AdvisoryFinancial ServicesClient Story

Verifying Internal Access and Control Configurations for Data Loss Prevention

Data loss as a result of privilege misuse is a frequent security incident across all companies. A financial services Client wanted to ensure that their internal access and control configurations were appropriate. Our Client also required validation that their data loss prevention tools were optimally configured.
Read our other Financial Services Client Stories.

Improving internal access control for application security
Financial Services

Practice Areas
  • Configuration Review

Our Client’s Challenge:

  • Account privilege misuse is one of the most frequent security incidents experienced by organizations across all industries. Irrespective of whether data loss is intentional or accidental, employees will always need to have access to sensitive corporate data as a requirement to do their jobs.
  • Our Client wanted to verify that internal access controls and configuration for employees were implemented at an appropriate security level. Ensuring employees did not have over-privileged access to sensitive information, while balancing job needs was a big challenge.
  • The Client also wanted to ensure that their data loss prevention tools were optimally configured and that additional safeguards were in place to prevent permanent loss of critical data.

Our Approach:

  • Security Compass was provided access to the corporate environment as an employee would to review the level of access granted to applications, services and systems. Configuration of data loss prevention tools was also verified.
  • We worked with the Client to understand and review the default privileges for major roles in the organization and the reasons they were assigned. This helped us factor in business context for recommendations that would be provided as output for this engagement.

The Result:

  • Security Compass helped our Client confirm the effectiveness of their data loss prevention tools, optimizing configuration and reducing the risk of potentially sensitive data leaving the organization, without our Client’s knowledge.
  • We were able to verify that account permissions and privileged access to documents were appropriate for our Client’s employees to carry out their jobs effectively, while protecting sensitive corporate data across the organization.
Our Client was able to confirm the effectiveness of data loss prevention tools, optimize configuration, verify that account permissions were appropriate, and minimize the risk of sensitive data leaving the organization without the Client’s knowledge.

Back to Client Stories

Our Advisory services team has more than a decade of experience focused on Application Security. We take a flexible approach to your strategic security problems.

Whether you are a global enterprise looking for advice on security strategy and governance, a major financial seeking support on regulatory compliance and penetration testing activities, or a startup looking for high quality assessments to give customers assurance for your business, we're here for you.

Our credentialed professionals are experts in how to break applications and fix code, who take pride in helping you succeed in your Secure SDLC and Secure DevOps programs. Contact us today to learn how we can help solve your organization’s application security challenges.