Technology advancements and adoption in organizations have skyrocketed in the last few years, with the COVID-19 pandemic further propelling organizations to embrace new technologies to survive. The scramble to adapt to a new work-from-home first mindset meant a lot of organizations leveraged new technologies including software-as-a-service (SaaS) platforms to continue to be productive. Organizations must now manage hybrid cloud and on-premises deployments from multiple vendors, comprising the front, middle, and back-office. This has introduced new application access security risks and poses a real challenge to organizations. As the complexity of their environments increases, they have become more vulnerable to data access, privileged information, and security risks which are amplified by increased auditor scrutiny. Segregation of Duties (SOD) is an integral part of mitigating such risks, but as organizations become more complex it has become increasingly difficult to administer effective SOD.
Organizations today are using a very limited and challenged SOD approach that is no longer efficient or effective at keeping the organization secure. Among other limitations, legacy SOD approaches are constrained to a single system making it a challenge for an organization with hybrid cloud and on-premises deployments from multiple vendors to manage the risks across their systems. Because of this constraint, many organizations resort to performing manual review tasks to assess the risk in each system they use which is not only time-consuming and error-prone but also produces increased overhead costs associated with SOD enforcement. It is time for a new approach.
Organizations need to update their SOD frameworks and modernize their approach to be automated and persistent. By implementing an adaptable approach to SOD this ensures the organization stays future-proof and protected well after it has been implemented. “SOD 3.0: Next-generation separation of duties for the modern ERP” an article cowritten by KPMG and Fastpath looks at some key features that differentiate the SOD 3.0 approach from that of today’s limited approach. Features of SOD 3.0 include:
- Looks at SOD across the enterprise and uses predefined role definitions that are directly aligned with front, middle, and back-office business processes in the cloud or on-premises.
- Uses strong internal controls to achieve regulatory compliance and data security and privacy (i.e., SOX, CCPA)
- Applies an efficient and scalable security model that lowers overall cost of ownership of application security.
- Increased automation for access and SOD analysis to help drive operational efficiency.
To learn more about the next-generation approach to SOD and the steps to implement SOD 3.0 click here to download “SOD 3.0: Next-generation separation of duties for the modern ERP” eBook cowritten by KPMG and Fastpath.