The company faced significant challenges with data leaks and insufficient data governance. They lacked knowledge of the data they possessed, and there were no adequate controls over data management, including its transfer, access, and security, both internally and externally. A notable concern was the misuse of sensitive data, including unauthorised printing, exporting to USB devices, and transmission of sensitive information without appropriate protection.

The 848 team collaborated with the client’s IT and Data Security teams to enhance data security and governance. This process involved:

• Assessment: Conducting a thorough assessment of data, processes, and user security to identify gaps, leaks, and vulnerabilities.

• Data Classification and Policy Management: Implementing a unified approach for data classification, policy management, analytics, and APIs.

• Utilising Microsoft E5 Compliance Licenses: Maximising the benefits of existing Microsoft E5 compliance licenses through an in-depth assessment of their existing Microsoft 365 environment.

• Developing a Zero Trust Environment: Using Microsoft’s Data Governance Model, the focus was understanding and classifying data, encryption, access restriction, data loss prevention, and governance through policies, automation, compliance procedures, and user training.

• Deployment of Sensitivity Labels and DLP Policies: Implementing sensitivity labels for critical data protection and onboarding all Windows devices onto Microsoft Purview Data Loss Protection (DLP) for Endpoint. This included the creation of DLP policies for internal and external data process assessment and protection.

• Custom Vulnerability Reporting System: Establishing a system to capture and alert about data misuse and high-risk events, preventing actions in near real-time.

As a result of the collaboration with the 848 Group, the biopharmaceutical company has significantly enhanced its understanding and management of data security. They now have a deeper understanding of their data types and have implemented robust measures to protect against unauthorised access and sharing.

The integration of advanced endpoint protection and Data Loss Prevention (DLP) policies further fortifies their defence against data breaches. The newly established vulnerability reporting system enables weekly monitoring and rapid response to potential data security incidents, significantly reducing the risk of data leaks and enhancing overall data governance.