An Engineering Firm Gains Control Over Its Data
We completed a comprehensive inventory of the organization’s data — involving more than 4,000 line items — and worked with them to to develop data governance policies and procedures around the handling of sensitive data.
Overview
When a large global engineering firm needed to gain control over their enterprise data security, they contacted Primitive Logic.
The Challenge
Our client had recently experienced attacks on their highly confidential data from foreign hackers, highlighting the need for a more strategic approach to their security. The company had grown primarily through acquisitions, which created a complex network of data and applications that complicated the task of bringing their security under control.
The CISO had made it a priority to ensure that the organization’s “crown jewels” — their most sensitive data — received the highest level of protection against outside attacks. As there was no data classification system in place, the organization had no way of knowing where these assets were located or how they were being handled.
Why They Chose Primitive Logic
The client’s leadership knew of Primitive Logic’s reputation for delivering complex projects on time and on budget, and we had already facilitated several strategic leadership initiatives for their executives. Given the strength of our track record and the trust we had built with the executive team, the client knew that Primitive Logic was the clear choice for this project.
The Results
We determined that achieving the CISO’s goal would first require identifying the “crown jewels” that demanded the highest level of security. We completed a comprehensive inventory of the organization’s data — involving more than 4,000 line items — and assigned each data type a classification of Public, Restricted, or Highly Restricted.
Once we located the client’s most sensitive information, we assessed more than 80 applications that handled restricted data to ensure the appropriate security controls were in place. We worked with business owners and third-party providers to complete the assessments and to have outside providers sign privacy riders.
Finally, we worked with our client’s legal, security, and compliance teams to develop data governance policies and procedures around the handling of sensitive data. We also supported the communications team in training all employees on the new policies.
By the time we completed the project, we had
- Defined our client’s data security landscape
- Collected system integrations information
- Documented the security state of their applications
- Identified security gaps
- Recommended standardized remediation actions
Our client is now in a position to address vulnerabilities around their most sensitive data and put the necessary security controls in place. The insights Primitive Logic delivered continue to add value in other areas as well, including simplifying the post-M&A integration process for future acquisitions.
We Can Help
Let the Primitive Logic team help you achieve mindful digital transformation.