Securing PII and Financial Info While Preventing IP Theft to Avoid FERPA Violation
The Situation
The IVY League University is extremely concerned about protecting PII, financial and PHI information as they have collected from about 6 million individuals over the years. Disclosure of PII puts them at risk for steep fines for a FERPA violation.
While their databases are well-protected, they are primarily concerned about the lack of control over file-and-document sharing platforms like Google Drive which is used by 80,000 users on their domain.
They are also grappling with loss of intellectual property, where the prime concern is that proprietary research work is being easily shared with Google Drive.
They need file-and-document protection and Google Drive-based sharing and collaboration use-cases. Today, they are using Proofpoint DLP to help with external data sharing problems. However, this is not sufficient as Proofpoint only alters sharing permissions, and does not provide information confidentiality. Moreover, it is unable to detect many files and documents that actually contain sensitive information such as research papers, experimental results, and grant proposals, etc.
The Solution
After evaluating GarbleCloud, the ease of use, ability to enforce bulk file encryption, and ease of clamping down on rampant external sharing is what got the university interested. They also desire detailed audit-trails that records all CRUD operations on encrypted files, especially ones involved in external sharing. They also wants to roll out CSE for its entire faculty and staff to provide them an easy-to-use capabilities for protecting sensitive documents and emails right from within the Google Workspace applications.
The Results
They will be able to replace their legacy DLP solutions with GarbleCloud for file and document encryption. This will allow them to safely migrate legacy sensitive documents to shared drives from their current cloud storage like NAS file servers and will reduce operational costs.