How Samsung R&D Plugged Up Data Leakage
Deployed a data leakage system to prevent information leakage through the network, and an external data transfer process for employees to get information security authorization before sending any confidential message.
Samsung has a number of R&D centers strategically spread across the globe. India is amongst the hotspots of Samsung's innovation strategy. There are three R&D Centers in India in Bangalore, Delhi, and Noida. Together, the three Centers employ more than 10,000 R&D personnel in India, making it one the largest pools of R&D talent in the world for a country.
The R&D centers generate significant amount of intellectual property data. However, they didn’t have a mechanism to monitor, track and prevent these data across email and Internet. Increase in confidential information leakage accidents and damage by internal personnel went unnoticed. Striking potential of significant monetary damage due to the leakage of R&D Center's core confidential information was another implication. The top management were concerned about this vulnerability and they wanted to plug this security gap.
Protecting the IP
The company deployed enterprise message scanning system for data leak detection & prevention. ‘The enterprise message scanning system has the capability to monitor all messages by collecting and tracing them in real-time on the network to prevent internal confidential and sensitive information from being sent through the network,’ says Narottam Sharma, DGM - ISD (Head IT & IS), Samsung R&D Center India.
Additionally, External Data Transfer Process was rolled out for employees to get department head and information security authorization before sending any confidential message outside over e mail/upload on Internet. Further, information security operations do daily monitoring of external e-mails/internet upload logs, etc and report any incidents leading to disciplinary actions against defaulters.
Return on Security Investment: On time detection of data leakage incidents over E-mail or Internet that have the potential to cause huge financial (amounting to millions of dollars) and reputational impact to the company.
Data Theft Prevention: Enables particular focus on R&D, strategic departments, candidates to retire, employees with security incident records.
Deterrence: On-time reporting of data leakage incidents and quick disciplinary actions against defaulters resulting in deterrence effect.
Incident Reduction: Reduction in Incidents by 100% over a period of six months since implementation.
‘I was instrumental in developing a strong business case for the implementation of data loss prevention solution and getting buy-in of top management,’ says Narottam. ‘Once the tool was deployed, I contributed to develop associated processes of external data transfer and monitoring to make best use of the tool and achieve the business objectives,’ he adds.
Future innovation plan for this solution will be to configure and implement the Real-Time Alerting Feature that throws alerts whenever an event of unauthorized data transfer occurs from any user. ‘This will help ensure that the organization is protected against the data leakage threat in real time and timely action can be taken before the incident causes any business impact, Narottam concludes.