RIMAC: Strengthening a 126-Year Legacy with Data Security Innovation
Learn how RIMAC strengthed their data security to ensure the integrity and confidentiality of information, with Kriptos solution.
Aguas Andinas is one of the traditional Chilean companies with more than 200 years of history, founded in 1861 as a public utilities company and migrated to a service approach in 2001, becoming an emblematic company for the whole country. With more than eight million users, Aguas Andinas faces an enormous challenge to keep the Chilean population, commerce and industry supplied on a daily basis.
Its high standards are certified by ISO in several quality regulations: 9001, 14001, 45001, 5001, 22301, 37001, 27001 and 55001 NCH 3262. A sign of its commitment to quality and responsibility towards its users and suppliers to always provide the best.
"Life becomes easier and controls are easier to apply, and this makes security work better." - Juan Francisco Huechucura, responsible for Cybersecurity.
As part of its continuous improvement process and the development of good practices in terms of hygiene and IT security, Aguas Andinas always has the accompaniment of its management team to engage in projects that drive excellence.
In 2015, it was decided to initiate a process of data discovery and classification for the areas of Human Resources and Finance, a manual process that sought to identify and determine the classification criteria with users. After 6 months, they considered the exercise ready, the information classified for a group of 30 people, the team trained in classification, with a process that allowed adding tags to the DLP to be able to build search dictionaries and thus protect the information entering and leaving those two teams within the company.
Two weeks went by and, between internal movements in the areas and people leaving the company, the exercise that had taken months to develop had been completely derailed.
"We took more than 6 months and the exercise was lost in two weeks. In addition, the tags that had been generated for the DLP were not functional because everything was configured manually with respect to the search dictionary and with the internal movements that took place in the company, the exercise was no longer reliable". - Juan Francisco Huechucura, responsible for Cybersecurity.
After evidencing this case where the intention was there, but the management was not sustainable and after a deep evaluation process, they found in Kriptos a strategic ally for their data classification and information identification process. Having the traceability of the discovery for the whole company was very important, as they knew that manual exercises would not give them the total coverage of the company and this was of vital importance for protection. After having developed the manual work, the Aguas Andinas team knew that avoiding human error was also crucial to be able to apply it to the entire company, because the user, when he has the last word, generates errors; on the other hand, Kriptos standardizes the process and allows a single finding for everyone.
When it came to making a decision, there were factors that were decisive in choosing Kriptos as their sorting tool:
Aguas Andinas keeps aligned with strict regulations and norms, such as Law 21459 on computer crime in Chile and PCI DSS regulations for payment gateways. Kriptos allows them to review in detail which documents may contain sensitive data and pay maximum attention and security to protect their users.
In addition, the group has a subsidiary that performs sampling analysis, and demonstrating the security and information protection controls in place within the business group becomes a determining factor that allows it to position itself as the best option for companies that require its services.
"The process of classification and achieving these certifications has given a plus for the company to be awarded this type of contracts, it endorses what we have been doing. You have a good level of information security, as a supplier we can count that the information you have from us will not be leaked or disclosed and that all possible safeguards are taken to maintain confidentiality." - Juan Francisco Huechucura.
Juan Francisco, Moises and Jose recommend their colleagues to start moving forward with the solutions for information classification and internal and external information processing, highlighting: "In Chile, the data protection regulation is about to come out, which is framed in the European standard. This will require us to apply a lot of controls. This should make your life easier in terms of classification and control of information if you add it to a CASB and DLP, you would have a fairly advanced compliance with the future law, because the treatment you are going to give is a more advanced level".