Trion Group
Trion's Business Challenge
Corey Musselman, Senior Information Security Officer, has worked at Trion for more than 9 years in IT management and security developing a next-generation IT infrastructure that provides Trion's employees with fast and reliable access to business-critical systems. Trion Group's core business—delivering innovative and sustainable benefits packages—involves managing large amounts of sensitive data, including confidential health records and personal information on insurance claims. Due to obvious business and regulatory requirements, Trion's privacy policy states that "no client-specific data may be saved on any portable device unless encrypted." However, as the number of mobile and work-from-home employees using laptops, smartphones, and other removable storage devices continued to increase, Corey realized that Trion faced significant risk.
After conducting a detailed risk assessment, Corey determined that there was an annualized 1.5% probability of laptop theft or loss. The cost of such a loss—in terms of breach notification, credit monitoring services, civil fines and lawsuits, HIPAA fines, and cost to company reputation—totaled nearly $11 Million per incident.
With this analysis and cost justification in mind, it was imperative that Trion implement an enterprise-wide encryption solution to protect sensitive data on mobile devices. Corey therefore began searching for a data security solution that provided broad functionality, compatibility with existing operating systems, ease of management, cost effectiveness, and limited end user interaction. As Corey stated, ""with the sensitive data required for normal business operations, whole disk encryption was a must. The temporary files hidden in directories that users never see can defeat any best effort on the part of my very careful users. We needed a solution that did not require end user interaction."
Finding the Right Solution
Although Corey was confident in his need for full disk encryption, he quickly realized that not all solutions are created equal. While most employ similar encryption algorithms and provide comparable functionality on the endpoint, there are huge differences in the administrative burden for deployment and management. With an expensive data breach as a real possibility, Trion Group enlisted infoLock Technologies (ILT) to conduct a comprehensive analysis of its mobile data security needs, focusing on the following key areas:
- What mobile devices are in use and what sensitive data resides on those devices?
- Can a solution provide broad functionality, to include disk encryption, removable storage encryption, and device control and port management?
- Can the solution integrate with Active Directory?
- Can the solution be centrally managed, to include deployment, policy updates, and password recovery?
- Can the solution allow for real-time reporting and alerting?
With these requirements in mind, infoLock Technologies conducted an exhaustive survey of available encryption products and assisted Trion in the evaluation of product features and functionality. Once the solutions that met the basic requirements were identified, they were then tested for ease of deployment and end user impact, to include: remote deployment, machine performance, password recovery, and help desk burden. After a careful vetting process, Trion ultimately chose the Data Protection Platform from GuardianEdge as the best-of-breed solution. The GuardianEdge Data Protection Platform not only enabled Trion to encrypt sensitive data on laptops and removable media devices but also control which devices were approved for use and prevent unapproved device usage.
With technical support provided by ILT consultants, the solution was phased in over time until eventually all of Trion's laptop users and, more importantly, its sensitive data was protected from data loss and theft.
Results/Customer Success
Trion has successfully encrypted hundreds of laptops and removable storage devices using GuardianEdge encryption management software, including GuardianEdge Hard Disk (GEHD) and GuardianEdge Removable Storage (GERS). With GuardianEdge, Trion is able to centrally monitor and manage its encrypted endpoints; recover lost/forgotten user passwords; provide secure, off-network access to sensitive data; and, remotely decrypt laptop computers. More importantly, with the auditing, logging and reporting capabilities provided by GuardianEdge, should a device ever be lost, Trion can quickly and easily produce reports that confirm that the device was encrypted, providing regulatory safe harbor.
Trion users are comfortable with authenticating to and using their encrypted endpoint devices, and system performance has not been negatively impacted. Trion IT staff is able to manage endpoints and data as before, including device deployment, maintenance, backup, and recovery activities.
Most importantly, Trion has not experienced a data breach from a lost or stolen laptop or removable data storage device and is in regulatory compliance for mobile data protection. "We are very pleased by the GuardianEdge solution that ILT brought to us as a best-of-breed fit for our needs. With so many different solutions available in the market, it was very useful to be paired up with the right technology partner," said Trion's Corey Musselman.
