Building a Wall Around Open Shares

All of us are familiar with the Great Wall of China, but very few understand the “Chinese Wall,” a regulatory concept designed to separate the activities of a commercial bank from an investment bank. More specifically, the Chinese Wall separates a commercial bank’s “underwriter” from an investment bank’s “analyst.” The underwriter uses highly proprietary information provided by a bank’s customer to determine the customer’s credit worthiness, while the analyst uses publicly-available information to rate a company’s stock price and recommend its purchase or divestiture. Separating those two functions in banks that conduct both commercial and investment lending operations is an important aspect of multiple regulations, including Sarbanes-Oxley and the Volcker Rule, part of the Dodd-Frank act (January 2012).

One large global bank with both commercial and investment banking operations built their required Chinese Wall, but discovered an obscure, but common, hole in that wall: open shares. Proprietary information on a commercial banking customer was discovered on an open access SharePoint site, meaning any Bank employee could access the customer’s proprietary information…including the analysts in the Bank’s investment banking operation. “That’s precisely the kind of information the regulations are designed to keep separate,” explained Patrick Conlon, STEALTHbits Director of Professional Services. “And until it happens, large banks like this one don’t appreciate how easy it is for sensitive information to end up mistakenly on an open access share.”

The Bank was able to find servers with open shares using some basic tools, but they needed a much deeper and sophisticated open shares data view. Added Patrick, “their objective was an ‘issue fixed’ remediation, not simply ‘issue identified and notified.’ That required the kind of advanced toolset and expertise STEALTHbits brings to the table.”

STEALTHbits’ Professional Services Team deployed its StealthAUDIT product suite, and specifically targeted the servers the Bank had identified as housing open shares. Collecting file share permissions data on the target servers and combining it with data from the StealthAUDIT Active Directory Inventory module, the Professional Services team was able to identify how the open share become open in the first place, who was the likely owner of the share, and which users has specific permissions on that share (read/write/delete).

The global footprint of the Bank created the principal challenge for the Professional Services team. “With datacenters and operations all over the world, it would be nearly impossible for us to run our scans from individual consoles simultaneously as our architecture required at the time,” explained Patrick. “So we developed proxy scanning specifically for this customer, and that’s now a standard part of our StealthAUDIT product offering.”

In addition to the technology, the Bank leveraged the Professional Services Team’s workflow expertise, implementing an open shares remediation process based on the data and analysis returned by STEALTHbits’ product suite. “The Professional Services Team shines most brightly when we have a customer interested in remediating a security problem,” summarized Patrick. “Some customers are looking to check a compliance box, but this Bank wanted to fix a serious problem, and we love getting our hands dirty under those circumstances.”


In Brief:

  • Leading International Bank

  • Tens of thousands of employees

  • Commercial and Investment Banking Divisions

  • Information forbidden from being shared between the two divisions was found on an open share

Quotes:

  • “Some customers are looking to check a compliance box, but this Bank wanted to fix a serious problem.”

  • “We developed proxy scanning specifically for this customer, and that’s now a standard part of our StealthAUDIT product offering.”