Resolving Audit Failures: Strengthening Data Access Controls

In one of the largest investment banks in the world, a high visibility audit revealed inappropriate access to project and application shares. Board-level stakeholders were made aware of the failed audit and the severity of the findings required immediate remediation of the access control issues.

DOWNLOAD

The Challenge:

A global investment bank failed a high-visibility audit when inappropriate access was discovered across project and application shares. Internal tools proved ineffective, covering only a fraction of the data estate and leaving major blind spots. Key challenges included:

  • Incomplete and inaccurate data collection: With both legacy and modern storage systems in play, the bank struggled to gather consistent and accurate information.

  • Complex and varied use cases: Permissions were inconsistent across parent and child folders, open access was buried deep within directory structures, and stale data persisted across shares.

  • Lack of clear ownership: Conflicting or missing ownership records made it nearly impossible to assign accountability to specific business areas.

  • Challenging owner outreach: Sensitive areas of the bank, including investment banking and HR, required careful communication strategies, while other departments needed faster, more aggressive campaigns.

  • Delayed remediation and compliance risks: Manual processes introduced bottlenecks, often causing delays between ownership validation and permission changes.

 

Featured-Image-_-Sphere-CS-_-Resolving-Audit-Failures_Strengthening-Data-Access-Controls