ONGOING REGULATORY COMPLIANCE  BURDEN

Achieving Regulatory Compliance is non-negotiable for many organizations.

Problem

A growing regulatory compliance burden has made certifying user access to corporate applications a critical task in today’s enterprise. “We’re not subject to a single set of regulations, we need to comply with ISO27001, SOX, PCI DSS and APRA. So it’s not a once a year activity, and compliance now carries a constant and increasing load’ noted this Systems Administrator for a Financial Services company.

Unfortunately, these projects relied on time-consuming manual data collection processes, and spreadsheets. For this organization, this meant access reviews weren’t performed on up-to-date user access data or with the frequency required by the risk profile of the application.

In addition to compliance concerns, the threats of unauthorized access and data theft created a need for a more efficient, automated access review process. ‘Our environment is complex and not everything is connected to the IDM, so we needed a flexible tool to examine access compliance without the overhead of another heavyweight IT project’.

Solution

RightCrowd IQ is designed to be vendor agnostic and purely focusses on auditing and reporting who has access to your systems and critical information. Users can instantly assess the health of access compliance across any regulatory standard and quickly provide audit reporting, or determine where further investigation or remediation is required.

RightCrowd IQ was deployed to provide four primary IGA capabilities:

  1. Simplify user access data collection – automating the collection and correlation of access data from disparate sources
  2. Visualize access – so that team leaders and applications owners could see who has access to what
  3. Up-to-date reporting – leverage near real-time data to make more effective decisions
  4. Improve policy compliance outcomes – actively manage the environment and demonstrate the improvement

Benefits

The significant benefit is that compliance to every regulatory standard begins with knowing what your critical systems are, then knowing who has access to them. ‘Compliance is a non-negotiable, and we needed a flexible system, that could examine user access and make our compliance program more efficient.’

The other benefits of RightCrowd IQ included:

  • Reduce audit costs – 95% reduction in the total time to complete user access audits
  • Boost productivity – 20X improvement in the number of systems reviewed
  • Mitigate systems risks – real-time data to identify, poor practice and rogue automation
  • Improved compliance outcomes – actively demonstrate to auditors and the Board that critical compliance issues are being managed