SecurEnds: Are you ready for Access Review Audit?
2020-05-28 20 Technology
SecurEnds is leading the market with its lightweight, highly configurable and industry first flex-connector product that keeps companies secure while meeting audit and compliance requirements.
One of the biggest issues that auditors discover is that application users are granted inappropriate access. This is due to multiple reasons. Most employees ask for more access than they need to do their job thus leading to excessive privileges. A typical product or service company is in a mad rush to innovate and deliver newer products and services. Unfortunately, often times in hate to meet project timelines, managers lax the . Most often than not these mistakes are attributed to manager’s lack of understanding of organization policies and procedures rather than willful omission.
Cloning new employee’s user access after another employee is another anti pattern. Say Jenna, a new hire, has her access modeled after Jody, who has been in the company for ten years. Unless Jody’s privileges have been right aligned to her current role, Jenna will have .
Poorly designed roles can also lead to access issues such as too much or too little access being granted. Roles should be aligned with business processes rather than specific users or jobs. Auditors have found situations where contractor is assigned a role which should be only ready only. However, as a part of the , this role was found to have write capabilities as well.
Below are few leading practices from Auditor’s point to view to help organizations implement better security, efficiency and compliance.
Author Signature :
SecurEnds is an information security company headquartered in Atlanta, Georgia which helps to reduce security risk and costs by automating identity governance & access control. ..