Compliance is non-negotiable
Post by Glenn Folkes, Regional Sales Director
In modern organizations, Compliance is a non-negotiable, and not surprisingly it’s often driven by historical procedures and entrenched processes. In this scenario decision-makers need a solid business case to change practices.
Knowing how other businesses have justified the leap can be a big help. That’s why we spoke to our clients to find out what drove their organization to use RightCrowd IQ, and capture the advantages it has bought them.
1. Cost Reduction
“The time and resources our business invests in maintaining Compliance has a direct bottom-line impact. If there is an opportunity for us to improve compliance outcomes at a lower cost, we should be investigating that.”
– Infrastructure Manager
The complexity of any modern IT environment means that a large business will have a collection core applications, legacy systems, in-house applications, security groups or physical security systems, that can be time consuming just to extract basic data from.
The collection and correlation of that data across systems, roles, teams or control scenarios can get complex quickly. Even with basic automation in place it, it can take weeks to collect information.
With staff changes and turnover, opportunities for improvement are often missed. Simply put: the time and money spent on data collection and reporting could be spent adding value to the business.
Automating user access data collection and correlation eliminates these costs and saves money overall through greater efficiency and better resource utilization.
“In building our business case we looked at:
- The number of systems
- The total time data collection took per system
- Cost of the resources involved (because there was often more than 1)
Even at a ball-park level we could see the cost of continuing with business-as-usual was significant, so looking at that versus the cost of the software gave us a solid starting point.”
– Infrastructure Manager
2. Risk Mitigation
“Why is it that almost anyone can tell you the average cost of a data breach, but no-one can tell you who has access to their critical systems and information today?”
– IT Auditor
It all comes back to the same basic issue: user access changes everyday, yet it can take weeks to accurately collect and correlate that vital information even for a single system.
It means the user access data that application owners review is almost always out-of-date. And the decisions they make around risk, security and compliance are ineffective.
Automation can provide a remedy by configuring and standardizing reporting across core applications, legacy systems and cloud infrastructure. It also helps to prevent issues caused by human error or rogue scripts that might otherwise go unnoticed.
“If your application or information is critical to your operations, you need to think differently about how you effectively manage the risk of inappropriate access.:
- What’s the criticality of the application or information?
- How often can you accurately review and revoke user access? (How long are you prepared to be owned?)
- What’s the cost of the breach?
- Reputational damage
- Contractual penalties
- Customer churn
It really forced us to look at the problem through a different lens.”
3. Productivity Boost
“It stands to reason, that if you can be more efficient then you have time to look more deeply or cover more systems. We took the opportunity to extend our compliance activities across legacy and in-house applications, with no extra resources required.”
– Security Director
Teams preoccupied with maintaining legacy systems don’t have the time or flexibility to adapt to rapidly changing risks or security threats.
RightCrowd IQ takes away many of those time-consuming tasks, allowing infrastructure teams to extend their user access compliance activates with minimal effort.
“We improved our agility and responsiveness to audit and compliance requests. Overall we achieved a 95% reduction in the total effort required to deliver tailored user access reporting for our critical applications.”
4. Compliance Outcomes
“If your organisation has improved it’s compliance outcomes, then its highly likely you’ve improved work practices and your security posture at the same time.”
Up-to-date user access data changes the Compliance conversation. When application owners trust the data, they can see the decisions they are making are real. And if they revoke access and it reappears, it forces them to investigate ‘why?’. Business processes get changed along the way, and compliance improves.
“Just by comparing the compliance status between different applications, we could see the differences in the way teams approached the issue. By slowly making user access compliance visible, we were able to improve practices.
We were able to change our conversations with our external auditors along the way, by having the evidence to show how we were improving control of our environment”.