Access Controls in Oracle EBS: Use the Right Tools for the Job

Posted by Aidan Parisian

security tools.png

Do you feel that you should be forced to choose between a large-scale, costly solution to perform straight forward tasks vs. settle for a less-than complete solution that needs to be supplemented with manual work in excel? Neither do we. At Fastpath, we believe that the tools used should fit the job, and that they should be easy-to-use and make you more efficient and effective. Let’s talk about how we can help you automate your Access Controls in Oracle EBS.

 

 

Stop Herding Cats

report sign off.png

The worst part of quarterly access reviews is getting constituents to complete the task. Kicking off the review is rarely at the top of your priority list – most of us fight fires for a living (figuratively speaking, except for some of you, perhaps), typically the one closest to our toes. With Fastpath Assure, you can create saved reports for each functional business or control owner, have those reports sent via email automatically on a specified date, and have those folks sign-off via the email to evidence their review. Need to check on status? Navigate to the Signature Log to see what reports have been signed off on, leading you to which reports are outstanding and need follow-up.  Enterprising Internal Audit or Compliance leads can even schedule the Signature Log as a report and have it sent to finance or IT leadership, as needed. Stop chasing less-than-enthusiastic co-workers on behalf of management, and start doing those things that matter!

 

Lost in Translation

As discussed in previous articles in this series, critical access and SOD reviews are becoming more prevalent in business – for both compliance and operational reasons. Often, the owner of these exercises is not part of IT, which means having to go to a Database Administrator (DBA) or Business Systems Analyst (BSA) and try to communicate what is needed. The beauty of a tool like Fastpath Assure is that the data comes to you, and the platform is straightforward enough to use on your own. Perhaps you’ll need to sit down with someone within IT to understand some technical aspects of your EBS instance, but once you’ve saved a Critical Access Group or custom SOD Conflict, you can run that report on your own going forward. No longer do you need to go back to the well every quarter to ask for the same information, interrupting someone with too much on their plate and no time for your non-critical requests. And just like quarterly access reviews, these saved reports can be scheduled for review and tracked via our platform.

conflicts.png

Level Up

Fastpath Assure is only the beginning – Fastpath Identity Manager and Audit Trail both allow you to take your control activities beyond the common set of reviews and into preventative and detective procedures that can answer the second and third questions from your business leadership or auditors.

 

Move Up River

Fastpath Identity Manager allows you to avoid specific issues before they ever occur. Our platform allows you to leverage our integrated toolset and workflow to request and approve access with key data at-hand. When a user’s access is requested, you can set effective dating and you are then provided with a risk ranking based on the SOD and Critical Access rules you’ve already developed. You can then route requests based on risks to the appropriate approvers, such as finance or compliance leadership.  All approvals are logged in an immutable log, all of which is covered by our SOC reports.

 

FOLLOW THE BREADCRUMBS

user provisioning with risk analysis.pngInevitably something will happen. I used to joke with my clients that most controls fail between 3 and 5pm on Fridays. I’ve never validated this in any way, but it makes sense. I’m sure we all love our jobs, but they are still jobs, which means we have something else we’d do for free, tugging at our heartstrings throughout the week. The problem with mistakes is they are often caught after-the-fact, when nobody remembers what they were doing six months ago. Enter Fastpath Audit Trail. Out-of-the-box you get key configuration tracking that can usurp the need for quarterly configuration review via esoteric system reports, and can even be used as part of your change management controls during the year. In addition, once installed, your Oracle team can target additional data as you wish, and track who changed what, when. This deep dive detective capability, when combined with access management and business process controls, can make your control environment significantly more effective than it already is.

 

When charged with protecting assets in your business, arm yourself with information and the tools to do your job efficiently. Automate the basics, and focus on the complex areas that require more forethought and leadership. Allow us to help you be smarter, more efficient, and more effective – please contact us for a demo to see how you can get on the fast path to complete Access Control in Oracle EBS.