Customer Story

Drummond Community Bank protects Microsoft 365 data and ensures compliance with financial regulations

10

Minutes to build a fraud case, down from three weeks

5

Minutes to restore a deleted SharePoint folder with Druva

About customer

Drummond Community Bank, based in Chiefland, Florida, was organized in 1990 by a group of local business owners who saw a need for a locally-owned and locally-managed bank. Shares of stock were made available to interested investors who provided the foundation of what quickly became the dominant banking institution in the area, and its only locally-chartered bank.

The challenge

Drummond Community Bank has a small-town charm, backed by an impressive cloud-based IT infrastructure. The bank was an early adopter of cloud and software-as-a-service (SaaS) tools, most recently migrating to Microsoft 365 in 2019. However, newly-appointed CTO Josh Branch was concerned about its data security and backups.

“We outsource our IT to a managed service provider (MSP), and I was shocked when they said they didn’t archive our Microsoft 365 (initially just Exchange Online) data,” Josh said. “That’s too risky for a regulated financial institution with compliance responsibilities.”

With its Microsoft 365 data exposed to accidental loss, deletion, and ransomware, the bank faced a host of risks including non-compliance fines and poor customer experience, and its CTO lacked the confidence to roll out SharePoint and Teams to its 200 users given its current backup strategy.

“My goal with this company is to get us away from anything on-premises, so we needed a cloud-first solution to protect our Microsoft 365 environment,” Josh said. “Plus, our MSP was so expensive. We needed to reduce IT cost and complexity, while improving our compliance and cyber resilience.”

The solution

The CTO evaluated Commvault Metallic, as it was offered by its MSP, but eliminated it due to its on-premises server requirement. “It didn’t make sense to backup SaaS data to the cloud and bring it back on-premises as this would consume precious bandwidth”, he added.

Josh’s team also considered Archive360, but it required the setup and management of an Azure instance to ensure enough CPU or disk space, further complicating the process. The CTO determined that Druva was the only cloud-native platform with the features and capabilities the bank needed.

During its two-week proof of concept (POC), the CTO put Druva to the test by deleting an entire SharePoint site and waiting a week before restoring from backups. “The restoration process was so simple and intuitive, it was ridiculous. It took about five minutes,” Josh said. “I wish all my software choices were this easy.”

Following the successful POC, IT moved Microsoft 365 data for the bank’s 200 users to Druva over the course of a weekend. “I feared a complicated move, but I only had to initiate the process on Friday, then came back Monday and it was done.”

“I signed the contract, spent 20 minutes with great Druva support staff, and we were up and running. I haven’t had to touch it since.”

Results

With Druva, retrieving email for fraud cases takes about 10 minutes, compared to the three-week period Josh previously faced. “I had an instance where we needed to retrieve email to and from two individuals over a one-year period. I had to manually collate Exchange data from three separate systems, build the audit trail, and look at timestamps. Now that we have Druva, all that is automated and I can build an entire fraud case in 10 minutes if I need to, which is 99.9% faster than before,” said Josh.

Before Druva, Josh was hesitant to introduce Microsoft SharePoint, Teams, and OneDrive to employees. Now, he’s ready to move forward as this cloud-native data protection solution delivers consistent data retention for Microsoft 365 and automatically restores data to original locations.

“I have the confidence with Druva to roll out the rest of the Microsoft 365 suite to our users. I know the data will be protected against ransomware and be quickly recoverable should a security event occur,” Josh said.

For Microsoft 365, Josh now has what the bank needs to ensure compliance with regulations like the Gramm-Leach-Bliley Act for consumer financial privacy (GLBA), and payment card industry data security standard (PCI DSS). Druva also helps the bank meet the CIA (confidentiality, integrity, and availability) Triad for security policy development. In addition, it locates information in record time.

“I’ve got a fully compliant, cloud-native, data protection solution that proactively notifies my VP of IT and myself via email. I check it monthly and then move on with my day. How easy is that?”

“I now have more capacity to make life easier for the bank’s customers,” Josh said. This provides a distinct advantage for the company to stay relevant in the digital era. “When COVID hit, it was obvious that digital banking services are no longer a convenience – they are a requirement,” Josh said. That’s why he plans to bring more of the bank’s products into the cloud.

Challenges

  • Exchange Online data was at risk as the MSP managing its IT infrastructure was not backing up the data
  • Reliance on Microsoft replication with no way to recover data older than 90 days
  • Lack of secure, easily accessible data backups put the bank at risk of incurring non-compliance fines for GLBA, PCI DSS
  • Commvault Metallic required on-premises servers and Archive360 required the bank to manage an Azure instance

Solution

  • Cloud-native data protection solution delivering a consistent data retention policy for Microsoft 365 and restoring data to original locations with automated search and restore
  • A single pane of glass through which IT can manage and quickly restore Microsoft 365 data (starting with Exchange Online, and continuing with the planned company-wide rollout of SharePoint, Teams, and OneDrive)
  • Ability to meet the CIA Triad, providing the CTO confidence to demonstrate to the board that their Microsoft 365 data is protected

Results

  • 99.9% faster time to build a fraud case with Druva compared to its previous reliance on Microsoft and manual processes
  • Ability to meet GLBA and PCI DSS compliance requirements, as the bank can explain how it shares and protects customers’ private information
  • Restoration of a deleted SharePoint folder within five minutes during the POC