When John Graham joined Jabil four years ago as its first Chief Information Security Officer (CISO), he found an IT environment that was an early adopter of cloud computing but did not have a security focus. Capitalizing on the availability of high-quality, cloud-based security tools and services, Graham was able to quickly and cost-efficiently develop a comprehensive cybersecurity infrastructure with Digital Guardian’s managed services at its core.
Jabil is a $19 billion provider of comprehensive product design, production and product management services to electronics and technology companies worldwide. Digital Guardian provides a unified platform across all IT assets supported by cloud-based analytics service, detecting and blocking all threats to sensitive information. The two joined forces to secure the intellectual property of Jabil’s customers and Jabil’s own information assets.
“The majority of our assets and our secret sauce is in Jabil’s operations,” says Graham, giving examples such as Jabil’s process for buying raw materials, the nature of its supply chain, and where it gains profit margins. But Graham’ cybersecurity responsibilities also extend to Jabil’s many clients: “We have to pay a lot of attention to ensuring that we protect our customers’ intellectual property,” he says.
Jabil’s cybersecurity modernization meant switching from securing the perimeter to securing endpoints—all remote devices accessing the corporate network. To update Jabil’s cybersecurity model in a timely fashion while keeping his small team focused on specific tasks such as data governance, Graham turned to Digital Guardian’s managed service. In addition to taking over 24/7 global program administration, Digital Guardian’s agent technology increased the visibility and understanding of how and why data moves throughout the organization.
Graham’s security team gave each business unit the ability to classify intellectual property according to the way they worked with it, where was it stored, who had access to it, and what applications relied on it. That was the basis for defining a baseline security level and more restrictive levels for employees dealing with more sensitive data.
Within 30 days of full deployment, Jabil’s security team gained visibility into all data access and usage across 52,000 workstations. They immediately identified data being copied to USB drives more commonly than anyone expected. As a result, a new policy for external storage devices was established, requiring their registration, and the encryption of sensitive files as necessary. In addition, more secure employee workflows were defined that prompted users on risky behaviors.
Beyond the initial project to establish the foundation for a mature security model, Graham highlights the ongoing benefits of Digital Guardian’s threat and intelligence service. “They are able to deploy changes in our environment based on changes in the threat environment,” he says. As a trusted partner, “they also serve as a sounding board for us if we see things that don’t look right,” adds Graham.
Kevin Jones951 Posts
Kevin Jones, Ph.D., is a research associate and a Cyber Security Author with experience in Penetration Testing, Vulnerability Assessments, Monitoring solutions, Surveillance and Offensive technologies etc. Currently, he is a freelance writer on latest security news and other happenings. He has authored numerous articles and exploits which can be found on popular sites like hackercombat.com and others.