With approximately ten thousand employees, Banco de Crédito e Inversiones (BCI) is the third-largest bank in Chile. The company satisfies the financial needs of both corporate and retail banking customers through a countrywide branch network, international representation offices, and remote service channels such as ATMs, the Internet, and phone platforms. BCI provides savings and checking accounts as well as complementary products and services including investment counseling, asset management, stock trading, and insurance.
Integrated protection and support
Like all banks, BCI holds a great deal of confidential information about its customers in its IT infrastructure such as credit card information, social security numbers, and financial data. The bank takes its obligation to keep this data secure very seriously. BCI was concerned that employees might take customer information with them if or when they change employers, sell or misuse data fraudulently, or put information at risk in any number of innocent but misguided ways. In addition to allaying these concerns, BCI needed to comply with PCI DSS standards and regulations. To address these needs, BCI resolved to implement a powerful new tool to prevent the loss of sensitive data.
Already a user of McAfee Total Protection (ToPS) for Endpoint, BCI needed to look no further than McAfee for a solution to help protect customer information and to achieve its compliance requirements — McAfee Host Data Loss Prevention (Host DLP). “We had already come to appreciate the benefits of the tight integration and central management that McAfee provides for all our IT security applications,” explains Cristian Fuentes, chief security officer for BCI. “We knew it would be the same with McAfee Host DLP. Like each of the components of ToPS for Endpoint, Host DLP is managed by McAfee ePolicy Orchestrator (ePO) and closely integrated into our overall solution.”
Another major consideration in the bank’s decision was the value of McAfee’s support organization. “We had also come to appreciate the benefits of a single, excellent source of any kind of support needed,” Fuentes adds. “Whenever an issue arose with our existing security arsenal, we had become accustomed to just picking up the phone and calling our account representative,” Fuentes explains. “By choosing our data loss prevention solution from McAfee as well, we knew the support would remain centralized — and outstanding.”
Quick and seamless deployment
The implementation of McAfee Host DLP proved to be straightforward. BCI started by thoroughly evaluating its entire infrastructure and data to identify all potential points of data egress and to understand the risks entailed with each of them. Then, using McAfee ePolicy Orchestrator (ePO), the company developed an initial set of data protection policies and implemented enforcement for them by properly configuring Host DLP.
Once these policies were in place, BCI began with pilot installations of Host DLP at some of its branches. The bank found that the solution worked well without impacting daily business functions, and then proceeded with confidence to perform a complete company-wide deployment. The solution was well received by employees, who found it had no impact on performance or normal operations.
By saving us from the costs of losing this information, McAfee DLP pays for itself. Furthermore, by preventing the damage to our reputation that would accompany such incidents, it provides us with a distinct competitive advantage. McAfee Host DLP has been an excellent investment.Cristian Fuentes
Chief Security Officer, BCI
McAfee Host DLP has fully lived up to BCI’s expectations, allowing the bank to do a better job than ever at protecting confidential customer information. In some cases, the solution blocks errant employee behavior that the bank was aware was happening but had previously found difficult to stop. For example, in the past, wellintentioned employees often took files home for evening work on their own computers, and these files sometimes contained sensitive personal information. Host DLP now blocks the exit of this information no matter how the employee tries to transport it — webmail, CD, DVD, etc.
Another possible situation that BCI prepared for, but thankfully didn’t have to worry about, is that Host DLP can both detect and block forms of dangerous or malicious behavior that puts customer data in jeopardy. An example of this scenario is if an employee tried to print out files that contained social security numbers. This practice is in violation of bank policy. Through the detection powers of Host DLP, information security staff members would learn about this occurrence ahead of time. And through the solution’s prevention capabilities, the staff is able to put a stop to this from happening in the future.
“We are proud of the personal data protections we have put in place with help from Host DLP,” says Fuentes. “But we know the job is never finished. We are constantly refining our policies to achieve even better protection. As our next step, we are planning to implement McAfee Network Data Loss Prevention as well. It will give us a better idea about where information is coming from, where it is going, and what is happening on our network in general.”
Before data can be protected it must be understood. McAfee Network DLP provides unique technologies that assist in understanding data. Using the Capture database in McAfee DLP will save BCI months of consulting and give the bank the added confidence that it’s truly protecting customer data.
BCI knows that data leakage comes with a heavy price. The bank appreciates the value of DLP. “Data leakage can be very expensive in many ways. Host DLP has protected our customers’ data from many instances of theft and fraud. By saving us from the costs of losing this information, McAfee DLP pays for itself,” Fuentes concludes. “Furthermore, by preventing the damage to our reputation that would accompany such incidents, it provides us with a distinct competitive advantage. McAfee Host DLP has been an excellent investment.”