customer success fomento de construcciones y...
TRANSCRIPT
Customer suCCess
Fomento de Construcciones y Contratas, s.A. (FCC) mitigating risk of Data Loss and reducing Compliance time by 50 Percent with a solution from symantec
With its global businesses expanding, Fomento de Construcciones y Contratas needed to increase control of sensitive corporate data. It turned to Symantec for a cloud-based data loss prevention solution that has enhanced the information security team’s ability to detect sensitive data, centrally monitor how it is used, enforce data loss prevention policies, lower the total cost of solution ownership by 70 percent, and reduce compliance time for a key set of regulations by 50 percent.
Information without borders
How fast and well can a company react to changing business conditions?
One good example is provided by Fomento de Construcciones y Contratas, S.A (FCC) a public services company based in Madrid, Spain. With corporate roots reaching back to 1900, FCC has a long track record of being able to adapt to changing conditions successfully.
As a result, the company now brings in more than 14 billion euro in revenue and has 93,000 em-ployees in 54 countries. More than 43 percent of revenue comes from outside Spain, and busi-nesses include environmental services, water management, large infrastructure construction, and cement production.
Supporting growth at FCC and helping unify the company is technology that enables its widely dispersed businesses and mobile workforce to collaborate.
But the cost of this kind of capability is that the network perimeter—once the chief tool for securing and sheltering sensitive information—is no longer the protective barrier it once was.
This concerns Gianluca D’Antionio, chief information security officer at FCC. “The business value we get from the increased ability of our employees and business partners to collaborate has grown,” he notes. “But that brings increased exposure to risk. We have gone beyond the age of the strong network perimeter to an age where we have information without borders.”
orGANIZAtIoN ProFILe
Website: www.fcc.es
Industry: Business Services, Construction
Headquarters: Madrid, Spain
employees: 93,000
symANteC soLutIoNs
Data Loss Prevention
Why symantec?
· Best solution for key data loss prevention requirements
· Cloud-based technology option reduced costs
· Ability to detect, monitor and report aided policy development
Customer suCCess FomeNto De CoNstruCCIoNes y CoNtrAtAs, s.A. (FCC)
Control is critical
To control information, a new framework is necessary, D’Antonio says. “We needed a new set of information security policies,” he ob-serves. “These policies depend on data clas-sification. And at some companies, employ-ees are asked to voluntarily classify the degree of sensitivity of company data.”
That wouldn’t be efficient for FCC, D’Antonio felt. “We needed a solution based on technol-ogy—technology that would help us set centralized policies and automate their en-forcement, helping us govern information flow across the company.”
Before choosing the technology, D’Antonio set out to get an organization-wide commit-ment to data loss prevention. “This is a criti-cal first step,” he says. “We needed to build a framework for collaboration among the board of directors, IT, the legal department, and HR. One of the mistakes someone in my posi-tion can make is to go straight toward the target of mitigating risks.”
Building the right foundation
D’Antonio’s team first surveyed 100 business managers to conduct an information risk analysis. He took the results and reviewed them with a committee of 10 representatives from the Board and IT, legal, and HR depart-ments. He also presented the committee with data classification policies from the Control Objectives for Information and related Tech-nology (COBIT) and ISO 27000 regulations as a baseline. How could these policies be cus-tomized for FCC?
“Don’t rush and don’t compromise when set-ting information security policy,” D’Antonio advises. He reviews other companies’ experi-ences with the process because he’s the founding member and chairperson of the Spanish Association for the Advancement of Information Security (ISMS Forum, www.ismsforum.es).
“It’s a common mistake for information se-curity managers to compromise on data loss prevention policies in order to move quickly and win approval,” D’Antonio points out. “They leave out important requirements—
but it’s difficult to update policies later. Take an extra three months if needed, but begin strong.”
Why symantec Data Loss Prevention?
It took about a year of analysis and negotia-tion to set policies at FCC, D’Antonio reports. Then it was time to deploy technology that could enforce them. FCC sought a solution that could find sensitive data wherever it is stored and show how it is being used. The IT team wanted one that would help define policy across the enterprise, give visibility into policy violations, and enable a process for remediating and reporting on incidents.
The solution that met requirements best was Symantec Data Loss Prevention.
soLutIoNs At A GLANCe
Key Challenges
• Establish enterprise-wide collaboration for data loss prevention
• Develop data security policies
• Centrally administer and automate data loss prevention solution
• Minimize IT overhead in data loss prevention
• Reduce data security compliance time
symantec Products
• Symantec™ Data Loss Prevention
symantec services
• Symantec Essential Support Services
technology environment
• Server platform: > 2.150 servers, HP and IBM, SO Microsoft and Unix.
• Applications: SAP,CARTESIS, PREVEN
• Databases: INFORMIX, SQL, ORACLE
• Storage: EVA 8000, EVA5.000 y HP 24.000
BusINess resuLts AND teCHNICAL BeNeFIts
• Enhanced ability to detect sensitive data and show its use
• Centralized, automated ability to define, monitor, and enforce data loss prevention policies
• Projected 70% reduction in total cost of ownership with cloud-based solution delivery
• Projected 50% reduction in compliance reporting time
“Symantec Data Loss Prevention
automates our verification,
showing where personal data
goes and who accesses it. Our
compliance verification time
is reduced by 50 percent.”
Gianluca D’Antionio
Chief Information Security Officer
Fomento de Construcciones y Contratas
Customer suCCess FomeNto De CoNstruCCIoNes y CoNtrAtAs, s.A. (FCC)
saving 70 percent with cloud-based service
FCC chose to receive Symantec Data Loss Prevention as a cloud-based service from a telecommunications company. The provider’s security operations center monitors the solu-tion on 1,000 FCC endpoints and tracks an-other Symantec Data Loss Prevention module that inspects network traffic for more than 10,000 FCC users.
Adds D’Antonio: “Our cloud-based service provider’s expertise with Symantec Data Loss Prevention is greater than our own, and ser-vice level agreements let us link payment to project success. We get three years of service for about the cost of owning the solution, saving around 70 percent in one year of in-vestment.”
Building collaboration successfully
As D’Antonio deploys Symantec Data Loss Prevention, he is currently using it to monitor for violations of 25 information security rules. Five of FCC’s 90 businesses are partic-ipating—the first five businesses to request help in this area.
When Symantec Data Loss Prevention de-tects a violation, it sends a notice to D’Antonio’s team, which reviews it and sends it on to the business involved. “The business then decides what action to take,” D’Antonio says. “The business owns information secu-rity. My team owns the information security system. For data loss prevention to be suc-cessful, we have to collaborate with the busi-ness and with employees—we have to be partners, not Big Brother. Symantec Data Loss Prevention is proving to be very useful in enabling this collaboration.”
reducing verification time by 50 percent
Another key benefit of Symantec Data Loss Prevention at FCC is easier compliance. “In Spain, we have the Organic Data Protection Law, which is very strict about how personal data can be handled,” D’Antonio observes. “Symantec Data Loss Prevention automates our verification, showing where personal data goes and who accesses it. Our compli-ance verification time is reduced by 50 per-cent—time that we can use on more valuable tasks.” The rollout continues.
Copyright © 2009 Symantec Corporation. All rights reserved. Symantec and the Symantec logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the United States and other countries. Other names may be trademarks of their respective owners.
“For data loss prevention to be
successful, we have to collaborate
with the business and with
employees—we have to be partners,
not Big Brother. Symantec Data Loss
Prevention is proving to be very useful
in enabling this collaboration.”
Gianluca D’Antionio
Chief Information Security Officer
Fomento de Construcciones y Contratas