This customer is a mid-market mortgage insurance provider with over 500 employees. As publicly traded company in a heavily regulated industry they must comply with a wide variety of laws and regulations including the privacy and information security requirements of the Gramm-Leach-Bliley, Dodd-Frank, California Consumer Privacy, Virginia Consumer Data Protection, and Fair Credit Reporting Acts. In addition, their internal data governance program holds their team accountable to further data protection goals.
The company has a mature cybersecurity practice based on National Institute of Standards and Technology (NIST) 800-53. This was developed when the business was a division of a larger organization using a legacy DLP solution.
After its spinout from the larger organization, the company needed a solution with less overhead, but couldn’t sacrifice on data protection or compliance capabilities. The team could not dedicate the same resources from its now smaller security team to manage a legacy solution. This included constantly monitoring, adjusting, and managing granular rules dictating which users could take specific actions and supporting the multiple compliance needs. As a Microsoft E5 customer, they also needed a solution that could ingest Microsoft Information Protection (MIP) sensitivity labels. Finally, the company wanted a solution that would support a security culture.
The company’s security team required proof that any solution would enable quick deployment, low overhead, and rapid time to value. They decided to conduct proofs of concept with Next and multiple other established DLP vendors.
Reveal’s approach to DLP differed from those they had worked with previously, but they quicky realized the value in this new approach. Rather than relying on pre-classification of all data within the newly split off enterprise, Reveal identifies and classifies data in real time, as it is created, accessed, or used. Its cloud native approach also better matched the company’s SaaS and cloud-based app environment. Reveal’s feature velocity provided the team with the confidence that the solution was well positioned to address evolving needs.
Once the spin-off dates were set, the organization needed to hit the deployment timeline with minimal room for delays or a lengthy on-boarding and training process. With no onsite HW or SW infrastructure required, the Next team delivered their fully functional data protection platform weeks ahead of schedule.
The team selected Reveal based on its effectiveness in protecting data and meeting the company’s rigorous requirements including both internal governance and external frameworks like NIST 800-53. The team was able to connect the NIST requirements to Reveal’s capabilities including USB controls, (Data Security – Media Protection) to put active and auditable controls around sensitive data.
Prior to migrating off their legacy DLP, they constantly struggled with finding talented security professionals to support the solution. Policy creation and modification was a particular challenge, often requiring days or weeks of coding to build and then troubleshoot. With Next the organization was able to create and deploy a policy in minutes.
