E.ON Russia (InfoWatch Traffic Monitor Enterprise)

According to the chief specialist on data protection of "E.ON of Russia" Roman Popov, the information security is one of the highest priorities of the company as it treats the enterprises having a strategic importance for economy of Russia. Special attention at the same time is paid to the personal data protection and information which is a trade secret.

Practically at once, after foundation of the company process of consolidation of IT infrastructure of the enterprises making it began, the centralized IT services and data warehouses therefore interfilial information streams sharply increased were created, at the same time there was a preparation for initial public offering. During this period the security service (SS) of the company faced new to itself and more difficult tasks of control of the distributed corporate information system which participants are carried from each other on thousands of kilometers.

After E.ON became the core shareholder of "E.ON of Russia", except earlier existing national and internal requirements to cybersecurity there was a need to execute also international. Several serious cybersecurity incidents aggravated the need for creation of a system which not only would help to control information flows, but also would promote conducting legally significant investigations of cybersecurity incidents.

Like that SB and IT department of the company selected the system of data loss prevention (DLP) from quality. Mr. Popov became the initiator of the project and its head from the customer. Among the products presented at the Russian market, by its estimates, requirements of the company best of all there corresponded InfoWatch Traffic Monitor Enterprise.

The set of such properties as existence of interceptors for a broad spectrum of data transmission channels (e-mail, the Internet, removable mediums, printers, etc.), the cybersecurity centralized control system of rules, a possibility of the analysis of data retrieveds on all controlled channels and — the most important — the full text content analysis with support of the Russian morphology including retrospective became at once the main selection terms which defined the choice of this product. The requirement to availability of a DLP system in the distributed customer's IT infrastructure determined need of support by the system of a cluster architecture and balancing of loading at once.

Started implementation in 2008 against the background of the consolidation of IT assets which began earlier. The Moscow headquarters of the company where nearly three hundred employees work became a polygon for pilot implementation. The pilot project took about a month. From the customer the project manager, the employee of SB participated in him and actively the personnel of IT service were attracted. The integrator and vendor (LETA and InfoWatch respectively) were provided by project managers and technical specialists (on one from each party). The project was controlled by the management of "E.ON of Russia". From the moment of purchase of a controlling stake of OGK-4 by E.ON company auditors from Europe began to inspect work of the cybersecurity systems regularly.

As the sales director of InfoWatch company Konstantin Levin reported, at a pilot stage the customer did not set a task of check of operability of a system in the on-line mode — first of all expected results of investigation of cybersecurity incidents, check of load of a DLP system, compliance to the international requirements to transparency of business processes with a position of providing Information Security and service by the system of storages of electronic correspondence. Upon completion of a pilot project a system was brought into commercial operation, first of all for control of mail traffic.

The main specifics of this project, according to Mr. Popov, were that the solution InfoWatch had to be adapted on the run for dynamically changing infrastructure of the company and interceptors for other channels (removable mediums, mobile devices of access, printers) were integrated into a system as required. Implementation of DLP helped to reveal such data transmission channels which are subject to control on leaks which were not considered by the customer earlier.

By Mr. Levin's estimates, in the organizational plan the project was difficult because of the alerted attitude of personnel of the customer not only towards external contractors, but also towards representatives of own adjacent divisions in the course of issue of the DLP system of information required for start. Because of it owners of data (their list is replenished still) came to light with great difficulty.

At implementation problems of a categorization of data and identification of the owners corresponding to categories were first-priority. As a ghost effect project participants noted noticeable decrease in Internet traffic: data ceased to be transferred to the inadequate addresses. About one and a half years the technology substrate was implemented, and then orders entered procedures of investigation of the cybersecurity incidents connected with dissemination of information of certain categories.

Now a system actively develops, but fully (on all channels) services only the Moscow office so far. The updating of a system which is carried out in 2011 made it much easier and effective in operation. Connection of the local IT resources located in other regions of the country is in the long term planned.

Mr. Popov characterized a present system status so. Integration with a corporate directory service is implemented. The reporting subsystem which is not requiring profound technical knowledge works thanks to what without technical intermediaries also business customers can use it. Modules of detection of documents according to digital fingerprints and detectings of personal data are implemented. The automated tool is used for creation of base of content filtering. All this, according to him, simplifies use of a system and increases its efficiency which is directly connected with that, how accurately a system works with an information stream, how precisely outgoing documents are categorized in the automatic mode. Compliance of the customer to requirements to cybersecurity from national and foreign regulators became an important performance indicator of a DLP system.

The problem of a categorization of data of a trudozatratn and, by Mr. Popov's estimates, in the manual mode is almost impracticable at that volume of documents with which the E.ON Russia company operates. Today a system solves it in the automatic mode on the fly that excludes influence of a human factor. According to Mr. Popov, a system "understands" not only belonging of the document to specific subject (for example, contents in it financial information), but also to what area the text belongs (we will tell, to accounting documentation).

Now a system is serviced by one IT engineer to whom support of backup and interaction with technical support of InfoWatch is assigned. One employee of SB is engaged in preparation of reports and updating of base of content filtering. Roman Popov is responsible for the organization of the investigations initiated on the incidents registered by a system. As project participants reported, during operation of a system with its help a number of internal investigations including pro-active is conducted.

The customer estimates present project deliverables as exclusively positive. "Joint work with InfoWatch helped us to understand, чтó is confidential information for our company and to record this understanding in our organizational and administrative documents. The mode of a trade secret and control of its observance — here those obligatory components without which the implemented DLP system turns into the inefficient ballast which is not allowing to solve the problems assigned to it" — Mr. Popov noted.