that every component in the solution delivers 100% uptime. The group also helps the team to develop, maintain and configure adjustments in scope and policy governance.
The Proofpoint Managed Security Service also provides the team with in-depth reports. These show the centre’s overall security posture and intelligence issues. With policy reports, the organisation’s governance group can assess the accuracy of alerts and the severity of incidents. These reports also highlight trouble areas that may need more attention. And with compliance reports, the auditing stakeholders get the details they need to show compliance with policies and regulations.
Strengthening internal best practices
Just days after deploying the solution, the centre’s SOC team spotted risky staff behaviour at the centre’s campus. A doctor in the organisation was violating policy by transferring proprietary research information to a university outside the United States. The SOC alerted the cancer centre’s legal and compliance team, who worked with Proofpoint to resolve the issue.
The SOC teams are constantly analysing the impact of all incidents or violations of policy. This allows them to assess how existing policies may need to change to minimise or eliminate vulnerabilities. In this case, the policies no longer allow users to auto-forward specific documents.
Building insight and consistently protecting research and healthcare assets
Proofpoint Professional Services unlocked a variety of benefits for the cancer centre. Proofpoint helped the centre identify and prioritise critical assets; create workflows customised to its way of doing business; choose the best DLP technology; then operationalise its program. As a result, the cancer centre gained:
- A proven, successful process for implementing and using DLP
- Strong expertise as an extension of its security team for regular monitoring of structured and unstructured data
- A clear, more accurate picture of its security posture and how data is moving in and out of the organisation
- Analytics and reporting to help make better decisions about priorities and resource allocation for information security
“We have not had any problems in our initial implementation. This is thanks to the technical design and planning service from Proofpoint,” said a cancer centre security professional. “Proofpoint reports contain a lot of very useful information that helps us improve our operating performance. They give our non-technical stakeholders a way to understand the issues. And they give us a much higher level of confidence when we are making decisions.”