Powertech Security Auditor Helps CDW Automate Regulatory Compliance Requirements


CDW is a leading provider of technology solutions for business, government, education and healthcare. Founded in 1984, CDW features dedicated account managers who help customers choose the right technology products and services to best meet their unique needs.

The company’s solution architects offer expertise in designing customized solutions, while its advanced technology engineers assist customers with the implementation and long-term management of those solutions. Areas of focus include software, network communications, mobile devices, data storage, video monitors, desktops, and printers, and solutions such as virtualization, collaboration, security, mobility, data center optimization and cloud computing.

A just-in-time inventory model and two state-of-the-art distribution centers allows CDW to provide the latest technology with fast and accurate delivery. Approximately 2,000 custom-configured systems are shipped daily. CDW holds ISO 9001 and 14001 certifications. 

The Challenge: SOX Compliance Requirements

Faced with regulatory compliance requirements on their IBM i platform and reduced staff to address the challenge, CDW turned to Policy Minder for automation of security policy enforcement.

Bill Schalck said, "We were spending a lot of time and effort on SOX audit processes. Most of the work was manual. The procedures that we documented involved multiple steps covering a wide number of categories and parameters. Combine that with a development environment that didn’t mirror our production from a security perspective, and we were spending a lot of time working through security concerns each time we updated production code." 

The Solution: Cyber Security Automation with Powertech Security Auditor

After attending a webinar, CDW turned to Security Auditor for a solution to help develop automated and disciplined processes to meet their challenge in an effective way. 

"We implemented Security Auditor to enforce several of our SOX audit processes,” said Schalck. “Our SOX processes included items such as user profile deactivation and deletion due to inactivity and enforcing user profile setting policies. We also needed to monitor various libraries, objects, IFS locations, and system values to ensure they are not changed outside our standard change control methodology. We had to ensure our change control software always applies the correct settings to objects moved to our production environment.

"The results are exactly what we were looking for. Our enforcement is now automated and we don’t have a lot of tedious checking to do. We just look for the exceptions that Security Auditor identifies and address any issues quickly," Schalck explained.

"We also recently started using Security Auditor in our application development environment. This is to ensure all objects being tested comply with the same security settings as our production system. In the past, we would occasionally find security defects in applications only when they were moved to production, because our development system did not enforce the same security settings."

The Results: Easier Compliance with Less Effort

Security Auditor has been essential to reducing the time CDW spent on mundane but necessary processes. Not only has Security Auditor automated processes, reducing the time involved with compliance, it has also provided reports as proof to the auditors and to the systems admin team that the users and system continue to be configured correctly. Security Auditor automates security policy compliance and delivers comprehensive security administration functionality, reducing the hours of labor intensive analysis required in the compliance process. 

"We are complying with our SOX processes and enforcing our security policy," Schalck said. "With the implementation of Security Auditor in development, we are finding security defects much earlier in the development process. The bottom line is that Security Auditor is saving us time and money." 

Let's Get Started

See for yourself how Security Auditor can save time, enhance security, and make compliance reporting easier.  Request your demo today.