As companies are growing, it is more and more difficult to manage end user life cycles. A lack of control exposes the company to several risks.
« In 2019, the global cost of failure or setup errors linked to access rights management is 8,7 billion dollars.»
There are several factors linked to a lack of control of the user life cycle:
Users with wide access can accidentally delete or share sensitive data.
An employee willing to fraud can do so using SoD failures, corrupting data, steeling data to sell them to competition or expose financial data to harm the company.
Hackers try to target user accounts with privileged access to be able to access wide databases, systems, applications and infrastructure. Indeed, the systems contain the most sensitive data for a company (suppliers, clients, patents, etc.)
It is important to avoid providing too wide access to end users. Generally, the target is to limit access to business needs, implementing a thorough SoD process or enhancing dual control.
To guarantee secured user provisionning, it is highly recommended to enforce the User Access Manangement (UAM) related processes by implementing a tool including automatic provisionning and preventive sanity checks.
The security experts at Artimis support their clients with the implementation of identity and user right related processes including appropriate tooling :
Conception and implémentation :
Of a proper identity management process,
Of a strategy to define a single sign on type of user management to improve end user experience,
Of a mutual access request management tool (cross system),
Of a process to manage end users with wide access (IT, business, internal audit, …),
Of a process to review the access rights that fits external audit requirements – User Access Review (UAR)