Project Study: Data Classification – Example 3

Quick start an internal team

Results

  • Quick start an enterprise-wide data classification software deployment with regulatory oversight implications and visibility to the board of directors
  • On-boarded and cross-trained client internal team including new project owner after re-organization
  • Project owner: “Thank you for ALL your help standing-up the … Roll Out Team! “

Situation

  • Financial services industry leader with over $28T under custody has many business units, subsidiaries and affiliates, plus hundreds of locations around the globe
  • Large implementation – 50,000 endpoints
  • Aggressive schedule: 1 year goal to deploy across enterprise, including numerous subsidiaries
  • Complex InfoSec policies embedded in classification schema reflect regulations-driven industry norms
  • Data classification would be enforced before employees can save a file in MS Word, Excel or PowerPoint or send an email in MS Outlook.
  • Data classification technology configured to enforce numerous email policies

Project Right-Sizing

  • Focus on newly created or edited documents only
  • Allow end users to remove visual mark from documents; allow users to over-ride select email warnings
  • Leveraged long-standing data classification habits already in place among employees to minimize communications from project
  • Leverage Service Desk for troubleshooting, starting with full pilot (2000 users) after pre-pilot (100+ users)
  • Delegate employee communications to InfoSec representative resident in each business area

Project Acceleration

  • Created a phase strategy of pre-pilot, pilot and enterprise to contain risk while demonstrating progress
  • Focused project communications resources on self-help materials for end users and core tools to empower business area delegates
  • Facilitated executive steering committee and initial design/configuration of technology
  • Maintained consistent project on-boarding process to equip all stakeholders with core foundation
  • Phase plan assigned less business-critical platforms to later phases(e.g. iOS, VDI, OWA)

 

More Project Studies

Secure the Perimeter

Secure the Perimeter

23 Workstreams over 2 years deployed many technologies and policy changes in support of a “Defense In Depth” InfoSec strategy