How Cboe Global Markets stays ahead of data risks and cloud storage costs with Cyera
- Maintaining visibility into growing sensitive data volumes
- Staying ahead of sensitive data exposures impacting the financial services industry
- Managing the complexities of a global data protection program
- Dynamic inventory of datastores and sensitive data records
- Contextualized understanding of sensitive data and potential regulatory exposure
- Minimized threat surface and optimized cloud storage costs
Company
Cboe Global Markets, a leading provider of market infrastructure and tradable products, delivers cutting-edge trading, clearing and investment solutions to market participants around the world. Cboe provides trading solutions and products in multiple asset classes, including equities, derivatives, FX and digital assets, across North America, Europe and Asia Pacific. Cyera helps Cboe maintain visibility of sensitive data, understand their exposure and mitigate the security and compliance risks present across their data landscape, while optimizing cloud storage costs.
Challenges
Cboe seeks to leverage its market expertise and innovative technology to provide holistic equities offerings. The company runs one of the world’s largest global derivatives and securities networks with 26 markets/exchanges, 1,400 employees, and 16 regional offices. The total volume across Cboe's options exchanges was 830 million options contracts in Q1 2022.
As the company grew, so did the volume of sensitive data they manage and the complexity of protecting it. Cboe manages and protects over 10 years of data using a myriad of siloed technologies to help various business stakeholders with their inventorying and protection needs.
In addition, the company had been undertaking a massive cloud migration effort, bringing on-premise data to the cloud to improve its ability to manage, analyze and extract value from the data. To facilitate a scalable and secure cloud migration, and evolve their security and privacy controls to account for the increasing volume and complexity it represents, Cboe’s security team pursued a solution to ensure that key stakeholders across the organization could answer the following questions:
- Where does sensitive data reside?
- What are the data classes residing in each datastore?
- Who has access to the data?
- How best to protect the data once it has been identified?
Solution
Cboe leveraged Cyera’s DSPM (data security posture management) solution to scan, tag, and contextualize over 200 terabytes of data across mainly on AWS. Cyera immediately identified over 100,000 sensitive records contained within a handful of select datastores, and highlighted the sensitive data exposure present in their environment due to a mix of datastore configurations, user access, and backup and retention policies.
Cyera accelerated and automated the data classification process for Cboe, adding critical context to their sensitive data and prioritizing the most pressing security, compliance, and risk exposures. This enabled the incident response and data loss prevention teams to focus on addressing the most critical data exposures to improve their readiness and resilience posture. Furthermore, the classification outputs helped the teams responsible for cloud administration gain visibility into the types of data residing across their datastores, including unstructured data in Amazon S3 and structured data in relational databases deployed on AWS.
Results
Improved data visibility
Cyera’s intelligent data discovery and classification engine continuously scans Cboe’s cloud environments to determine where sensitive data resides. Cyera automatically learns from Cboe’s data landscape without the need for human invention and manual tuning; learned data classes such as member and vendor identifiers that reflect the uniqueness of Cboe’s business and contextual information such as data subject role are automatically included as part of the classification output.
Improved insight into potential risks
The ability to quickly and accurately identify sensitive data enables Cboe’s security team to understand, then prioritize potential risks associated with the data. Cyera provides an inventory of data, showing where salary information, customer transaction data, and credentials are stored. Cboe’s security team leverages Cyera to understand what sensitive data is stored as plain text or encrypted and identify instances of overly permissive access to sensitive data.
Streamlined incident response
The alerts raised and remediation guidance provided by Cyera work alongside existing technologies such as the SIEM and IT ticketing system, helping teams across Cboe collaborate and resolve security workflows.
Reduced costs
Despite data being a valuable asset, data can also become a liability and cost. Ghost data that was supposed to have been deleted or stale data that contains outdated information contribute to the overconsumption of storage costs without providing utility for the business. Cyera helps Cboe control cloud storage costs by identifying ghost data and other data copies that unnecessarily lead to overconsumption.