User Access Reviews is way for organizations to maintain, uphold IT controls and comply with regulations such as SOX, FFIEC, ISO 27001, PCI- DSS, HIPAA etc.
How to do Access Recertification?
No matter the compliance standard, the process remains the same. Access reviews are an important part of a company’s security architecture when it comes to user account access to sensitive data. First step is to obtain the employees, vendor and contractor information from the system of record so it can serve as the single source of truth for identities. Second step is to extract different types of user accounts, service accounts and their entitlements across the systems, databases and folders in scope for the review. Privileged accounts need a special type of review treatment as their abuse can lead to significant damage. Thereafter, matched identities of users are send to their managers to review and attest. Any access remediation needs to happen post review.
CHALLENGE: A publicly held cloud communication provider of residential telecommunication services has significantly grown its IT landscape through multiple acquisitions over the years. It had implemented Okta for access Management. However, the Audit department continued to manually conduct quarterly access reviews to satisfy SOX standards. A large part of review was focused on validating User Access Control, including credentials and entitlements across Okta enabled and legacy telecommunication applications.
SOLUTION: Facing rigorous requirements for compliance and risk management, Telco Company approached SecurEnds for its product that could be added on top of Okta to automate Access Certification process. A tailored demo followed by a five-day proof of concept (POC) established SecurEnds as the solution of choice. POC participants found the Okta-SecurEnds workflow easy to configure, add additional custom applications through Robotic Process Automation (RPA) and that needed to be reviewed, set up onetime or periodic access certification campaigns. Using SecurEnds Cloud Ready, AI Enabled, Lightweight Identity Governance product, customer was able to fill the “governance gap” in Okta’s offering.
SecurEnds is leading the market with its lightweight, highly configurable and industry first flex-connector product that keeps companies secure while meeting audit and compliance requirements. Our software allows you to load user data from multiple system of record, connect dynamically to applications, match identities with user credentials, manage heartbeat identities across connected and disconnected, schedule one-time or periodic access recertifications and create proof of compliance for external auditors. In only 30 minutes we can demo why our SAAS software is now a leading choice for identity governance.