The client is an American credit rating agency and is one of the “Big Three credit rating agencies,” the other two being Moody’s and Standard & Poors. It is one of the three nationally recognized statistical rating organizations (NRSRO) designated by the U.S. Securities and Exchange Commission in 1975.

Customer Need

The client had effective change control and the ability to manage configuration, and semi-annual audits would uncover unexpected drift from their configuration baselines based on the center for internet security benchmarks. Most times, the drifts, when investigated, were discovered to be the result of available updates. Development and infrastructure and operations teams would inadvertently modify the configuration to support required changes without realizing those changes would conflict with compliance rules.

While the audits would discover the compliance drifts prompting subsequent remediation, the effort to perform the audits was large, and the time between when a change was made and when the audit would uncover the drift from baseline represented a risk our customer needed to reduce.

Solutions Provided

To minimize the risk due to compliance drift, our customer subscribed to the continuous compliance program offered by Innova, a leading provider of IT managed services. Leveraging the UpGuard core technology platform, Innova provided our customers with the rapid deployment of the platform complete with integration into their CMDB and ticketing systems, to automate the discovery of new assets, ensure those assets comply, and ensure any compliance violations are immediately escalated and tracked.

Innova then worked with our customers to integrate into their monthly patch management process for automated change validation. Every month, the client reviews new patches and defines the patches to be implemented on systems. Innova then uses that information to update policy definitions and programmatically detect whether assets have been fully updated and are compliant with the new policy.

Benefits / Results

The Continuous Compliance program has allowed our customers to gain clear visibility into the state of compliance against the CIS benchmarks for network, server, workstations, and configuration settings for cloud services such as AWS. It has put our customers in a position where any configuration drift is quickly detected and then quickly remediated, helping to prevent security vulnerabilities and minimize the risk of accidental changes..

Because this is a managed service, our customer has achieved higher levels of compliance without making large investments in new resources to install, configure, and operate the underlying technology and implement the policies. The solution allows our customer to keep their focus on their core value, including policy definitions, and deliver the desired outcomes.

You have a dream?

We have a way to get you there.
Let’s connect and see how we help companies just like yours.


    Innova Solutions

    Stay resilient and keep moving forward during Covid 19

    We are here for you. Through response, recovery, and mitigation strategy,
    our teams around the world are ready to be with you every step of the way.