- Project finished 40% under budget
- Privatized 18 applications in 14 weeks
- Completed project 2 weeks ahead of schedule
- Provided $22.3 billion worth of data protection
BTRG’s client is an audit, tax and advisory firm with a global consisting of 137,000 professionals, including more than 7,600 partners, in 144 countries. Revenues for the fiscal year ending September 30, 2010, were US$20.63 billion.
The client delivers a globally consistent set of multidisciplinary services based on deep industry knowledge. Its industry focus helps company professionals develop a rich understanding of clients’ businesses and the insight, skills, and resources required to address industry-specific issues and opportunities.
The client was planning on outsourcing the support and development of non-production systems to reduce total cost of ownership. However, these systems contained Client Confidential Information, which could not be exposed to the outsourcing firm. Outsourcing could not move forward until the client confidential information was privatized. In order to enable this outsourcing effort, the sensitive data in these systems needed to be masked and privatized.
In addition to outsourcing, the client had very strict deadlines in place for its data masking effort. There was also a specific timeline contracted with the outsourcing firm that was set and the privatization had to be complete before outsourcing could take place.
BTRG deployed the Masking Automation Software tool, the engine powering the Data Masking Factory solution to speed up the data masking process. This tool integrates with Optim to automatically populate the software based on rapid design sessions. The BTRG Accelerator tool allowed for the compression of Requirements Gathering, Analysis, Design, Development and Documentation all into one step.
Next, the Masking Automation Software uploaded a set of configuration files to Optim, enabling it to execute the data masking solution without requiring any coding. This eliminated the need for technical resources on the Optim Data Masking effort, shortening the project timeline.
In order to address the security requirements the client faced, BTRG implemented IBM InfoSphere Guardium solution to both scan for sensitive data as well as monitor privileged users and data base activity and IBM InfoSphere Optim to privatize or de-identify sensitive data in the non-production systems.
BTRG’s Data Masking Factory was able to completely privatize our client’s 18 primary, business critical applications in 4 weeks. Using the Data Masking Factory approach took an average of 4 days per application whereas to privatize an application using a more traditional approach would have taken between 2x and 10x as long from start to finish.
The project was completed 2 weeks ahead of schedule and 40% under budget. During this time the Data Masking Factory solution analyzed over 15,000 tables and 500,000 columns to identify at-risk data. Ultimately, over 102 million rows of data were deemed at-risk and subsequently masked. At a potential cost of $217* per stolen record this provided $22.3 billion worth of protection. Even at only a 5% risk factor that is still over $1 billion worth of protection for a fraction of the cost.
This project cost less than $2M, including both software and services, making the cost to mask each record about $.02 ($2M/102M records = 0.019). According to research conducted by the Ponemon Institute and presented in the 2010 Annual Study: Global Cost of a Data Breach¹, a data breach costs an organization an average of $217 per compromised record. With over 102 million records masked, the Data Masking Factory provided our client with $22B worth of market value protection for a fraction of the cost.
Throughout the project, BTRG engaged in a structured knowledge-transfer process that equipped the client with the internal skills needed to carry the Data Masking Factory solution forward and replicate it on a large scale. As a result, our client not only protected its core systems for a fraction of the cost but also developed a new IT capability that could be offered as a service to other parts of the business.