Data security. For many in business, the first thing that comes to mind is securing the network from intruders – keeping hackers out of the company’s sensitive business systems. But data security also means securing your business systems and information from your own people.
For example, some employees will always require permissions to access specific areas of these business applications. Employees working in Finance will require permissions to set up a new vendor, pay an invoice, or bill a client. Problems occur when an employee can perform both sides of a financial transaction, such as entering a vendor and then can write a check to that vendor. This situation carries the potential for the employee to create a fraudulent vendor that deposits money into the employee’s bank account and then the same employee creates invoices to pay that vendor.
Another example involves employees in Human Resources who routinely require permissions to enter a new employee, terminate an employee, enter time worked for an employee or contractor, and generate the checks to pay the employees. However, problems occur when certain employees are granted unauthorized access to view or edit the personnel records of other employees.
Too often, companies lose track of who has access to view or change information in their financial and HR systems. Access is poorly documented using a combination of Excel spreadsheets, sticky notes, and emails. Preparing for an audit is time-consuming and error prone. In the meantime, this lack of a global view of who has access into the company’s business systems, from unauthorized access to personal data or proprietary company information to segregation of duties conflicts, can result in fraud, fines and penalties resulting from a failed audit, and theft of intellectual property.
Automating the user access provisioning process will help eliminate these problems by identifying and mitigating potential access risks, creating an audit trail of access requests and authorizations, and establishing a process to periodically review access privileges.
Fastpath and OCEG have produced an infographic that compares the typical manual access provisioning process to an automated, audit-ready access control framework. This infographic shows the benefits of automating user access provisioning, which includes increased productivity, less time for audit preparation, greater audit accuracy, and proactive responses before potential conflicts become problems.
Get your copy of this valuable infographic today and see the benefits for yourself.