FINRA Gets Compliant + Keeps Auditors Happy with Security Configuration Management

FINRA (the Financial Industry Regulatory Authority) is an American securities regulator that creates and enforces rules for registered brokers in the U.S. With a host of security expectations to meet in their own IT, they chose Puppet for dependable, up-to-date desired state configuration management to stay ahead of the always-changing security landscape.

Benefits of Using Puppet:

Moved from 60% to 98% compliance

with security configuration management.

Satisfied internal + external policies

for IT compliance.

Quickly adapts + responds

to an ever-shifting compliance landscape.

Challenge: Enforcing Continuous Compliance + Keeping Regulators Happy

FINRA needed to ensure consistent, auditable directory permissions, role assessment, and more for their IT systems. What’s more, the security team knew that the rules change day to day as frameworks, standards, and benchmarks evolve in response to new security threats.

Fortunately, they knew that the power of a great configuration management tool could help them reach and maintain compliance. “Compliance is nothing more than configuration management," said Peter Magnaye, Director of Systems Engineering & Operations at FINRA.

Results: Greater Security + Better Compliance Scores

“[Puppet] allows us to rapidly roll out ... any new security compliance configurations imposed upon us by our information security team as well as our external regulators.”

Peter Magnaye, Director, Systems Engineering & Operations at FINRA

After being “stuck” at a 60% compliance score, FINRA chose Puppet for their security configuration management. They’ve realized numerous benefits since instituting Puppet:

  • Achieved 98% compliance with security policies
  • Maintains compliance with internal policies and external frameworks
  • Enforces security configurations that maintain and manage compliance in complex IT
  • Proves compliance to both internal stakeholders and external auditors
  • Stays current with the ever-changing landscape of security and compliance

Puppet Secures + Supports Critical Infrastructure

With solutions for identifying configuration drift, enforcing desired state, and aligning baselines to common standards, Puppet users achieve compliance faster to stay secure with less manual effort. Find out more about Puppet’s security and compliance solutions.

COMPLIANCE ENFORCEMENT   SECURITY CASE STUDIES