The client is the second-largest mobile network operator in India by subscriber base, with over 194 million customers. It offers mobile telephony and wireless broadband services to its customers, operating across India to cover over 22 circles. The client has consistently been awarded for best-in-class network and powerful brand.

Business Need

As part of a data security initiative, the client sought to enhance its data protection efforts by automating them to ensure more comprehensive and effective incident management on the ground. With tremendous pressure on all telecommunication companies to prevent the loss of critical business information and comply with regulatory bodies, the client sought greater visibility into the flow of sensitive business information. Furthermore, the client wanted to ensure that data leakage incidents were monitored, acted upon, and reported to management, along with other key metrics, on a regular basis.

Challenges

Our client was facing several challenges, including leveraging effective DLP management practices, assessment of a large events, unidentified critical documents and unavailability of skilled DLP team.

These challenges are described below:

Enhance Data Leakage Management Framework

The client had challenges with inconsistent DLP incident management process. helped the client in improving data leakage framework in-line with business requirements and industry best practices and added value by including custom KPl’s.

Managing Two DLP Tools

The client had implemented two DLP solutions from a different services provider for monitoring web channel separately but had inconsistent incident management process, which added to the complexities in data leakage event management. The NuSummit Cybersecurity team devised a systematic monitoring system which focused on timely monitoring of incidents on both DLP tools.

Creating and Testing DLP Rules

One of the major challenges that every client struggles with is to create relevant and appropriate DLP rules to detect/block client specific sensitive information. NuSummit Cybersecurity assisted the client with it’s DFA (Data Flow Analysis) expertise, which helped in identifying the right combination of RegEx, and fingerprinting techniques to detect client specific data leakage incidents.

False Positives

The biggest challenge with DLP tools is the amount of false events generated every day, which needs to be reduced on a regular basis through regression and fine-tuning activities. NuSummit Cybersecurity assisted in false positive reduction to improve the performance of DLP tool and monitoring activities. It required strong coordination with business units and the vendors.

Automated DLP Incident Escalation

Automating DLP incidents using the DLP tool becomes challenging when client AD structure is complex and is not supported by DLP solutions. The NuSummit Cybersecurity team provided an automation pre-requisite to the AD team to ensure that the escalation workflow could be established, aligning to the defined incident management process. The First level escalation automation was successfully implemented.

Solution

To address the challenges faced by the client, NuSummit Cybersecurity created a four phased data protection program approach by providing them with a balanced, competent and skilled team.

• First phase was to develop Data Leakage Management Framework to implement an effective DLP program.
• Second phase was to create DLP policies/ rules/exceptions in-line with business requirement.
• Third phase was to develop DLP Incident Management Process and continue monitoring, analyzing, escalating, reporting DLP incident based on defined process.
• Fourth phase was to reduce false positives events in coordination with business SPOC.
• Fifth phase was to automate fine tuned policies to automatically escalate incidents to respective stakeholders.

Improved Data Leakage Prevention Capabilities

Designing Data Leakage Management Framework

• Designed data protection governance organization structure and defined roles and responsibilities.
• Designed assessment process for monitoring and reporting.
• Developed a roadmap with detailed initiatives based on the finalized program structure.

DLP Policy/Rule/Exception Creation

• Collected inputs form business SPOCS to create new policies/rules/exceptions in-line with business objectives under right content classifiers.
• Test policies wherever applicable by creating test scenarios.
• Documented created policies/rules/exceptions, taken approval from client and deployed on server.

Benefits

• Enablement of cross functional engagement via detailed responsibilities for governing, managing and implementing program initiatives.
• Standardized and repeatable process with well defined operational templates for identifying data, its parameters and flow across business processes.
• Insight into current state and facilitation of strategic program planning based on future state initiatives.
• Enhancement of DLP policy and rules based on data flow and document analysis.
• Practical data classification and information handling guidance.
• Strengthening of data protection control environment.