Financial
Services Firm

CASBSmart Discovery

Real World Results

icon1

Application Insight

Visibility into 3000+ Cloud Apps

icon2

Identification of Risk

Identification of high-risk services in use

icon3

Cloud Readiness Validation

Validation of Cloud readiness for known Cloud services

icon4

Actionable Insight

Remediation plan for high-risk Cloud services

About Financial Services Firm

The client in question is one of the UK’s largest and most established financial services firms with over 20,000 employees, serving over 15 million customers.

The Challenge

Nephos Technologies were selected to deliver our Smart Discovery service by one of the UK’s leading financial services organisations to identify unsanctioned Cloud usage and develop a strategy to apply governance to their Cloud-based services. Like most financial services organisations, the customer is moving toward digital channels when it comes to engaging their clients, with a desire to reduce costs and speed up time to value.

The organisation has developed a “Cloud first, not Cloud only” strategy; meaning that where possible services will be consumed from the Cloud – whether that be SaaS, PaaS or IaaS, to accomplish this. There are two challenges with this model for a regulated business:

  1. How do they identify Cloud services that are “Enterprise Ready.”
  2. How do they apply the right level of control over data that is stored and processed in the Cloud?

The customers current toolsets cannot cope with this new delivery model. The organisation acknowledged this potential gap and went to the market for a solution in the CASB space, but before doing so wanted to gain a baseline level of visibility into the current state of Cloud usage to identify:

  1. What unapproved Cloud services are in use
  2. What risk do those services pose?
  3. Are the known Cloud services enterprise-grade – do they pose any threat?
  4. How can these risks be mitigated?

The Nephos Solution

The customer partnered with Nephos Technologies to answer these questions, as well as to help inform their decision-making process when it came to vendor selection to resolve these issues. Nephos Technologies delivered these answers through our Smart Discovery service. Nephos Technologies Smart Discovery service provides actionable insight into the Cloud services in use, as well as the risk that they pose to your data.

We deliver results in less than four weeks, and with no hardware/software deployment required from the customer. The combination of the simplicity of the approach, the breadth of Cloud services we identify (over 30,000) and the speed to get results were all critical factors for the customer when evaluating potential partners to work with. Nephos were selected as we demonstrated an ability to meet each of these criteria and were capable of working within the customers’ data handling processes.

The Outcome

Nephos identified over 3,000 Cloud services in use, almost 100x more than expected, posing a potentially significant risk to the clients’ data. Each of the services identified is given a risk score based on over 20 critical criteria, and this forms the basis of the remediation plan provided by Nephos. As part of the investigation, Nephos identified the following key information:

  • High Risk applications being used by the organisation (known and unknown)
  • Applications storing data outside of the UK
  • Applications that take ownership of the clients data once uploaded
  • Services with known breaches

In addition to these areas, Nephos were also able to identify a number of Cloud services that contain regulated data, including 92 HR applications (only 5 of which would be classified as enterprise-ready) as well as number of Cloud services that lack compliance certifications or datacenter standards, such as SOC-1/2 or PCIDSS. Nephos’ Smart Discovery service gave the customer some much-needed visibility over their actual Cloud usage and risks, as well as informing their overall Cloud security strategy.

Nephos Technologies Enables Leading UK Financial Services
Firm to Identify Shadow IT in the Cloud

More Information

Download The Case Study

img

Download

img

Book a free consultation with one of our data specialists.

Contact Us