Large Credit Union Protects Data & Conquers Changing Compliance Landscape

A large, West Coast credit union needed rapid data protection for compliance while leveraging existing Data Loss Prevention (DLP) investments. For it to meet the Payment Card Industry’s (PCI) stringent new compliance requirements by a tight deadline, accurate data discovery and persistent classification was not negotiable.  

Other critical compliance regulations for this financial services firm were the Federal Financial Institutions Examination Council (FFIC) and the National Credit Union Association (NCUA). Like many regulatory bodies, they issue increasingly demanding mandates for compliance and penalties for non-compliance. 

Further, once the rapidly growing credit union hit the $10 billion mark, it would be subjected to even more stringent and punitive compliance regulations imposed by other agencies. One of these is the Consumer Financial Protection Bureau (CFPB), which is free to impose severe restrictions on member credit unions at its discretion. 

“Requirements are going to be extremely intense and we’re preparing now,” said the credit union’s CISO. For their team, this means building on top of their current data discovery and data classification capabilities, and staying in command and control of data. 

After a thorough evaluation, the credit union determined a rapid and successful data discovery, classification, and protection step was critical. They chose Spirion’s Data Security Protection Management (DSPM) solution.  

Spirion enables the Credit Union to inventory and classify its full slate of data; know where it lives; and put procedures in place to better govern, reduce risks, and meet compliance standards. The credit union also can simultaneously leverage Intel Security’s EPO endpoint technology for corporate policy enforcement. 

“Spirion is a great company with a great product — it’s worldclass in my opinion,” said the credit union’s CISO. “Combined with Intel Security’s McAfee DLP, it’s a perfect marriage.” 

During the DLP integration, the credit union’s team performed an audit across 350 terabytes of data on 180 servers and 1,700 endpoints. Next, the CISO reviewed the findings with every department. Then they reviewed the discovery process and company policies, and began strengthening remediation processes and procedures.  

Spirion empowered the credit union to locate all sensitive data with a high degree of accuracy. “Spirion is very robust,” said the CISO. “It does a grand job of presenting discovery results across our entire network and cloud, so we can present comprehensive options.” 

With Spirion, the credit union rapidly located all sensitive data— including what was needed to meet specific regulations— and took proactive actions to maintain compliance on a tight deadline. “Spirion is efficient and effective. As a result, we’re able to run lean.”  

Thanks to Spirion’s DSPM solution, the executive team and board are also kept in the loop through a quarterly report. Spirion provides the necessary data to update the CEO and CIO with more detailed metrics, process review findings, compliance updates, and organizational status updates.  

Looking ahead to new compliance challenges, the CISO and their team are putting systems and processes in place to meet the impending requirements, making Spirion’s role even more important in the future of the financial services firm.  

They are now confident the organization will successfully meet all data compliance regulations. “Spirion’s accurate discovery and data classification capabilities have helped us better assess the organization’s data environment so we can prepare for complete compliance,” the CISO concluded.