Building society invests in USB data-loss strategy


8 Jun 2009

EBS Building Society has invested in a technology platform that will prevent sensitive data leaving its premises via USB devices.

Technology provider Calyx has deployed a new system at the building society that will address the security threat of data loss and virus alerts posed by USB devices.

The solution is designed to prevent unauthorised copying of sensitive information from enterprise laptops and PC’s through a centrally managed port control, content filtering and media encryption.

The Check Point Endpoint Security Media Encryption (CPEP-ME) system has offered EBS a solution capable of building a layer of security around the use of USB ports and ensuring data and corporate network integrity.

The development and implementation of the system has also provided EBS with enhanced system integrity, virus prevention, real-time logging and automated alerts.

“The encryption policy has provided EBS with appropriate protection for confidential data, and we have also ensured compliance objectives are met and we are able to run a complete audit of device usage,” explained David Cahill, information security officer at EBS.

Employing over 600 people between its head office in Dublin and network of over 100 offices around the country, EBS is a significant brand in the area of savings and other personal finance products. With a current membership of 430,000 and rising, the importance of secure corporate data is paramount.

“After recognising that a complete network lockdown was not an option for EBS, we identified CPEP-ME as a solution to control the use of removable media devices and visibility of data getting in and out of the network,” explained Geraldine Locke, senior account manager, Calyx Security.

EBS, which has previously engaged with Calyx Security on anti-spam and anti-virus advice, was pleased with the outcome of the CPEP-ME system, resulting in a rollout of over 600 CPEP-ME licenses across the company’s Dublin HQ.

Preventing data loss and the possibility of incurring heavy regulatory fines, as well as limiting the potential damage to brand and company reputation were the key considerations for a financial institution such as EBS.

The deployment plan was divided into three phases, consisting of the restriction of authorised users’ USB access, the creation of an encryption policy and the prohibition of use of all non-EBS USB keys, and finally, the production of monthly reports detailing the most active USB users, with a breakdown of file actions and associated remediation.

The evaluation period focused mainly on the functionality, granularity of control and usability, impact on the user helpdesk, software footprint, and finally the integration with existing network infrastructure.

“It was crucial to deploy a solution that could strongly and efficiently address the threat of unauthorised copying of enterprise data to personal storage devices and removable media,” said Cahill.

“Also, thanks to the speed and ease of deployment, which meets compliance objectives and conserves resources, CPEP-ME has helped EBS to address the challenge of safeguarding corporate data from intentional or accidental leaks.”

By John Kennedy