City of Plano Gains Full Control over Regulated Data to Comply with CJIS, PCI DSS and HIPAA
It is a relief to have a product that provides such a holistic view across the environment. We have unstructured data everywhere — SharePoint, OneDrive for Business, Nutanix Files — and the Netwrix platform monitors all of it. You cannot do that manually. As a security guy who is responsible for compliance and security of the entire organization, I can state that the Netwrix solutions are invaluable and make my job much easier.
Chris Edwards, Enterprise Architect & Security Manager, CISSP,
City of Plano
- It was impossible to manually find regulated data (CJI, PHI, credit card numbers, etc.) across SharePoint, Office 365, OneDrive for Business and Nutanix Files. Lack of insights into this data hindered the IT group from reducing the risk of a data breach effectively.
- Native tools could not provide an accurate audit trail for CJIS, PCI DSS and HIPAA audits, and the city didn’t have enough funding to support the manual audit preparation workload.
- Finally, the IT group wanted to generate more detailed audit reports to apply for a Department of Homeland Security grant that supports city governments in protecting against cyberattacks.
Netwrix Auditor is an invaluable product for investigations because it provides comprehensive information on user activity with who-what-when-where details — all in one platform. It saves us so much time in doing our job.
Chris Edwards, Enterprise Architect & Security Manager, CISSP,
City of Plano
After evaluating several products, Chris Edwards, Enterprise Architect and Security Manager for the City of Plano, found Netwrix Auditor and Netwrix Data Classification to be the best fit, due to their ability to quickly and accurately categorize regulated data and their support for Nutanix Files, which is a critical part of the city’s IT infrastructure.
- Reduce overexposure of regulated data. Netwrix Data Classification enables the city’s IT team to discover where regulated data is and act upon the results. For instance, they can tighten access permissions to particular files and purge duplicates. Chris is planning to use the platform to create workflows that move data with sensitive information to a quarantine location, as well as to establish additional policies so end users know the guidelines for working with different types of data.
- Improve detection of malicious activity. Netwrix Auditor alerts the IT group about suspicious events, such as administrative-level changes, attempts to access critical folders or the deletion of sensitive files, which could indicate a compromised account or malicious insider. The team can promptly respond to the incident, for example by reverting an improper change, and make sure it doesn’t create a security risk.
- Ensure ongoing compliance. The city is in a perpetual state of audit, so Chris said it was a relief to have a complete audit trail available, so the city can demonstrate CJIS, PCI DSS and HIPAA compliance. Having an accurate and complete audit trail in place will also help them qualify for the grant from the Department of Homeland Security.
- Optimize IT operations. Netwrix Auditor also helps the IT group quickly find missing files, conduct investigations, respond to user lockouts, and report on the activity of specific users as part of internal audits. By automating these tasks, the solution enables the IT group to focus on more strategic areas, such as data security and regulatory compliance.
- Improved data security
- Mitigated risk of insider threats
- Ensured compliance with CJIS, PCI DSS and HIPAA
- Optimized IT workload
Plano is the ninth most populous city in the U.S. state of Texas. Its IT department is responsible for supporting all the applications and services used by the city’s ~3,000 employees in 67 units, such as police and fire departments, public safety communications, parks and recreation, and public libraries.