Recent events have seen workforce reduction, salary cutbacks, colleagues out of the office due to illness or taking care of loved ones, and a shift to businesses relying on a remote workforce. The collection of these events resulted in a shift of the threat landscape as cyber-attacks increased on remote workers. Many employees have also experienced increased workloads due to colleagues being out or let go, which also resulted in increased use of temporary escalated access scenarios to mitigate the risk of users performing multiple job functions.
These events are compounded by the danger that remote workers, working in isolation and seeing their co-workers and spouses losing their jobs, being more inclined to engage in fraudulent activities.
And businesses themselves are changing. Events such as mergers and acquisitions have introduced new technologies and business systems into their IT infrastructure, bringing with them new risks and challenges to monitor, manage, and control user access to critical information in their business applications.
As more interconnected applications are introduced into the business environment, the challenge to monitor and manage access risk across the entire landscape becomes more complex. It is not uncommon to see an organization use their SAP S4 system to manage the centralized finance activities alongside SAP Master Data Governance with additional applications running concurrently: S4 or legacy ECC environments to manage the manufacturing or supply chain processes; Workday for HR functions; Salesforce for CRM; and perhaps additional SAP and non-SAP applications, like Oracle or NetSuite, which were acquired through mergers and acquisitions.
As organizations introduce more applications across various platforms into their environment, they must accommodate new security models and objects, including segregation of duties, conflict resets, security roles, and user provisioning processes. These organizations must be aware of the risks they face and take the appropriate measures to minimize the impacts on their operations.
Fastpath has put together an eBook that helps organizations analyze their end-to-end business processes and identify where the handshakes between multiple business systems occur so that the cross-system risks associated with those processes are addressed.
Download your free copy of Succeeding at Managing Enterprise Risk in Today’s Connected World. This eBook covers common areas of cross-platform risk and how Fastpath can help your organization manage those risks, including:
- Segregation of Duties (SoD) Management
- Customized Code Vulnerabilities
- Emergency Access Provisioning and Deprovisioning
- Access Certification
- User Provisioning
- Role Management
By gaining a thorough understanding of the organization’s cross-platform risks associated with business processes, the internal and external audit staff can evaluate the risks, align them with the organization’s risk and controls policies, and design rulesets to mitigate or remediate the risks.