Securing Customer & CUI

Founded in 1943, Innovative Thermal Processing (ITP) develops and executes cuttingedge thermal processes and metal finishing operations that shape advancements in aerospace, automotive, oil & gas and other key industrial sectors.

The Challenge

ITP’s challenge was finding a data security solution that met multiple use cases. ITP is entrusted with their customers’ data and cannot afford to lose control of that data. The data includes many file types and is sent to ITP via many channels and stored in an Oracle database. The ITP sales team also has internal data stored in Salesforce; however, it should remain secure and not accessible by Salesforce. Salesforce is acting as a storage location only. Finally, many of ITP’s customers are government-related and require ITP to adhere to a set of compliance standards such as NIST 800-171 for their Controlled Unclassified Information (CUI).

Initially, ITP was evaluating traditional DLP solutions before becoming aware of SecureCircle.

The Solution

SecureCircle secures ITP’s data in three distinct workflows.

1. All data stored in a central database is automatically secured regardless of file type or the method the data was transferred to the database. ITP employees download the secured data from the database to perform their activities using the same applications and workflows as they did before. When completed, employees uploaded the secured modified data to the database. The data remains secure at all times. SecureCircle persistently secures data at rest, in transit, and in use.

2. All data within ITPs Exchange email server is secured per policy rules which ITP creates. For example, all attachments from the Acme Company are automatically secured. Data is secured without the need for end-user interaction. SecureCircle ensures that customer data shared with ITP is always secured.

3. ITP utilizes Salesforce to store confidential information within the customer records. However, ITP does not want the data to be accessed by anyone at Salesforce. ITP secures their confidential information before uploading it to Salesforce. SecureCircle secures ITP’s data on endpoints (Mac, Windows, or Linux) whether the device is corporate-managed or BYOD. A1 access attempts and rich metadata are stored in ITP’s SIEM (Splunk) for compliance and audit reporting. Splunk is able to create the reports and adhoc audit reports needed for their internal and external compliance audits including SOC, FedRAMP, and CMMC.

The Outcome

SecureCircle secures all of the CUI data, including all file types and all devices, without modifying ITP’s desired workflow. The SecureCircle deployment was done without the cumbersome and ineffective traditional data loss prevention requirements: discovery and classification. By securing data without disrupting employee workflow, ITP was able to deploy SecureCircle without a general education and training program in a matter of days. Because SecureCircles focuses on securing data based on workflow, planning, and deployment time were minimal. Ultimately, ITP selected SecureCircle over traditional DLP to secure data and help them achieve their NIST 800-171 compliance requirements by securing CUI data without impacting employees or workflows while keeping ongoing management overhead to a minimum.

About SecureCircle

SecureCircle’s Data Access Security Broker (DASB) delivers a SaaS-based cybersecurity service that extends Zero Trust security to data on the endpoint. At SecureCircle, we believe frictionless data security drives business value for our customers. Instead of relying on complex reactive measures, we simply secure data persistently in transit, at rest, and even in use. End users operate without obstacles, while data is continuously secured against breaches and insider threats.

Securing Customer & Controlled Unclassified Information (CUI)