August 31, 2021

Cyberhaven Helps Glosten Protect Sensitive Data and CUI Without Overburdening Staff

Glosten is one of the marine industry's premier engineering and consulting firms providing design services for a wide range of vessels and maritime projects. As a key part of a critical industry, ensuring the safety of customer and partner data is a vital part of Glosten’s business. As a result, the Glosten team needed to be able to see and control the flow of information related to its various projects, including partner data such as Controlled Unclassified Information (CUI) related to federal projects.

Why Glosten loves Cyberhaven

Glosten Challenges
  • Needed to safely enable internal teams to work with high-value customer data while maintaining strict oversight and control of the data.
  • Bolster security controls for the protection of Controlled Unclassified Information (CUI) as defined by NIST 800-171 Rev2 and the Cybersecurity Maturity Model Certification (CMMC).
  • Small Security and IT team needed to remain highly efficient and could not afford to be weighed down with time-consuming security tools.
Cyberhaven Benefits
  • Enabled the team to easily monitor and control the flow of information tied to specific high-value projects.
  • The team was able to easily define and add protections for CUI.
  • Simple, cost-effective solution that enabled the organization to meet new security demands without burdening the Security and IT team.

    Executive summary

    For more than 60 years, Glosten has been one of the marine industry’s premier engineering and consulting firms providing design services for a wide range of vessels and maritime projects. As an independent, employee-owned company, Glosten brings together a unique blend of naval architects and marine, electrical, and ocean engineers to deliver highly innovative solutions to the most challenging problems in the marine industry.

    As a key part of a critical industry, ensuring the safety of customer and partner data is a vital part of Glosten’s business. As a result, the Glosten team needed to be able to see and control the flow of information related to its various projects, including partner data such as Controlled Unclassified Information (CUI) related to federal projects.

    However, traditional DLP tools proved to be far too complex and burdensome to operate and ultimately were not able to provide adequate visibility and control over the flow of sensitive information. With Cyberhaven the team was able to deliver on these goals easily and accurately, ensuring that partner data remained safe, and providing an easily extensible model for protecting data going forward.

    In their own words

    "Ultimately, we needed functionality beyond what big-company DLP could do, and we needed to be able to deliver it with a small-company staff."

    Jacob Gerlach Chief Security Officer, Glosten

    The Challenge: Meeting Big Company Security Requirements with Small Business Resources

    Small and medium businesses play key roles in modern technology supply chains, and it is critical for these organizations to protect their sensitive data and that of their partners. Additionally, industry regulations and even larger enterprises themselves are increasingly mandating that these smaller businesses meet specific standards in relation to cybersecurity. For example, NIST’s SP 800-171 and the related CMMC Model defines how non-federal organizations should protect Controlled Unclassified Information known as CUI.

    The team at Glosten knew that they wanted to gain better visibility and control over their sensitive data and CUI. The organization needed to enable employees to work with data tied to specific projects while making sure that data remained safe and was not overshared. However, traditional DLP products are notoriously complex and difficult to manage even for large organizations with large security teams. And like most smaller enterprises, Glosten had a small, but efficient IT and Security team. The organization needed to introduce stronger security but without overwhelming the existing staff.

    After evaluating several solutions, the team quickly realized that traditional DLP tools were both too difficult to work with and were not able to give them the control they needed over their internal intellectual property and CUI.

    “As we looked at the various DLP solutions it became clear that they were just far too complicated, expensive, and hard to manage,” said Jacob Gerlach, Chief Security Officer at Glosten. “But most concerning was the fact that even after putting in all the effort, we still weren’t able to really control the flow of our sensitive information. Ultimately, we needed functionality beyond what big-company DLP could do, and we needed to be able to deliver it with a small-company staff.”

    How Cyberhaven’s Data Detection and Response (DDR) platform helped

    With Cyberhaven, the Glosten team was able to gain visibility and control over the flow of sensitive data on a per-project basis. The team was able to easily define data sets tied to particular partners or projects as well as data that contained CUI. The team was then able to monitor and enforce policies on this high-value data, ensuring that data remained tightly controlled even as staff worked on the data.

    Cyberhaven was able to deliver results in the following key areas:

    Simple setup and management – The Glosten team was able to easily define important data based on where the data originated and was stored. By simply defining the origin of important data, Cyerhaven automatically traced and monitored the data without the need to create and manage complex signatures or rule sets.

    Risk-based visibility and control over data – Cyberhaven automatically monitored all actions related to the company’s sensitive data and projects. IT and Security staff could easily see who had interacted with the data and identify potentially risky usage and sharing. Leveraging Cyberhaven’s automated policies, the team was able to alert and respond to issues before risky actions led to any exposure of data.

    Enhanced security related to NIST 800-171 – By adding Cybehaven, Glosten was able to improve its ability to view and control the flow of CUI. Cyberhaven made it easy to focus on specific regulated datasets and clearly document how that data was accessed and protected on an ongoing basis.

    “After looking at many of the DLP products out there, Cyberhaven gave us something really unique. As a small organization, we just can’t afford to have our team bogged down with security tools that require lots of effort,” said Gerlach. “Cyberhaven helps us to continue to punch well above our weight by delivering security that is above and beyond the industry standard with small company staff and resources.”

    Companies that win with data trust Cyberhaven

    Start tracing your data