Lighthouse Transforms Complex Enterprise Data Protection with Microsoft Purview
The Lighthouse team of SMEs applied their dedication to exemplary customer experience and unique strategy of marrying compliance, security, IT, and legal needs to help a global chemistry solutions and specialty material producer meet the ever-evolving security and compliance demands and challenges facing international manufacturing and regulations to effectively deploy Microsoft Purview across workstreams while preparing for needs and reducing costs. Global Leader in Chemistry Solutions Transforms Enterprise Data Protection with Microsoft Purview An international producer of commercial chemicals and specialty materials upholds a commitment to people safety and well-being as part of their core tenets. As cyber risks increased along with data volumes, the organization extended their commitment to safety to include the security of data accessed, produced, and stored within their enterprise. Now, the company has implemented a comprehensive data protection program using the entire Microsoft 365 Information Protection suite. After careful design, the team is piloting the solution before a global rollout. A Commitment to Physical and Digital Safety As one of the world’s largest acetyl products manufacturers and a top-tier producer of high-performance engineered polymers, the company supplies chemicals across major industries and for a variety of industrial and consumer applications. Over 10,000 employees in offices, technical centers, and 50+ manufacturing facilities work to realize a vision of improving the world and everyday life through people, chemistry, and innovation—with products that impact the lives of millions. For the organization, an operational approach rooted in well-being has always meant physically safe working environments for employees, and safe solutions for their customers and their communities. However, in this digital age, they have expanded their notion of safety to include data protection for employees, customers, shareholders, and the communities in which they operate. The company’s Chief Information Security Officer (CISO) notes that committing to data protection means a “higher level of assurance—making sure that our security controls keep pace with the threats that surround us every day and seek to exploit vulnerabilities in companies like us every day. You can’t stand still. You always have to evolve—you always have to get better, otherwise you’re devolving, and you’re getting worse, and becoming more vulnerable.” Advancing Data Protection with a Trusted Partner A few years ago, when the company decided to make the move to the cloud, they chose Microsoft 365 E5 and Microsoft Azure, building on their longstanding use of Microsoft technologies. Prior efforts to overhaul their data protection program had been unsatisfactory. However, with access to new Microsoft Purview capabilities, the Information Security team saw an opportunity to try again. They hoped to utilize the full breadth of the Microsoft 365 Information Protection suite including Information Protection Classification and Labeling, Data Loss Prevention (DLP), and Insider Risk Management solutions. Microsoft tapped Security Solutions and Advanced Specialization Designation-Information Protection and Governance Partner Lighthouse Global to lead the engagement for their ability to effectively understand complex compliance needs across IT, security, and legal departments. They hoped that together they could develop a solution to realize the investment they’d made in Microsoft 365, and to support their corporate commitment to safety for both employees and customers. “If you were to interview a bunch of companies, those who have actual, very successful DLP and data labeling programs typically have a hodgepodge of solutions that get melded together,” reflected the CISO, “and that’s where Lighthouse was successful…we’ve been able to leverage the investment…and get it to work, [and not] have to go spend more money to hodgepodge together a solution.” Developing a Comprehensive, Scalable Solution The Lighthouse team started by holding a series of working sessions to align the company’s vision and requirements and design the implementation approach. Using Microsoft Compliance Check, Lighthouse scanned the company’s environment to get an understanding of current state activity and sensitivity intelligence. The team also reviewed existing policies and approaches for the handling of sensitive data and data loss prevention to identify any areas of opportunity or gaps that could exist. From there, the combined teams were able to successfully design and configure a holistic data protection solution leveraging multiple Microsoft Purview products including Data Loss Prevention, Information Protection, and Insider Risk Management. Starting with data classification, the team defined the sensitive information types that needed to be identified. From there, they developed a set of sensitivity labels corresponding to the data protection policy. This set of classification techniques and labels were generated in the course of both Data Loss Protection and Insider Risk Management implementation, ensuring a comprehensive data life cycle protection program from content identification through insider threat analysis. Finally, the Lighthouse team supported the integration of the Microsoft products with the company’s third-party HR software to feed HR data into the Data Theft by Departing Employee Policy, enabling the creation of a truly end-to-end solution. Fulfilling a Mission of Security The company’s dedication to safety, security, and well-being across applications and contexts drove this project’s success. “Because we see security as part of our commitment to people and innovation, we take a uniquely holistic approach and have strong support all the way up to our board of directors,” says the company’s CISO. The CISO also credits Lighthouse’s unwavering commitment to partnership. “They helped us not only implement the technology and guide us through some of the critical points to consider as we implemented the technology, but also the process and decision points with data—which ultimately, in the end, actually worked,” they conclude. Now, with the design and implementation of the Microsoft Purview-based Data Protection program behind them, the organization’s information security team is focused on operationalizing the program through a series of pilots scheduled over the next year. Their ultimate goal is total, global implementation of the solution—and total, global protection for all employee and customer data. Corporate Case Studymicrosoft; big-datamicrosoft-365; data-privacy