The Challenge
- Minimize the risk of data loss from students, faculty and staff
- Strengthen data privacy for email, cloud and endpoint channels
- Comply with government security standards
The Solution
- Proofpoint Data Loss Prevention
- Proofpoint Cloud Access Security Broker
- Proofpoint Insider Threat Management
- Proofpoint Nexus People Risk Explorer
The Results
- Demonstrate the risk of data loss to the university
- Build trust by providing transparency of security team priorities
- Better use security staff to provide strategic insights
- Strengthen regulatory compliance with risk-based strategy
The Challenge
Safeguarding academic work through data privacy
In today’s world, university IT departments know how important it is to ensure the safe exchange of information. And this comes at a time when digital transformation is needed to stay competitive in a global market. So with an increased frequency of data generation, data and intellectual property are now strategic assets that need to be protected. But strategy is not the only motivator. Regulatory requirements also play a role.
“We understood that we would need to put additional measures in place to comply,” said the head of digital security and compliance at the university. “In 2020, we were tasked to find the best solutions to ensure compliance. One of the university’s most significant risks is maintaining control over personal data, whether stored on production systems or desktop computers, to ensure valid data processing activities.”
The university had been a long-standing customer of Proofpoint, using Proofpoint Cloud Access Security Broker (CASB) to gain visibility and enforce security for its cloud-based applications. To meet its new compliance needs, it needed a broader approach to better protect the university against data loss that could originate with its varied population of students, faculty and staff.
Assistant director of ICT services at the university
The Solution
Expanding risk management with a people-centric approach
The university believes strongly in a standardized approach to security, and the organization turned to Proofpoint to address its evolving compliance needs.
“As we evaluate options for new initiatives, Proofpoint remains a strong contender due to its history of effective products and excellent service,” said the head of digital security and compliance. “When we informed Proofpoint that our next focus was on data loss prevention (DLP), they tailored their solution to meet our unique needs, and it turned out to be an excellent match. We deployed Proofpoint Enterprise Data Loss Prevention to strengthen our compliance throughout the university, from the client to the cloud.”
Before deployment, the university’s ICT services team had been aware of the need to secure end-user data better, but to validate the risk, it had to be both measurable and evident. The Proofpoint Enterprise DLP solution enabled the team to demonstrate the risks to endpoint data and convey the risk to management in a practical, informative manner.
“We like to say that we live in an era where we are data-rich, but information-poor,” said the assistant director of ICT services at the university. “The visibility and integrated nature of the Proofpoint solution has empowered us to raise awareness about the risks of data loss and, at the same time, allow for better-informed decisions.”
Proofpoint Enterprise DLP combines content, behavior and threat telemetry from email, cloud, web and endpoint channels to enable the university to address the full spectrum of people-centric data loss scenarios. The head of digital security and compliance was particularly impressed by how seamlessly the solution integrated and complemented the university’s preexisting CASB system. “We’ve been a Proofpoint CASB customer for quite some time, and it made a lot of sense for us to use email DLP, as well as endpoint DLP as everything integrates into a single environment,” he said. “The simple, consistent set of rules makes it easier to customize solutions according to our environments. For example, we used the existing rules in the CASB environment to meet our email and endpoint DLP needs and customize everything around that, which is fantastic.”
To strengthen its people-centric approach, the university is also using Proofpoint Nexus People Risk Explorer, which provides insights into the risk people pose to the rest of the university.
“IT often focuses on the technical vulnerabilities of solutions, where issues in many instances are likely to be caused by how humans apply or use those technologies,” said the assistant director of IT services. “Proofpoint Nexus People Risk Explorer introduces a new dimension that we could not previously access, where we had limited visibility into this critical aspect.”
The Results
Empowering a small team to do more
The university has tailored its Proofpoint solution to deliver not only new insights, but new levels of efficiency. Its CASB solution lets the university enforce and automate policies against a vast array of malware and other threats—a task that would be impossible to handle manually.
“From a CASB perspective, we generate almost one million incidents a month,” said the head of digital security and compliance. “We developed a platform where we investigate all incidents, then escalate critical issues to our service desk in a fully automated way. With our limited staff size, reviewing all incidents would have been cumbersome, if not impossible. The automation and integrated nature of Proofpoint saves time, allowing ICT services the opportunity to allocate human resources to other strategic matters.
“Proofpoint offers powerful dashboards that help us improve how we work and inform decision-making” said the head of digital security and compliance. “The ability to extract data and insights is brilliant. “The dashboard offers more than just visually appealing graphs and data; its value lies in empowering us to take action.”
Proofpoint not only enables the university to accomplish more with fewer resources but also provides the company with new insights for more intelligent operations.
“We’re no longer preoccupied with routine day-to-day incidents,” the assistant director of ICT services stated. “The emphasis has shifted towards fostering a data-centric culture where staff can seek deeper insights and raise crucial questions. This shift is facilitating our digital transformation, allowing our team to tackle more significant issues.”
The solution is also improving communication between the university’s IT teams and is serving as a catalyst for initiating change.
“Proofpoint grants my team a level of transparency that we didn’t have before,” the head of digital security and compliance stated. “I can clearly present to management the incidents we prioritize. This newfound openness is a game-changer, and I believe it fosters a greater level of trust in our actions.”
Perhaps most important, the university is confident that Proofpoint is a dependable partner that will continue to support its transformation efforts well into the future.
“Proofpoint stands out for its exceptional service,” the head of digital security and compliance noted. “From the pre- sales stage, whether we’re interested in a proof of concept or a demonstration, through to implementation, the team at Proofpoint consistently displays competence and patience, never seeming rushed to move on to their next project. Furthermore, we know we can rely on our customer manager and the Proofpoint team for ongoing support; they are consistently available to address our questions. Additionally, they engage with us regularly to promote continuous improvement and provide updates. In this space, few other companies are doing this—they’re not even close.”