Process Optimization and Regulatory Compliance with Kriptos: The Aguas Andinas Success Story
By
Alfonso Villalba
April 2, 2024
-
7
min read
+1.5K
Employees
+8M
Users
Kriptos impact
ISO 27001 Compliance.
Adaptation to Law 21459 in Chile
Country
Chile
Industry
Utilities, specifically water supply.
Estrategic impact
Process optimization by eliminating manual data classification in Human Resources and Finance, reducing data loss and increasing process reliability.
Aguas Andinas is one of the traditional Chilean companies with more than 200 years of history, founded in 1861 as a public utilities company and migrated to a service approach in 2001, becoming an emblematic company for the whole country. With more than eight million users, Aguas Andinas faces an enormous challenge to keep the Chilean population, commerce and industry supplied on a daily basis.
Its high standards are certified by ISO in several quality regulations: 9001, 14001, 45001, 5001, 22301, 37001, 27001 and 55001 NCH 3262. A sign of its commitment to quality and responsibility towards its users and suppliers to always provide the best.
"Life becomes easier and controls are easier to apply, and this makes security work better." - Juan Francisco Huechucura, responsible for Cybersecurity.
The Challenge: Manual Data Classification
As part of its continuous improvement process and the development of good practices in terms of hygiene and IT security, Aguas Andinas always has the accompaniment of its management team to engage in projects that drive excellence.
In 2015, it was decided to initiate a process of data discovery and classification for the areas of Human Resources and Finance, a manual process that sought to identify and determine the classification criteria with users. After 6 months, they considered the exercise ready, the information classified for a group of 30 people, the team trained in classification, with a process that allowed adding tags to the DLP to be able to build search dictionaries and thus protect the information entering and leaving those two teams within the company.
Two weeks went by and, between internal movements in the areas and people leaving the company, the exercise that had taken months to develop had been completely derailed.
"We took more than 6 months and the exercise was lost in two weeks. In addition, the tags that had been generated for the DLP were not functional because everything was configured manually with respect to the search dictionary and with the internal movements that took place in the company, the exercise was no longer reliable". - Juan Francisco Huechucura, responsible for Cybersecurity.
The Solution: Kriptos, Intelligent Data Classification Software
After evidencing this case where the intention was there, but the management was not sustainable and after a deep evaluation process, they found in Kriptos a strategic ally for their data classification and information identification process. Having the traceability of the discovery for the whole company was very important, as they knew that manual exercises would not give them the total coverage of the company and this was of vital importance for protection. After having developed the manual work, the Aguas Andinas team knew that avoiding human error was also crucial to be able to apply it to the entire company, because the user, when he has the last word, generates errors; on the other hand, Kriptos standardizes the process and allows a single finding for everyone.
Key Factors to Choose Kriptos
When it came to making a decision, there were factors that were decisive in choosing Kriptos as their sorting tool:
Intelligent and autonomous work: The initial process is slow and the workshops take the exercise to be able to fine-tune the tool. After that, as it was automatic, it allowed a classification in a short time, from 3 to 6 months everything was already classified.
Integration: With the arrival of Kriptos, the current CASB could be connected, allowing them to take action on restricted and confidential documents so that these documents do not leave the company without any control or traceability.
User mobility: By being able to have visibility of the information, it is easy to trace when a user moves from one area to another or leaves the company; this allows for greater control over the data within the company.
Unified classification criteria: The more people involved in the classification process, the more complex it will be to reach an agreement on how to treat a document.
Automated: Being able to have the work done automatically, makes the exercise a permanent confidence, which is developed in real time and can become a continuous and uninterrupted process.
Impact and Benefits of Kriptos in Aguas Andinas
Revealing discoveries: In the first review, in two weeks they already had documents identified with credit card numbers, documents that were stored in the equipment and were exposed.
Complete visibility of the information: They verified that not only directors, managers and assistant managers are the ones who handle confidential information, but that down the line the same information is being traded, allowing them to realize that they had to protect not only the directors but the entire staff that handles the information.
Risk management and insurance: They learned an estimated value of how much the content of certain information costs, which is relevant to the process and allows them to take out adequate insurance.
Regulatory Compliance and Strategic Impact
Regulatory Impact: Compliance with ISO 27001 regulations and adaptation to Law 21459 on computer crime in Chile.
Aguas Andinas keeps aligned with strict regulations and norms, such as Law 21459 on computer crime in Chile and PCI DSS regulations for payment gateways. Kriptos allows them to review in detail which documents may contain sensitive data and pay maximum attention and security to protect their users.
In addition, the group has a subsidiary that performs sampling analysis, and demonstrating the security and information protection controls in place within the business group becomes a determining factor that allows it to position itself as the best option for companies that require its services.
"The process of classification and achieving these certifications has given a plus for the company to be awarded this type of contracts, it endorses what we have been doing. You have a good level of information security, as a supplier we can count that the information you have from us will not be leaked or disclosed and that all possible safeguards are taken to maintain confidentiality." - Juan Francisco Huechucura.
Aguas Andinas recommendation
Juan Francisco, Moises and Jose recommend their colleagues to start moving forward with the solutions for information classification and internal and external information processing, highlighting: "In Chile, the data protection regulation is about to come out, which is framed in the European standard. This will require us to apply a lot of controls. This should make your life easier in terms of classification and control of information if you add it to a CASB and DLP, you would have a fairly advanced compliance with the future law, because the treatment you are going to give is a more advanced level".
Discover Our Success Stories
Read about our customers' achievements and how our solution helped them.
Case
7
min read
Process Optimization and Regulatory Compliance with Kriptos: The Aguas Andinas Success Story
Learn how Aguas Andinas optimized their process by eliminating manual data classification in Human Resources and Finance, reducing data loss and increasing process reliability, with Kriptos solution.
Case
5
min read
RIMAC: Strengthening a 126-Year Legacy with Data Security Innovation
Learn how RIMAC strengthed their data security to ensure the integrity and confidentiality of information, with Kriptos solution.
Case
5
min read
Banco Solidario: Optimizing Data Classification with Kriptos for a Secure and Reliable Future
Discover how Banco Solidario eliminated the time-consuming manual labor in data classification, improving operational efficiency, with our solution.
Discover the Power of Classification
Get Full Visibility and Manage your Sensitive Information.