A multinational banking and financial services company, with over 50,000
employees worldwide, was subject to a wide range of regulatory requirements. In
addition to Sarbanes-Oxley (SOX), Graham, Leach, Bliley (GLB), and Payment Card
Industry (PCI) standards in the US, they were subject to international regulations
such as the EU Data Protection Directive.
While the requirements for each standard vary, all focus on protecting
information. The frequent news regarding data breaches and stolen credit card
information made it clear that security had to be a priority. When this organization
decided it needed to improve protection of its credit card customers’ data, it called
Digital Guardian.
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
Case Study: Data Protection and PCI-DSS Compliance for Multinational Bank
1. Case Study: Data Protection and PCI-
DSS Compliance for Multinational Bank
Financial Services Customer Success Story
2. Background:
A multinational banking and financial services company, with over 50,000 employees
worldwide, was subject to a wide range of regulatory requirements. In addition to
Sarbanes-Oxley (SOX), Graham, Leach, Bliley (GLB), and Payment Card Industry (PCI)
standards in the US, they were subject to international regulations such as the EU Data
Protection Directive. While the requirements for each standard vary, all focus on
protecting information. The frequent news regarding data breaches and stolen credit
card information made it clear that security had to be a priority.
When this organization decided it needed to improve protection of its credit card
customers’ data, it called Digital Guardian (DG).
3. Banking and Financial Services Case Study
Company: Multinational Bank
Challenge
• 50 million credit card customers around the
world
• Needed to permit some employees access to
social security numbers, others to access to
PANs only, while still protecting customer
information
• Needed to improve controls over removable
storage devices
4. Banking and Financial Services Case Study
Critical Success Factors
• PCI-DSS compliance
• Automatic identification and classification of
sensitive data
• Protection of all critical data on network file
servers
• Mask some data, while leaving other data
visible
• Allow administrators to back up files
containing sensitive data such as PAN and
social security numbers, but not decrypt them
4
5. Banking and Financial Services Case Study
Environment
• 12,000 Windows workstations
Solution
• Used Digital Guardian automatic classification to identify social security
numbers, PAN, and other personal information
• Digital Guardian endpoint agents monitored all user actions and enforced
controls, including:
• Automatically encrypt sensitive files when those files are moved to network file servers
• Prevent decryption of PCI PAN and/or SSN data by unauthorized users
• Automatically encrypt all sensitive data written from workstations to authorized removable
removable storage devices
6. Banking and Financial Services Case Study
Results
Contextual and content-based
classification of all sensitive data
Visibility into location and use of all PCI
regulated information
Compliance with PCI requirements for PAN
PAN encryption based on data usage
Removable device control with automatic
encryption on non-company devices
6
7. About Digital Guardian
Digital Guardian Facts
Over 250 customers 130 of the Global 2000 and government agencies
Over 2,100,000 endpoints protected
130 of the Global 2000 and government agencies
Used by 7 of the top 10 patent holders
Only solution to scale to 250,000 agents
Deployment Models Available:
• Managed Security Program (MSP)
• On Premise
• Hybrid MSP
7
At Digital Guardian, we believe your data is your business. We are the only patented data protection platform
trusted by millions of endpoints to secure against insider and outsider threats!