ARROW GLOBAL GROUP
DIGITAL TRANSFORMATION Case study
Arrow Global Group PLC is a leading credit and asset management business with teams operating across the UK and Europe. As an organisation that processes credit and debt information, data protection is at Arrow Global's operations' beating heart.
Arrow works across multiple markets under various operating companies that all share the 'One Arrow' ethos. As a top priority for 2019, Arrow aimed to consolidate their siloed groups under shared security and work collaboration tools. The main goal was to connect colleagues worldwide to communicate and collaborate in a smart, safe and efficient way.
Generation Digital's overall aim was to enable Arrow employees to develop better working relationships and unlock the 'One Arrow' culture's potential. After a discovery and evaluation phase Arrow selected Workplace by Facebook for its intuitive user interface, excellent mobile user experience, and functionality. The familiarity of the Workplace by Facebook platform among employees would also drive quicker adoption, greater utilisation and better engagement across the Arrow Group.
Workplace From Facebook platform in action
The support of Arrow's Information Security Team also became a critical part of the transformation project. Their involvement ensured that the Workplace implementation complied with the Group's information security requirements. Operating under a strict financial regulatory regime across all geographies, Arrow's regulatory and contractual obligations concerning data protection were of paramount importance. The initial review of the native security within Workplace found that Arrow would inevitably require stricter security controls.
"I didn't know much about Workplace by Facebook, however upon researching its default offering, I found that there were several areas in which the platform wouldn't meet our stringent security requirements, especially if Arrow were to use the platform in the way we wanted."
Matthew O'Neill, Group Information Security Manager at Arrow Global
Matthew O'Neill, Group Information Security Manager at Arrow, explained: "I didn't know much about Workplace by Facebook, however upon researching its default offering, I found that there were several areas in which the platform wouldn't meet our stringent security requirements, especially if Arrow were to use the platform in the way we wanted."
As a result, Arrow would need a layered, strength-in-depth approach to security, with multiple measures serving as fail-safes. "As well as ensuring that Workplace didn't become a free-for-all for internal visibility of confidential documents, we also needed to maintain security controls to remove the risk of sensitive data going outside of our perimeter," he concluded.
There were two viable security approaches for Arrow to take: "We had a choice; proceed within the agreed timeframe but only use the platform for public content or, maintain the goals from the original brief of allowing for free collaboration. The latter option would push back the launch date to ensure that content and data were secure and in compliance with internal and external data regulations. In the end, we agreed that extending the timeframe was both necessary and valuable to ensure the project met the original brief."
Using Okta and Netskope to manage SSO + MFA
After working with Generation Digital to assess the additional security requirements and evaluate vendor compatibility, Arrow chose the Okta and Netskope platforms to support its security enhancements. Okta is a Cloud Identity Solution providing identity and access management to Workplace via Single Sign-On (SSO) and Adaptive Multi-Factor Authentication (MFA).
Netskope is Generation Digital's de facto cloud security choice for content management and data protection in the SaaS era. Netskope's End Point Agent was installed on all corporate devices preventing unapproved data and files from ever reaching the Workplace cloud. Netskope's Reverse Proxy provides an additional security layer to support "Bring Your Own Device" (BYOD) including employees iOS devices. With the Reverse Proxy, all traffic to Workplace first goes through the Netskope private Security Cloud.
Netskope Security Cloud for managing sensitive data
The final safety guard in the Netskope platform would come from the API integration. Netskope is also physically built into the Workplace platform, so if all else fails inappropriate content will be automatically removed in seconds if it gets posted to Workplace.
Arrow's first action was to prepare an Acceptable Usage Policy. The policy would inform the project team and employees of what was allowed within the platform and drive the project implementation.
Matthew: "The policy creation was a big task, and while many policies are pre-programmed into Netskope, we wanted to tailor specifics to optimise both security and usability. For instance, Netskope has an existing profanity blocker, but we wanted to capture local dialects. Researching local Glaswegian profanities was an eye-opening experience!"
Matthew added: "Identifiable Information (PII) blockers can also be problematically heavy-handed without tailoring as they can block full name use, which prohibits users from tagging colleagues by name on Workplace."
Although securing the Workplace by Facebook platform added three months to the project timeframe, the security implementation and roll-out went smoothly.
"The Netskope and Generation Digital teams were great, working collaboratively with us to achieve our goals in the tight timeframe. They were knowledgeable as well as supportive of our intention to launch in a very short timescale. Our needs were specific, we required extensive tailoring, and we were not prepared to compromise on our minimum-security standards, which was something they fully supported."
Matthew O'Neill, Group Information Security Manager at Arrow Global
Matthew: "The Netskope and Generation Digital teams were great, working collaboratively with us to achieve our goals in the tight timeframe. They were knowledgeable as well as supportive of our intention to launch in a very short timescale. Our needs were specific, we required extensive tailoring, and we were not prepared to compromise on our minimum-security standards, which was something they fully supported."
"As a company responsible for data belonging to nearly 3 billion people, Facebook takes security very seriously. Workplace adheres to the highest security standards with globally recognised compliance and security certifications. However, the project team at Arrow Global also took security very seriously and invested a significant amount of time with us to ensure the security solution was of world-class standing." Graham Mackay, Managing Partner at Generation Digital.
The Workplace platform is now up and running on Arrow corporate devices for employees in all geographies. Early signs show impressive usage and adoption among Arrow employees. Arrow's Information Security Team enhanced the security of the platform without compromising on usability. The platform adoption has been so positive that the Group Corporate Communications Team is already pulling back on its use of email, further driving company-wide dependency on Workplace.
Following the successful deployment of Netskope's Cloud Access Security Broker (CASB), Arrow Global have now decided to standardise on Netskope as their group wide cloud security platform. Designed and deployed by Generation Digital, the solution provides Arrow Global with unrivalled visibility, real-time data and threat protection when accessing cloud services, websites, and private apps from anywhere, on any device.
Protect data and users everywhere.
Safely enable the cloud and web.
Deliver security that is fast and scalable.