Microsoft DLP: An IT Company’s Journey To Protecting CUI

An IT company specializing in Vulnerability Management had secured a prestigious contract with a DoD prime contractor. Their primary task involved conducting comprehensive system testing and generating detailed vulnerability reports, which were CUI. Thus, the reports were to be stored and handled within controlled environments that offered robust protection against unauthorized access. However, the company faced a significant challenge when it discovered that some of its vulnerability reports surfaced over the internet. This raised serious concerns about potential unauthorized access and data exfiltration from their systems. To assess the extent of the data breach, the company’s CISO initiated a thorough audit of their information systems.

The audit results were alarming. It was revealed that over 3 GB of vulnerability data had been exfiltrated, with some of it even making its way into the public domain. As per their contractual obligations, the IT company reported this security incident to the prime. In response, the prime contractor temporarily suspended its contract with the IT company, pending resolution of the security issue. Recognizing the gravity of the situation, the CISO determined that deploying a Data Loss Prevention (DLP) solution was imperative to prevent such incidents in the future. They decided to leverage Microsoft DLP, a unified data loss prevention solution known for its capabilities across endpoints, apps, and services. To ensure the successful implementation and integration of this solution into their existing systems, they engaged Cleared Systems.

Objectives

  • To methodically prioritize, categorize, and assign labels to data based on its sensitivity and its strategic importance to the organization. This ensures a clear understanding of the value and risk associated with each data type.
  • To comprehensively identify and map vulnerable applications, endpoints, and services within the organization’s infrastructure to understand potential weak points in its security posture.
  • To create and refine comprehensive DLP policies that are customized to address the unique requirements and associated risks of each data category. 
  • To set up Microsoft DLP, deploy and configure DLP policies, ensuring that it/they align(s) with the organization’s security objectives.
  • To rigorously test the deployment and DLP policies to validate their effectiveness. This involves assessing how well the solution safeguards data and responds to security incidents.
  • To provide comprehensive training for the IT company’s staff, enabling them to use the DLP deployment effectively. This training aims to equip personnel with the knowledge and skills necessary to prevent unauthorized access and data leaks.
  • To train the IT company’s staff on how to properly use the deployment, with a focus on understanding its functionalities and benefits. This will empower them to play an active role in preventing any future unauthorized access or data leaks.

Challenges

  • The IT company had a tight deadline to resolve the security issue and resume its contract with the prime contractor. Thus, the DLP solution needed to be deployed quickly and efficiently. This would have compromised the integrity and security of the deployment.
  • The IT company had numerous data assets with varying levels of sensitivity, which made it a challenge to prioritize sensitive data types. It took considerable time and effort to thoroughly analyze and classify the type of data.
  • Customizing robust DLP policies was difficult, as the policies had to account for the nuanced security needs of each unique data type identified. Significant testing and refinement were needed to ensure policies were not too restrictive or too lenient.
  • The IT company had a complex, intricate IT infrastructure spanning various networks, systems, and locations. This made identifying vulnerable endpoints and services an arduous task. Meticulously mapping out potential weak points demanded extensive discovery and auditing.
  • Integrating Microsoft DLP solution into the IT company’s existing systems and workflows without disrupting operations was challenging. It required a thorough understanding of the organization’s infrastructure and processes. Careful planning and change management were also necessary for a smooth adoption.

Solutions

  • Cleared Systems used Microsoft Purview Data Map to automatically scan, identify, and label sensitive data across the IT company’s data environment. This reduced the manual effort and human error involved in data classification, enabling pragmatic policy tailoring.We also leveraged automated asset discovery tools and conducted exhaustive manual reviews to construct a comprehensive map of the IT company’s infrastructure. This provided visibility into potential vulnerabilities. 
  • Our team adopted an agile and iterative approach to set up and deploy the DLP solution, using Microsoft Purview DLP’s cloud-based platform. This enabled rapid provisioning, configuration, and integration of the solution with the IT company’s existing systems. Such efforts accelerated the delivery time and reduced the operational costs of the DLP solution.
  • Our team designed and delivered a comprehensive training program for the IT company’s staff. We leveraged Microsoft Purview DLP’s interactive dashboards, reports, and alerts to demonstrate the functionalities and benefits of the solution. This enhanced the staff’s awareness and understanding of the DLP policies and best practices, as well as their role in preventing data loss.
  • Cleared Systems conducted rigorous testing and validation of the DLP solution. Our team leveraged Microsoft DLP’s advanced analytics and incident response capabilities to monitor, detect, and remediate any potential data loss events. This improved the security posture and compliance status of the IT company, as well as their credibility and reputation with their clients and stakeholders.

Result

  • The IT company achieved a high level of data protection and governance with Microsoft Purview’s unified DLP solution. They gained visibility, control, and security over their CUI and other sensitive data across endpoints, apps, and services. This enabled them to prevent any further unauthorized access or data exfiltration from their systems. By resolving the security issue and demonstrating its commitment to data protection, the IT company was able to resume its contract with the prime. 
  • Partnering with Cleared Systems equipped the IT company with robust data safeguards tailored to their unique infrastructure while also positioning them to proactively fortify their security posture. This multifaceted approach delivered impactful risk reduction, enabling the organization to prevent any future data breaches.

Share in Social Media

case studies

See More Case Studies

microsoft 365 GCC High

What is GCC High? For ITAR & CMMC 2.0

Microsoft 365 Government Community Cloud (GCC) High is a specialized cloud solution tailored for U.S. federal, state, local, tribal, and territorial government organizations, as well as for contractors who hold or process data subject to specific security regulations. In this article, we will explore the features, benefits, and differences between Microsoft 365 GCC High and other Office 365 offerings.

Learn more
Contact us

Partner with Us for Compliance & Protection

We’re happy to answer any questions you may have and help you determine which of our services best fit your needs.

Your benefits:
What happens next?
1

Schedule an initial meeting

2

Arrange a discovery and assessment call

3

Tailor a proposal and solution

How can we help you?