CASE STUDY

Énergir

Industry: Energy

Region: QC, Canada

Energy sector pioneer strengthens data privacy

With more than $9 billion in assets, Énergir is a diversified energy company on a mission to find sustainable ways to meet the energy needs of its 535,000 customers.

Pain

Recognized for its good corporate citizenship in Quebec, Vermont, and beyond, Énergir takes its responsibility to its employees, customers, and the environment seriously.

Committed to reducing greenhouse gas (GHG) emissions, Énergir distributes more than conventional natural gas. The company is relentlessly focused on pioneering innovative energy projects, and increasing the role of renewable energy in its activities.

As they address climate risk, they’ve also stepped up their efforts to address data risk. Énergir is responsible for increasing amounts of data from hundreds of thousands of customers. Olivier Beauregard, Director of Internal Audits at Énergir, works with other internal departments to ensure responsible custodianship of the data entrusted to their organization.

As with any modern business, over time, data moves across the organization. “Personal information can be extracted from a database and saved in a spreadsheet or sent via email. There are an infinite number of possibilities. Even with the strictest internal policies in place, data can be inadvertently stored in an improper location or shared with an unauthorized party. This creates compliance gaps and exposes the company to unnecessary risks,” said Olivier.

 

Olivier decided to perform a risk assessment.

“I wanted facts in the form of a comprehensive data inventory. In this job, you never want to go on assumptions. We needed a tool that could give us a full picture of all data in our possession, whether it lived on our servers, in cloud-based drives, emails, or even laptops.”

 

 

Solution

For advice on the right solution, Énergir turned to trusted partner MNP LLP. Having a broad view of solutions available to the market, MNP recommended Qohash’s Qostodian ReconTM without hesitation.

According to Olivier,

“It’s one of the easiest tools to install and use. We were up and running in minutes, using only a virtual machine, and with zero training required.”

 

In fact, Olivier pointed Recon at an 11 Terabyte target and found that it could scan up to 10 Gigabytes per hour. He was able to scan all files in network-accessible drives.

“I was able to understand the value, location, and type of data we have in all business systems,” Olivier said.

“Of equal importance, and one of the reasons MNP recommended Recon, was its ability to provide detailed results without a ton of false positives. We like the granularity and context of the findings. It makes the next steps we should take obvious, instead of giving us more manual work to do.”

 

 

Results

With Recon, companies like Énergir can protect data without impeding business processes or limiting access to data. Most of all, it helps them reinforce their value of maintaining customer trust.

With factual information that provides a clear picture of the current situation, Olivier’s team was able to make recommendations to help Énergir maintain a solid data security posture. Having concrete results also placed both IT and legal in a better position to support their data governance initiative, including continuing employee education to ensure policies are properly communicated and understood.

Olivier and his team now also more easily ensure compliance. At a glance, they can see how much of each type they have, where data resides, and the regulatory requirements to which they correspond.

 

Read the latest on sensitive data risk management

Data governance best practices
Data Governance: Best Practices For Your Team
Data access governance
What is Data Access Governance?
qohash qostodian recon logo
Qohash Announces Major Update to Qostodian Recon's Scan Engine
Logo Qohash
By initiative
Regulatory compliance:
Find, classify and inventory all sensitive data, across every data source
Data breach prevention:
Monitor sensitive data 24/7, track data lineage, and enforce policies at endpoints
Microsoft 365
One easy-to-use platform to secure sensitive data on Windows workstations and M365
By regulation
GDPR
CCPA
GLBA
VCDPA
NYCRR
UCPA
PCI-DSS
CPA
Law 25
Why Qohash
Defy legacy limitations
What our customers say about us

Contact us​