Stevie Awards

Search our sites

Search past winners/finalists

Learn about the other Stevie Awards Competitions
  1. Home
  2. Bank of America, Charlotte, NC: Enterprise Platform Automation Service (EPAS)
Arrow

  • MESA logo
  • SATE logo

Bank of America, Charlotte, NC: Enterprise Platform Automation Service (EPAS)

Company: Bank of America, Charlotte, NC
Company Description: Bank of America is one of the world’s leading financial institutions, serving individual consumers, small and middle-market businesses and large corporations with a full range of banking, investing, asset management and other financial and risk management products and services.
Nomination Category: New Product & Service Categories - Business Technology
Nomination Sub Category: Infrastructure as a Service
2022 Stevie Winner Nomination Title: Bank of America Enterprise Platform Automation Service (EPAS)

  1. Which will you submit for your nomination in this category, a video of up to five (5) minutes in length about the nominated new or new-version product or service, OR written answers to the questions for this category? (Choose one):
    Written answers to the questions
  2. If you are submitting a video of up to five (5) minutes in length, provide the URL of the nominated video here, OR attach it to your entry via the "Add Attachments, Videos, or Links to This Entry" link above, through which you may also upload a copy of your video.
     
  3. If you are providing written answers for your submission, you must provide an answer to this first question: If this is a brand-new product, state the date on which it was released. If this is a new version of an existing product, state the date on which the update was released:

    Oct 1, 2021

  4. If you are providing written answers for your submission, you must provide an answer to this second question: Describe the features, functions, and benefits of the nominated product or service (up to 350 words):

    Total 343 words used.

    The Enterprise Platform Automation Service (EPAS) has transformed what was a highly manual non-production server patching process into a fully automated, change-managed server patching lifecycle process that has effectively reduced variance and improved security compliance. EPAS was developed completely in-house and provides a comprehensive automation framework that is exclusive to Bank of America. The EPAS solution combines vulnerability identification and complex reservation and scheduling systems that incorporate a variety of bank controls and operational rules to schedule servers for patching. The net results are limited risk to software applications and services, and much higher patching success rates as compared to the previous manual patching process.

    EPAS end-to-end automation process:

    1. Vulnerability detection and mapping – EPAS uses a variety of vulnerability scanning and infrastructure detection systems to identify vulnerabilities and map them to hosting environments.
    2. Patch scheduling – Provides a variety of scheduling methodologies based on what type of patching is needed

    All of the above methodologies adhere to a set of operational rules, information security policy and infrastructure standards, as well as predefined maintenance windows in the proprietary algorithm, to properly schedule a hosting environment for patching while minimizing risk. The critical advantage of EPAS is that it incorporates all the necessary guardrails via automated scheduling and reduces/eliminates manual patching and reduces risk to the environment. By decreasing the possibility of human error, automated patching capability has reduced outages and mitigated risk to the environment

    c. Change lifecycle management – Automation creates the required change record and manages it through its lifecycle, including approvals, reviews, updates and closure.

    d. Patch execution – During a change window, multiple methods can be implemented based upon operating system and unique configuration of server environment. This eliminates the need to hard code patches every time a new version is introduced and the system automatically adapts to each new configuration.

    The ultimate benefit is that a patching event that previously required a significant manual process, now occurs automatically –  NO TOUCH. Currently, there is no known equivalent 3rd party solution available in the marketplace and patent submission is in process.

  5. If you are providing written answers for your submission, you must provide an answer to this third question: Outline the market performance, critical reception, and customer satisfaction with the product or service to date. State monetary or unit sales figures to date, if possible, and how they compare to expectations or past performance. Provide links to laudatory product or service reviews. Include some customer testimonials, if applicable (up to 350 words):

    Total 55 words used.

    Our stakeholder states: One full headcount is needed to support 2,000 servers. Currently, the bank patches 100K+ servers, which would normally have required 50 headcount. EPAS has freed these resources to focus on higher-risk items, higher-complexity patching, and more tactical patching projects, resulting in a cost savings of more than $5 million per year.

  6. You have the option to answer this final question: Reference any attachments of supporting materials throughout this nomination and how they provide evidence of the claims you have made in this nomination (up to 250 words):

    Total 32 words used.

    • [REDACTED FOR PUBLICATION]
Attachments/Videos/Links:
[REDACTED FOR PUBLICATION]
PPTX [REDACTED FOR PUBLICATION]