ACCESS AUDITS

Be ready for user access audit any day.

Problem

It’s easier for a single system, but try auditing access for a team or a business process across multiple applications.

Typically, it’s almost impossible to find all the inter-dependencies among the systems and services a user may have access to. As a result, application owners are in the unenviable position of signing off on compliance audits, with an incomplete understanding of access and the associated risks.

The reality is that the compliance burden isn’t reducing, so organisations need to find smarter ways to get the job done.

‘With a small infrastructure team and a growing compliance burden, we wanted to help the business understand access in a way that made compliance visible’ says the security lead for a midsize financial services company that now uses RightCrowd IQ.

A combination of Board level security awareness and growing audit scrutiny prompted the organisation to address the issue. ‘There was no tracking around who had access to what and every audit provided another set of surprises. We wanted to get past this scenario once and for all.

The organisation had previously used home-grown and manual control processes that were proving unwieldy in a growing company, with a complex environment. ‘Everything we did was time-consuming and labor-intensive. Our goal was to not only improve compliance but achieve it with a step-change in efficiency’.

Solution

RightCrowd IQ is focuses on auditing and analysing who has access to your systems and critical information. Users can instantly assess the health of access compliance across your business and quickly determine where further investigation or remediation is required.

RightCrowd IQ was deployed to provide four primary capabilities:

  1. Simplify data collection – automating the collection and correlation of access rights data from disparate sources
  2. Visualize access rights – so that team leaders and applications owners can see who has access to what
  3. Keep compliance relevant – leverage real-time data to make more effective decisions
  4. Improve audit outcomes – actively manage the process of access reviews and demonstrate the resulting improvement

Benefits

The real benefit to the organisation was the mindset shift that came from making compliance visible. Application owners and team leaders were able to see problem areas and devise their own ways to improve outcomes.

The other benefits of RightCrowd IQ included:

  • Audit efficiency – automating the collection and correlation of access data, reduces the direct overhead attributable to compliance
  • Visualize risk – so that team leaders, applications owners and leadership could see problem areas and understand the cause
  • Improved decisions making – real-time access right data to make more effective decisions
  • Improved audit outcomes – actively demonstrate to auditors and the Board that critical compliance issues are being managed