STEALTHbits Relieves Bank’s Compliance

New Audit Requirements

A Bank in the MidWest has a Lead Security Engineer, and she had a problem. She was one of the people charged with satisfying the new audit requirements imposed by the OCC, the government agency tasked with regulating all US national banks and federal savings associations.

Unstructured Data Sprawl

Her challenge was that her bank’s 2,000 employees create and share a lot of unstructured data (documents, spreadsheets, presentations, etc.), and it was all over the place. “We had unstructured data anywhere and everywhere, and had to know who had access to what, not only for the auditors, but also for our own security,” she explains.

StealthAUDIT to the Rescue

In short, she needed a tool to help get her file server structure under control, and STEALTHbits’ StealthAUDIT platform was just what the doctor ordered. “Nothing like StealthAUDIT was in place before the compliance requirements came along. I don’t know how we would have done it without STEALTHbits.”

STEALTHbits Stands Out

She and her team looked at a few products before settling on StealthAUDIT. “STEALTHbits really stood out because it does so much more than just file and folder permissions. We can pull data from SQL, or understand system admin rights, and even read information from a text file from a 3rd-party application. And we can just check a box to remove the people that need to be removed. Plus, the Exchange piece gives us a report on who has access to what mailbox and send-as permissions. It really is a great product.”

Not Just for Audits Anymore

Her Bank has now used StealthAUDIT for 3 years, and over that period, found value in the product well beyond the initial audit/compliance uses. “We use it often for simple requests like ‘who’s in a group’, for example, or even to check laptop encryption status. There are just a lot of uses.”


In Brief:

  • MidWest US Bank

  • 2,000 Employees

  • Subject to OCC Regulations

  • OCC—Office of the Comptroller of the Currency

  • StealthAUDIT to Assist in Satisfying Audit Requests

  • Using the AIC (Access Information Center), SA for Exchange as well

  • Use the product for daily operational needs: who’s in a group, check laptop encryption status

Quotes:

  • “I don’t know how we would have done it without StealthAUDIT.”

  • “There are just a lot of uses.”

  • “It really is a great product.”