Integrated Global Energy Company

Case Study

  Industry Case Studies    All Case Studies

Eliminating One Source of Data Breaches

“The issue is not the security architecture or strategy, it is the inability to identify potential, unknown sensitive information exposures in real-time from within content.”

Concept Searching
Customer Location:
United States
Industry:
Energy and Utilities
Issue:

As part of this company’s information governance initiatives, the identification and protection of data privacy and confidential information was a key component. It was seeking a solution that would automate the process, automatically identify and protect unknown vulnerabilities, and notify the appropriate staff for disposition.

Products:

“The primary cause of data breaches and lapses in protecting confidential assets is the end user. By eliminating the need for an end user to understand all security scenarios, an organization becomes more productive, and enterprise risk is minimized.”

Using the conceptClassifier platform, conceptClassifier for SharePoint, and conceptTaxonomyWorkflow, this organization was able to achieve its objectives. The solution provided real-time identification of data privacy and confidential information vulnerabilities, removal of relevant content to a secure repository to prevent access or download, and notification of staff for appropriate disposition.

Benefits

  • Reduces organizational costs associated with data exposures, remediation, litigation, sanctions, and fines
  • Protects an organization by identifying and securing unknown data privacy or confidential information and preventing the portability and electronic transmission of secured assets
  • Real-time identification and protection of vulnerabilities contained within content
  • Ability to identify privacy data from diverse repositories, email and fax servers, test servers, and scanned documents, and aggregate them for review and disposition
  • Creates workflows to identify organizationally-defined confidential information that should be protected and available only to authorized users
  • Eliminates manual metadata tagging and human inconsistencies that prohibit accurate identification and protection of unknown privacy or confidential data assets

The company is an integrated global energy company based in Spain. It carries out upstream and downstream activities throughout the world. It is vertically integrated and operates in all areas of the oil and gas industry, such as exploration and production, refining, distribution and marketing, petrochemicals, and power generation and trading.

With 24,000 employees worldwide, the company was concerned that not all content containing privacy data was being identified or protected, creating issues of data breaches and noncompliance.

  • End user tagging did not always reflect the presence of privacy or confidential information
  • Content containing vulnerabilities had to be manually processed, and was not always done in a timely fashion, if done at all
  • The organization was unable to identify vulnerabilities until after the fact, exposing it to risk until the vulnerabilities were processed through disposition
  • Concern that unauthorized end users would share content that contained privacy or confidential information with partners and third-party stakeholders
  • No process to identify confidential company information and apply security controls
  • Compliance with different, sometimes unique, country privacy mandates was hard to manage and implement

Organizations are well aware of security challenges, in the cloud and on-premises, and many have sophisticated applications to protect their enterprises from information security exposures. Surprisingly, many global organizations actually do not have a comprehensive, documented internal information security strategy. With cybercrime and security issues on the rise, although organizations may feel confident they are compliant with data privacy mandates, it is likely they are not.

Most data breaches are caused internally, either intentionally or accidentally. They can prove costly, result in brand damage, and increase organizational risk. Prevention is a challenge, as the identification process does not typically take place in real time, so when a vulnerability is identified it is usually too late to prevent the breach. For example, when using OneDrive for Business in the SharePoint Online Office 365 environment, 17.4 percent of new content uploaded every month contains compromised data. Unless it is identified and undergoes appropriate disposition, the content retains the potential for future data breaches, and the quantity of compromised data increases exponentially.

The issue is not with the security architecture or strategy, but the inability to identify potential, unknown sensitive information exposures, in real-time from within content. Sensitive information exists in documents, scanned items, faxed items, emails, and in any unstructured or semi-structured content. Although some security applications provide the ability to recognize industry standard descriptors such as a social security number or credit card, not all address other sensitive and confidential information that an organization does not wish to share, for example, financial records, new product information, and pre-published stockholder information.

The conceptClassifier platform provides a technology framework with the capability to generate, leverage, and manage metadata at an enterprise level, regardless of where the content exists. At its core is the ability to automatically generate semantic multi-term metadata, and auto-classify the content to a taxonomy, where it can be managed and used to improve wide range of business processes. conceptTaxonomyWorkflow provides an easy-to-use interface, designed for subject-matter experts, to automate the processing of unstructured and semi-structured content when defined parameters are met. Processing can include a variety of actions, such as changing the content type in SharePoint, moving the document to a designated repository or processing to the records management application, or creating a staff notification for disposition.

The Concept Searching approach is fully customizable and identifies unique or industry standard privacy descriptors. Content is automatically meta-tagged and classified to appropriate nodes in the taxonomy, based upon the presence of the descriptors, phrases, or keywords from within the content. Once tagged and classified, the content can be managed in accordance with regulatory or government guidelines. The identification of potential information security exposures includes the proactive identification and protection of unknown privacy exposures before they occur, as well as monitoring organizationally defined vocabulary and descriptors in content in real time, as it is created or ingested.

Regardless of the size of an organization, data privacy should be a high priority. to ensure that content is proactively identified and protected. Whether it is an internal or external breach of confidential information, the stakes are too high not to address this issue.

With 24,000 employees the chance of an internal data breach, either intentional or unintentional, was quite high. The cost of remediation and the loss of brand value can be significant. The organization was able to customize workflows according to country guidelines, to ensure compliance with all applicable laws for the protection of privacy data. The ability to create workflows for any confidential information was an added bonus. Since the technology works in real-time, data containing vulnerabilities was identified and protected before any negative repercussions could occur.

  • Reduces organizational costs associated with data exposures, remediation, litigation, and fines and sanctions
  • Protects the organization by identifying and securing unknown data privacy and confidential information, and preventing the portability and electronic transmission of secured assets
  • Real-time identification and protection of vulnerabilities contained within content
  • Ability to identify privacy data from diverse repositories, email and fax servers, test servers, and scanned documents, and aggregate them for review and disposition
  • Identifies the standard privacy descriptors and workflows that specify terms and phrases that may be contained within the content
  • Workflows can be created that will identify organizationally-defined, confidential information that should be protected and available to only authorized users
  • Eliminates manual metadata tagging and human inconsistencies that prohibit accurate identification and protection of unknown privacy and confidential data assets
  • Identifies content that is inter or intra-related that may not contain the search criteria but is closely related and contains similar phrases, keywords, or concepts
  • Workflows can be created by subject-matter experts, or the IT team
  • Easy to use and rapidly created, tested, and implemented

Ask a Question

Leave your details and one of our consultants will get back to you.

Search Webinar