The client is an american credit rating agency and is one of the “Big Three credit rating agencies”, the other two being Moody’s and Standard & Poor’s. It is one of the three nationally recognized statistical rating organizations (NRSRO) designated by the U.S. Securities and Exchange Commission in 1975.
Customer Need
The client had effective change control and the ability to manage configuration, semi-annual audits would nonetheless uncover unexpected drift from their configuration baselines, which is based on the center for internet security benchmarks. Most times, the drifts when investigated, were discovered to be the result of known updates. Development and infrastructure and operations teams would inadvertently modify the configuration to support required changes without realizing those changes would be in conflict with compliance rules.
While the audits would discover the compliance drifts prompting subsequent remediation, the effort to perform the audits was large, and the time between when a change was made and when the audit would uncover the drift from baseline represented a risk our customer needed to reduce.
Solutions Provided
To minimize the risk due to compliance drift, our customer subscribed to the continuous compliance program offered by Innova , a leading provider of IT managed services. Leveraging the UpGuard core technology platform, Innova provided our customers with the rapid deployment of the platform complete with integration into their CMDB and ticketing systems to automate the discovery of new assets, ensure those assets are in compliance, as well as ensure any compliance violations are immediately escalated and tracked.
Innova then worked with our customers to integrate into their monthly patch management process for automated change validation. Every month, the client reviews new patches and defines the patches to be implemented on systems. Innova then uses that information to update policy definitions and programmatically detect whether assets have been fully updated and are compliant with the new policy.
Benefits / Results
The Continuous Compliance program has allowed our customer to gain clear visibility into the state of compliance against the CIS benchmarks for network, server, workstations as well as configuration settings for cloud service such as AWS. It has put our customers in a position where any configuration drift is quickly detected and then quickly remediated, helping to prevent security vulnerabilities and minimize the risk of inadvertent changes.
Because this is a managed service, our customer has achieved higher levels of compliance without making large investments in new resources to install, configure, and operate the underlying technology and implement the policies. The solution allows our customer to keep their focus on their core value, including policy definitions, and deliver the desired outcomes.
You have a dream?
We have a way to get you there.
Let’s connect and see how we help companies just like yours.
