Over the last 8 months or so, Movere has undertaken the massive project of becoming SOC 2 certified. What this means for our partners and our customers is that we uphold the highest integrity for the data that Movere scans and stores and we have intensive protocols in place to protect that data from risk. The process was long, tedious, and filled with consistent opportunities to learn more about the intricacies of security.
But, we also had a major advantage that many organizations don’t – we had Movere. Movere is able to scan an environment and pin point areas that could be deemed security risks, gaps, or otherwise red flags. So, what better product to use when working to get Movere SOC 2 certified, than Movere!
Here are some of the areas that we used Movere to highlight during our own security auditing:
As in most organizations, you have users and those users have computers, and connect to the Internet, and access applications, and sign into things, and so on and so forth. Movere is able to identify systems owners and primary users, figure out who is accessing systems that maybe should not be, and is able to identify devices that may not be company issued. Movere can also confirm that users that are no longer with an organization have been accurately disabled from accessing accounts. This opened up many areas for the UL team to clean up accesses and lock down security.
Movere has the ability to label devices and user accounts. By referencing those labels, it’s incredibly simple to identify what each resource is for, no matter what angle you’re looking at it from.
Data Completion and Accuracies
Movere was tremendously helpful in validating the completeness of user data i.e. title, department, employee/contractor number, city, state and country etc. to ensure we had the most up-to-date information across the organization.
Identifying High Priority Cloud Systems
As one of the SOC2 security protocols, anything that has physical access needs to follow certain security requirements, such as location security, cooling, UPS, cameras, etc.. But, instead of worrying about physical access, Movere highlighted those systems that were excellent candidates for migrating to the cloud. With that, we were able to close our datacenter locations for those production systems and alleviate additional security protocols that we would have to manage.
This data point was hugely valuable in terms of identifying accounts being used and which domain settings should not permit access to. It also helped identify a Password Setting Object (PSO), also referred to as fine-grained password policy created by an admin so that they could use a regular account without having to reset its password in accordance with domain policy as they didn’t want to wait for a service account to be created via the approved process.
Office 365 Passwords
When was the last time you checked that all your users had reset their Office 365 password in the last 6 months… how about the last year…. how about the last 2 years? Movere will show the date of last password resets and can potentially identify those users who have been signing in with the same password for years. Plus, Movere alerted us to Office 365 users not resetting their passwords in accordance with UL policy because their Mac was not join to our domain as Office 365 defaults back to PasswordNeverExpires = TRUE when the user resets their password.
Things We Weren’t Aware of
- Identification of undocumented subnets
- Low disk space impacting logging term requirements
- User Account Control (UAC) analysis to identify elevated accounts
- Services running on devices that should not be present
- Service accounts that aren’t being used anymore and can be deleted. (We went from 22 service accounts down to 7)
- Vendor relationships and the sheer volume of publishers and products running in our environment
- Confirmation that sensitive databases were only residing on the SQL Server(s) they are meant to reside on
- Confirmation of high availability configurations, specifically SQL clusters and Availability Groups
- Using actual resource consumption data to review log events
- Identification of the connections being made both to systems and databases
- Identification of user accounts created exclusively in Office 365/Azure AD to bypass domain policies. This helped us identify several shared mailboxes that we were not being tracking and were not attached to specific individuals
- Identification of account and password information being stored in description fields in Active Directory and vCenter
With our SOC2 certificate just about in the mail, we’ve wrapped all of our learnings into new ways our partners can help their customers ensure they know their security risks, they can identify potential gaps, and ensure a tightly run ship.