How to reconcile the requirements of “government grade data security” and flexible data sharing amongst staff?
Client: P3 Logistic Parks Project: IT Audit Year: 2017
In 2016 it was the biggest acquisition of the European real estate market. Singapore's state investment fund, GIC bought the developer P3 for €2.4 billion. Our client gained further strong support for its future growth and as their long-term IT partner. we gained a new challenge - to prepare the company's IT infrastructure to meet the new owner's strict security requirements.
One of the contributing factors to P3’s growth up until then was their open data sharing policy. Everyone sees everything, the business knows what marketing is doing, and vice versa, local offices in different countries share their data. That was just one of the reasons why P3 was doing so well.
However, with the new owner came new security requirements. GIC, which manages the country's foreign reserves and ensures Singapore’s financial future lists in its portfolio, banks and insurance companies and takes great care of their reputation. Any data leakage could damage their investment. Understandably they apply strict IT rules across the financial sector to other companies they manage.
IT Audit
Shortly after P3 was sold, an internal IT security auditor checked in to see how the company stood in terms of data security.
Together we kicked off all the procedures necessary to the digital risk management process. We went through ten main areas and gradually identified possible weaknesses and incompatibilities.
After 3 days the audit resulted in a document with about 30 sub-tasks in three main areas for us to focus on.
Boost data loss prevention
- HDD encryption
- Blocking the saving of data on removable media
- Blocking access to public emails and public storage providers
- Data loss prevention policy
Strengthen security features
- New generation firewalls
- Web filtering software
- Anti-spam solution
- New WiFi infrastructure
- Limiting access from non-P3 computers to the P3 network
- Applications security (ZOHO, LucaNet, Windows, Office 365)
Improve existing and deploy new IT policies
What do we mean by data prevention loss?
One of the GIC requirements was to block access to services like Gmail or Dropbox on company computers for data protection reasons. How to deliver 100% against this requirement whilst leaving employees free to use their laptop for private purposes? Our solution was to deploy corporate class data loss prevention software, Safetica. It ensures that someone does not upload sensitive business data. You can’t for example make screenshots; control C + control V is locked when the user is accessing sensitive documents.
Long-term collaboration provides insurance
Every major project like this will test our readiness as an IT partner. And since we have been with P3 since 2007, we know about 90% of everything that is going on in the company and is somehow related to IT. As part of our routine maintenance programme, we discover opportunities for improvement. The demanding requirement that the new owner came up with did not mean a revolution and chaos, but actually reinforced what was already going on in P3.
Dworkin Signature Solutions
Work in the client's environment
We can satisfy the tough conditions of the client, but at the same time ensure that the new rules are accepted by users.
The right financial model
It’s not just the cost; but how and when you pay the bills. Some people prefer a one off initial investment, others prefers to spread the costs over time. We can do both - outright purchase, payment installments as well as renting hardware and other solutions.
There’s always room for improvement
Everyone is happy if working is made easier. One of the most popular bonuses for our clients is simplification of processes, especially administration.
Mr. Schulz
TBD
We now really enjoy being safe and not limited in work
@jin: Get the quote from Mr. Schulz. How it works. Can we confirm that we now really enjoy being safe and not limited in work?
