Yapı Kredi opts for "M365 E5 Information Protection" to safeguard its information

Yapı Kredi’s efforts for data classification and protection solutions date back to 2018. After testing several options in this area, it decided to proceed with a different product. Working consistently to provide the best response to the customers’ needs and support for future strategies, teams underline that many solutions fail to reach the desired level and that one of the most challenging aspects is to find a solution sophisticated enough for the business`s needs.

Discover here the background of a pioneering step Yapı Kredi took in data security with the largest M365 E5 Information Protection use in the financial sector in Türkiye, with its benefits including data security, manageability, and effective environment for classifying and managing unknown data, and regulatory compliance.

A solution that validates all requirements

Implementing data protection solutions capable of responding to enterprise-class environments presents several challenges. A good user experience, the challenges of classifying various documents, identifying the solution while optimizing the process are just a few. At this point, it is critical to move towards the right solution in phases, with top management's guidance and a business plan. Yapı Kredi has achieved its goal of a sophisticated solution through its cooperation with Microsoft with all due processes planned and run effectively.

The classification of data in the banking sector was a hot topic long before data became decisive for all sectors. There have been several projects implemented by Yapı Kredi for data classification as part of the all-time process required by regulations. In 2017, the decision was made to move forward with a different solution. Ongoing problems with legacy products meant that teams were ready and eager to undertake an assessment of needs and evaluation of alternative solutions, of which Microsoft's Azure Information Protection was one. At the time, a final decision made to employ a new (non-Microsoft) solution and company-wide roll out commenced. However, persisting problems in performance ensued that the company decided to uphold Microsoft as the new solution partner.

Meanwhile, teams identified Microsoft AIP to respond much better and started Microsoft AIP rollout. Project teams continued to work on data classification and management, particularly in line with requirements set forth by PDPL (Personal Data Protection Law) and BRSA (Banking Regulation and Supervision Agency). The business conducted several different projects in the process, with recent changes in data classification as per PDPL and BRSA regulations, receiving consultancy in the storage and classification of structured and unstructured data. The solution, finalized by changes in label architecture, has been in use by all users since December 2020.

The solution running on IP&G within the M365 E5 now offers unified labelling as well. With unified labelling in Microsoft 365, organizations have a more integrated approach to creating, configuring, and automatically applying comprehensive policies to protect and manage all data from devices to applications and cloud services to business. Building on innovation in this field, Yapı Kredi introduces its new label architecture on this novel structure.

High security and powerful performance with M365 E5 Information Protection

Stressing the critical importance of robust performance in data classification and management solutions, project teams stress the significance of user experience at this point. Ensuring that a user can perform a problem-free classification appears to be streamlining the data security process. Another prominent benefit is that the M365 E5 Information Protection supports the corporate strategy of Yapı Kredi in the context of compatibility with its integration into existing Microsoft 365 products.

The project, which took place within the context of Yapı Kredi and Microsoft cooperation, was conducted through the inclusion of a broad group of stakeholders in the process. Data Security, Information Systems Security Policies Management, and Business and Data Architecture teams of Yapı Kredi were actively involved, while various teams from Power BI, Cyber Security, Windows business units at Microsoft Türkiye were also engaged. It has been extended to almost all business units on an enterprise scale, as it is a solution that closely affects the work processes of many. Employees were actively included in the process with announcements, trainings, and relevant information. Product replacement and dissemination processes were completed quickly thanks to the strong teamwork providing quick solutions to emergent problems.

Strong and practical plans with a future-proof solution

The project team wants to expand their capabilities in terms of auto classification and include new features of Microsoft in its plans. Thus, it targets an even smoother user experience and stronger protection for documents. Project teams that will move to the RMS process through the Double Key Encryption method following the Unified Label Client installation will take document management and protection to the next level. Taking classification as a starting point for data security, the project team is phasing the next era with a holistic perspective to ensure security based on the different class types of classified information, to establish automatic rules, to offer encryption or measures to be taken according to label types.

They emphasize that Microsoft AIP solution can be easily run on cloud infrastructure at any time if they like to work the data classification infrastructure on cloud, both because of the ability to deploy as per the current regulations and support the future cloud vision, and that this is a solution choice that is in accordance with Yapı Kredi Technology's cloud conversion strategy. Yapı Kredi is also poised to take the lead in data security, using the largest M365 E5 Information Protection in its sector in Türkiye.