A multinational banking and financial services company, with over 50,000 employees worldwide, was subject to a wide range of regulatory requirements. In addition to Sarbanes-Oxley (SOX), Graham, Leach, Bliley (GLB), and Payment Card Industry (PCI) standards in the US, they were subject to international regulations such as the EU Data Protection Directive. While the requirements for each standard vary, all focus on protecting information. The frequent news regarding data breaches and stolen credit card information made it clear that security had to be a priority. When this organization decided it needed to improve protection of its credit card customers’ data, it called Digital Guardian.

1. Case Study: Data Protection and PCI-
DSS Compliance for Multinational Bank
Financial Services Customer Success Story

2. Background:
A multinational banking and financial services company, with over 50,000 employees
worldwide, was subject to a wide range of regulatory requirements. In addition to
Sarbanes-Oxley (SOX), Graham, Leach, Bliley (GLB), and Payment Card Industry (PCI)
standards in the US, they were subject to international regulations such as the EU Data
Protection Directive. While the requirements for each standard vary, all focus on
protecting information. The frequent news regarding data breaches and stolen credit
card information made it clear that security had to be a priority.
When this organization decided it needed to improve protection of its credit card
customers’ data, it called Digital Guardian (DG).

3. Banking and Financial Services Case Study
 Company: Multinational Bank
 Challenge
• 50 million credit card customers around the
world
• Needed to permit some employees access to
social security numbers, others to access to
PANs only, while still protecting customer
information
• Needed to improve controls over removable
storage devices

4. Banking and Financial Services Case Study
Critical Success Factors
• PCI-DSS compliance
• Automatic identification and classification of
sensitive data
• Protection of all critical data on network file
servers
• Mask some data, while leaving other data
visible
• Allow administrators to back up files
containing sensitive data such as PAN and
social security numbers, but not decrypt them
4

5. Banking and Financial Services Case Study
Environment
• 12,000 Windows workstations
Solution
• Used Digital Guardian automatic classification to identify social security
numbers, PAN, and other personal information
• Digital Guardian endpoint agents monitored all user actions and enforced
controls, including:
• Automatically encrypt sensitive files when those files are moved to network file servers
• Prevent decryption of PCI PAN and/or SSN data by unauthorized users
• Automatically encrypt all sensitive data written from workstations to authorized removable
removable storage devices

6. Banking and Financial Services Case Study
Results
Contextual and content-based
classification of all sensitive data
Visibility into location and use of all PCI
regulated information
Compliance with PCI requirements for PAN
PAN encryption based on data usage
Removable device control with automatic
encryption on non-company devices
6

7. About Digital Guardian
Digital Guardian Facts
 Over 250 customers 130 of the Global 2000 and government agencies
 Over 2,100,000 endpoints protected
 130 of the Global 2000 and government agencies
 Used by 7 of the top 10 patent holders
 Only solution to scale to 250,000 agents
 Deployment Models Available:
• Managed Security Program (MSP)
• On Premise
• Hybrid MSP
7
At Digital Guardian, we believe your data is your business. We are the only patented data protection platform
trusted by millions of endpoints to secure against insider and outsider threats!

8. Want More Information?
8
http://bit.ly/InsiderThreatsRiskWP
Get the best tips on protecting your data by Dan Geer
by signing up to our whitepaper “How to Mitigate the
Risk of Insider Threats”
Join the conversation!