One company has found a way to allow the use of mobile devices – with data defense and compliance needs, reports Greg Masters.
When one of the world's pre-eminent investors, Warren Buffett, acquired Clayton Homes in 2003, even the “Oracle of Omaha” couldn't envision the wireless revolution that would soon revise the way business partners and clients communicated across enterprise empires.Clayton Homes has been selling and leasing manufactured and modular homes and commercial properties since 1934. The company, based in Maryville, Tenn., and a division of Buffett's Berkshire Hathaway, has built more than 1.5 million homes, secured financing for more than 325,000 customers and insured 160,000 families.
With 12,000 team members operating 35 home-building facilities and more than 1,000 home centers across the United States, its employees turn to a wide variety of mobile devices to send and receive emails that contain sensitive and regulated information about home financing, manufacturing, purchasing and proprietary designs. If revealed, this information could increase risk levels and set the company up for regulatory charges, not to mention loss of customer confidence.“We needed to find a way to allow our employees to use mobile devices to send and receive email within the boundaries of security and compliance,” says Jodie Swafford, information security manager at Clayton Homes.
Employees at the company often conduct business outside of the confines of the wired office. Company policy encourages them to use mobile devices when they are on the road or working remotely so they can stay in touch with customers and be available for new, fast-moving opportunities. For employees to take advantage of mobility's benefits, their IT department needed to address the security, privacy and regulatory issues of email communications.
There are many competing products on the market, Google Postini among them. Before making a decision, Swafford and his team evaluated several solutions. “We looked for one that was cost effective and could provide us with strong security and compliance across multiple mobile platforms as well as offer control, flexibility and scalability.”After reviewing several possibilities, the IT team chose the Proofpoint Enterprise Protection SaaS [software-as-a-service] email security solution. It delivered on all of the requirements needed and more, says Swafford.
One way it does this is by providing a set of enterprise email security and compliance solutions that can be accessed through its SaaS offering, deployed as virtual appliances inside of private clouds, or as on-premise hardware appliances, says Rami Habal, director of product marketing at Proofpoint.
“Using the solution, customers such as Clayton Homes can allow employees to use the advantages of mobile while adhering to corporate and regulatory security and compliance requirements,” Habal says. “Proofpoint customers recognize that security and compliance must be interwoven into any mobile initiative. Without it, costly data breaches and compliance violations will occur.”
In the modern IT environment, data is constantly in motion and spread out to a wider range of devices, says Habal. “Workers are doing more business on the road, from remote locations and across consumer mobile devices. Constant increases in new users and devices, email-borne attacks and spam volumes, along with ever-changing regulatory requirements are placing extreme pressures on IT security teams,” he says.
With Proofpoint, Clayton Homes gained a number of advantages, says Swafford. It saved the company money, and he was able to scale the Proofpoint solution as the company grew. “Proofpoint's capabilities allowed us to extend security and compliance to email communications as new employees, other users and mobile devices are added to the network,” he says.Further, Clayton Homes' IT team can now support a variety of consumerized IT devices and operating systems, including Apple's iPad and iPhone, Android, Windows Phone 7 and BlackBerry mobile devices.
“If your employees are doing business across handhelds and tablets, you can be assured that with Proofpoint
all email communications are secure,” says Habal.
Swafford particularly was impressed with how rule sets for security, privacy and compliance across different business units can be customized and turned on and off as needed. Prior to Proofpoint, defining these rule sets across divisions was slow and painful, requiring massive amounts of employee effort, he says.“Manufacturing requires a different set of rules than finance, finance requires a different set of rules than sales, and so on,” Swafford says. “With Proofpoint, we were able to use out-of-the-box rule sets, tweak them slightly as needed, and even create custom rules for different business units. Once rule sets were defined, we really only needed to turn Proofpoint on. It immediately began governing all email communications at the rate of thousands per day.”
In addition, the offering eliminated the need for a third-party anti-spam service, saving Clayton Homes tens of thousands of dollars per year, he says. “Proofpoint's anti-spam capabilities are not only more effective, they also provide a high degree of accuracy, creating fewer false positives and greater protection against a wider range of email-borne viruses and threats.”The company also was able to further reduce risk with effective data leakage prevention (DLP). If an employee accidentally includes sensitive customer information in an email or an attachment – a Social Security number, for example – Proofpoint's DLP capabilities identify it and automatically block or encrypt it before the email leaves the system, says Swafford. “Proofpoint even produces a report showing what had to be automatically encrypted, which helps in educating users about encryption.”
The Proofpoint deployment was easy, fast and effective, Swafford says. “We were both pleased and impressed. We were able to rapidly deploy and be in full production mode within our scheduled timeframe.” There were many reasons why the deployment was seamless, he adds. Chief among them was that it required little customization and integrated easily with the company's existing Microsoft Exchange Server.And, Proofpoint is easy to manage and operate, Swafford says. “Its cloud-based model frees us from having to provide operational support, maintenance, patching, upgrades and regulatory changes. Proofpoint's intuitive design and minimal customization requirements presented us with a low learning curve.”
Five years ago, BlackBerry, Windows Mobile and Palm dominated the mobile communications market. With the rapid adoption of consumerized IT across the board, Clayton Homes is now beginning to see considerably more iPad, iPhone and Android devices in use. Employees are encouraged to use all of these devices, as they improve productivity and support business activities, Swafford says. Although the new devices are creating additional threats, the need to extend security and compliance over email remains a top priority. With the Proofpoint solution in place, Swafford is confident about securing email across the company, regardless of platform.Phishing attacks, malware and spam dominate the email threat landscape, says Swafford, whose team is seeing increasing numbers of attacks. While 10 years ago, Clayton Homes only had to contend with threats on a single platform, the corporate PC, now attackers can leverage email clients deployed on desktops, laptops, tablets and smart devices that are owned and operated by the company and its employees. These attacks come in as attachments, malicious links embedded in email bodies, and infected PDFs and Microsoft Word documents. But, with Proofpoint, Swafford says his team is able to provide added layers and defense that protect against all of these popular attack methods regardless of the platforms they target.
Security and compliance updates are pushed out automatically, says Habal (left). “Proofpoint takes on the burden of understanding compliance, the latest attacks and changes.”Moreover, today's enterprises are looking to cut costs and improve efficiency without sacrificing quality, security or compliance, Habal says. Customers expect the highest levels of service quality, availability and stability. “With Proofpoint, customers such as Clayton Homes are reducing costs without sacrificing protection or compliance for the thousands of emails sent and received each week across their central and mobile network.
In fact, in some cases, companies are realizing a 30 percent lower total cost of ownership (TCO) when using Proofpoint's SaaS-based solution, says Habal. This value results from several factors, including reduced deployment time, no requirement for supporting infrastructure, no need for application testing, lower training requirements, no ongoing business process change management, high visibility of costs in the service fee, no unscheduled downtime and easy deployment and integration.As Clayton Homes continues to expand and grow as a company, Swafford expects Proofpoint to play a significant role not only for its mobile security and compliance initiatives but also for its overall security program.
“Moving forward, we expect to extend our communications and collaboration activities beyond just email, using all customer and lead-generation channels,” he says.
Compliance: Protecting data
Maryville, Tenn.-based Clayton Homes contends with a number of compliance regulations. Its finance activities require it to protect customers' personal information under Sarbanes-Oxley, and its human resources department must adhere to HIPAA for certain benefits programs.
“When it comes to compliance, we have to make sure we have the proper controls in place and are able to produce reports for internal review and external audits,” says Jodie Swafford, information security manager at Clayton Homes.
This is particularly important because customers' personal information is being transmitted during the financing application process. To qualify for a home loan, customers must pass rigorous credit checks that require them to disclose information, such as Social Security numbers. A central component of Clayton Homes' mobile security and compliance program focuses on stopping such data from being transmitted via email.
“With Proofpoint, we know that sensitive information is secure because it is encrypted before it is sent,”
Prior to Proofpoint, the company had to rely on regular expression techniques to identify sensitive information within emails. With Proofpoint, it can take advantage of out-of-the-box default rules, catch emails containing sensitive information before they leave the network and run auditor-friendly reports proving that it is able to stop Social Security numbers from being transmitted via email.
“Our Proofpoint solution provides security, privacy and compliance across the entire corporate network,” he says. “We require all of our employees to use our Microsoft Exchange server, which means that Proofpoint's security, compliance and encryption capabilities are extended across all email communications.”
Originally, the solution was deployed to provide security, privacy and compliance to business units that deal with the most sensitive information. Initial results were positive, which led Clayton Homes to expand its deployment.
“Now, we are able to take advantage of Proofpoint's flexibility to continue to extend governance over a growing number of departments and increasing numbers of employees and mobile devices,” says Swafford. – Greg Masters