Cyberhaven Helps Glosten Protect Sensitive Data and CUI Without Overburdening Staff
Glosten is one of the marine industry's premier engineering and consulting firms providing design services for a wide range of vessels and maritime projects. As a key part of a critical industry, ensuring the safety of customer and partner data is a vital part of Glosten’s business. As a result, the Glosten team needed to be able to see and control the flow of information related to its various projects, including partner data such as Controlled Unclassified Information (CUI) related to federal projects.
For more than 60 years, Glosten has been one of the marine industry’s premier engineering and consulting firms providing design services for a wide range of vessels and maritime projects. As an independent, employee-owned company, Glosten brings together a unique blend of naval architects and marine, electrical, and ocean engineers to deliver highly innovative solutions to the most challenging problems in the marine industry.
As a key part of a critical industry, ensuring the safety of customer and partner data is a vital part of Glosten’s business. As a result, the Glosten team needed to be able to see and control the flow of information related to its various projects, including partner data such as Controlled Unclassified Information (CUI) related to federal projects.
However, traditional DLP tools proved to be far too complex and burdensome to operate and ultimately were not able to provide adequate visibility and control over the flow of sensitive information. With Cyberhaven the team was able to deliver on these goals easily and accurately, ensuring that partner data remained safe, and providing an easily extensible model for protecting data going forward.
In their own words
"Ultimately, we needed functionality beyond what big-company DLP could do, and we needed to be able to deliver it with a small-company staff."
The Challenge: Meeting Big Company Security Requirements with Small Business Resources
Small and medium businesses play key roles in modern technology supply chains, and it is critical for these organizations to protect their sensitive data and that of their partners. Additionally, industry regulations and even larger enterprises themselves are increasingly mandating that these smaller businesses meet specific standards in relation to cybersecurity. For example, NIST’s SP 800-171 and the related CMMC Model defines how non-federal organizations should protect Controlled Unclassified Information known as CUI.
The team at Glosten knew that they wanted to gain better visibility and control over their sensitive data and CUI. The organization needed to enable employees to work with data tied to specific projects while making sure that data remained safe and was not overshared. However, traditional DLP products are notoriously complex and difficult to manage even for large organizations with large security teams. And like most smaller enterprises, Glosten had a small, but efficient IT and Security team. The organization needed to introduce stronger security but without overwhelming the existing staff.
After evaluating several solutions, the team quickly realized that traditional DLP tools were both too difficult to work with and were not able to give them the control they needed over their internal intellectual property and CUI.
“As we looked at the various DLP solutions it became clear that they were just far too complicated, expensive, and hard to manage,” said Jacob Gerlach, Chief Security Officer at Glosten. “But most concerning was the fact that even after putting in all the effort, we still weren’t able to really control the flow of our sensitive information. Ultimately, we needed functionality beyond what big-company DLP could do, and we needed to be able to deliver it with a small-company staff.”
How Cyberhaven’s Data Detection and Response (DDR) platform helped
With Cyberhaven, the Glosten team was able to gain visibility and control over the flow of sensitive data on a per-project basis. The team was able to easily define data sets tied to particular partners or projects as well as data that contained CUI. The team was then able to monitor and enforce policies on this high-value data, ensuring that data remained tightly controlled even as staff worked on the data.