Seeking Compliance with STEALTHbits

New Compliance Initiative

When the Network Security Administrator at a liberal arts college in the Northeast learned the college was implementing a PCI compliance effort, he knew one of the major requirements imposed on his team would be scanning their network for all credit card information in unstructured data files. The primary concern was identifying “P-Card” numbers that existed in the expense reports. A P-Card is short “Purchasing Card”, a means of enabling employees to make purchases without relying on the traditional purchasing process.

Legacy Expense Reports

The Network Security Administrator was most concerned about legacy documents exposed on the network. “Faculty and staff historically would submit expense reports, and those reports included the P-Card number,” he explained. “That's no longer the case, but we have all those old expense reports all over our expansive network, and we needed to find them all for PCI compliance, not to mention good security practice.”

Enter StealthAUDIT

The College turned to STEALTHbits and its StealthAUDIT product to find all the P-Card numbers in all the network's nooks and crannies, mostly Discover and American Express credit cards. The StealthAUDIT product includes several out-of-the-box “Regular Expressions”, or built-in common sensitive data formats (e.g. credit card numbers, social security numbers), and Discover and American Express card numbers are of two of StealthAUDIT's standard formats. So, StealthAUDIT could be begin finding sensitive data with no modification by the College's IT people. Added our Network Security Administrator, “StealthSEEK has been a great tool for us.”

Recommendation

As a result of his experience, the College's Security Administrator has recommended STEALTHbits to a colleague at a neighboring Northeast liberal arts university.

On to Data Access Governance

After their highly successful deployment of StealthAUDIT, the College is now turning to STEALTHbits to help them understand, manage, and control access to their file shares and other unstructured data. They are currently deploying StealthAUDIT for Active Directory to clean up stale accounts and reorganize AD Group structures. “In this case, there's no specific compliance requirement,” noted the College's Network Security Administrator. “We are driven by best practices, and we know we have a very large number of stale accounts. We want the right people in the right groups to have the right access, and eventually have the data owners manage access without involving IT. STEALTHbits can give us the actionable tools to do that.”


In Brief:

  • Liberal Arts College located in Northeast US

  • About 2,500 students

  • Initial need driven by PCI compliance initiative for credit cards used by faculty and staff

  • Use StealthAUDIT to find all documents with credit card numbers - mostly legacy expense reports that listed card numbers

  • Launching unstructured data access governance effort using StealthAUDIT for Active Directory and Data Access Governance

  • Will eventually use AIC to enable self-serve data access management

Quotes:

  • “StealthAUDIT has been a great tool for us.”

  • “STEALTHbits give us actionable tools”