Case study - Johnston Carmichael

Johnston Carmichael comprises a large team of Chartered Accountants based in Scotland that needed to control the usage of USB memory sticks and other portable storage devices around the organization because of the security threats they pose. The proliferation of portable devices giving users the capability to add, as well as remove data to and from a network led to an increased awareness of the risks involved if such activity available occurred by unauthorized personnel. With this growing threat in mind, Johnston Carmichael chose to secure their workstations' endpoints by implementing GFI EndPointSecurity to prevent data being removed from the network without permission and to prevent threats such as viruses being introduced onto the network via the same channels.

Challenges

Johnston Carmichael operate within the financial industry and therefore have access to a lot of privileged and sensitive data. They could not afford that this data be removed from the secure system of the office without consent or that a security threat be brought into the network via USB or other portable devices.

Keith Ross, Johnston Carmichael's IT Technical Director, explained: "We had growing concerns around the proliferation of USB Storage devices and their ever growing data capacities. They are easy to obtain cheap and in many cases given away free. We needed to implement some control over their use within the business."

Johnston Carmichael wanted to implement a solution that was effective and that was affordable so they conducted their research into data loss prevention software to find a solution that met their needs.

"We wanted a cost efficient solution that we could implement quickly and on a tight budget to address the immediate business concerns. GFI was one of the first we came across which was reasonably priced and would do the job. GFI also seemed to have a good suite of other known products. We took the decision to progress with GFI EndPointSecurity mainly on costs basis because we also considered Pointsec, Guardian Edge and Sanctuary but all were too expensive in comparison."

Implementation

The introduction of GFI EndPointSecurity has given greater control to the IT department of the organization allowing them to implement and enforce policies on the use of portable devices and the copying of data.

"We have been able to demonstrate that we can prevent unauthorized use of non approved USB devices firm-wide. GFI EndPointSecurity also provides some audit information on the data that is being transferred to Approved Company issue USB Storage devices," said Mr. Ross.

"The IT Department now has far better control of our PC and Laptops systems and their use. We only allow the use of company purchased and white listed USB Flash Drives for use by our Audit teams. No other USB storage devices will work when plugged in. We have enabled access to non Company issued devices at reception PC's only at each office to allow the transfer of data files from our clients. These can then be scanned and returned to the client directly. We have included details on the use of USB storage devices in our IT Usage Policy."

Implementing GFI EndPointSecurity was a smooth process for the organization with everyone aware of the new security measures in place.

Mr. Ross explained that "no training was necessary however some trial and error was required. GFI has become easier to use and more consistent in applying protection policy settings, still not 100% but getting there. We rolled out GFI EndPointSecurity in a slow methodical manner rather than a big bang approach."

Benefits

One of the greatest benefits of GFI EndPointSecurity for Johnston Carmichael was a solid security product for a very affordable price.

"GFI EndPointSecurity did not requiring a major capital expenditure for our organization compared to what we would have paid for some of the other bigger players' solutions. We were able to implement a solution to address a business problem without a big financial hit or overly complex solution. I would say it has been cost effective in that the outlay was very acceptable compared to some other known products yet it delivers the level of control which we were looking for," said Mr. Ross.

Moreover the organization also experienced time-management benefits and had no issues with staff resenting the new security measures due to their well-planned policies and dissemination of the news.

"It has saved us time in our operations in that we have managed to plug a hole in our security and this can contribute to reduced risk and problems associated with users trying to plug in non approved devices. We try and educate our users about system security by having new employees complete a security training video and test before they are granted Internet access. By educating our users on the risks of USB Storage systems abuse, viruses and so on they can appreciate why we have to implement such systems so it has not raised any issues for us. As long as we had solutions in place to meet different scenarios required by the business there have no problems with it."

Target reached

"Our main target was initially to block USB Storage Devices. Once the policies were set up and tested we were able to roll that out firm-wide over a controlled period of time and it worked. That met our initial target from the outset."

Links

For more information about GFI EndPointSecurity visit our product discovery page.

Download of the software here

Disclaimer: All product and company names herein may be trademarks of their respective owners. To the best of our knowledge, all details were correct at the time of publishing; this information is subject to change without notice.