Case Study / Media Giant

Hearst

Media Giant Hearst Enhances Security and Operationalizes Access Monitoring in Oracle ERP Cloud

The Challenge

Perhaps the most well-known name in the industry, Hearst is a global, media and information services company. With more than 300 businesses across multiple industries—some of which were recently acquired— Hearst’s business environment is complex. With size and complexity come risks around security, so it was critical for the company to ensure security was maintained at the highest level.

This goal needed to be supported by a reliable and effective technology solution. Hearst had implemented Oracle ERP Cloud and brought in Application Security Audit Manager Ivan Ng to assess security controls to ensure they met the company’s requirements. “You’re taking risks by not having the proper security controls in place from the outset and being forced to clean it up down the road can also be costly,” said Ivan.

“It is very apparent that the application was written by auditors for auditors. Audits are much faster and cleaner. I gave them access to the reports they needed, which helped them get their testing done much more efficiently compared to the past. So, this was one area where there was big ROI right off the bat.”

Ivan Ng, Application Security Audit Manager, Hearst

The solution

Ivan and his team selected Fastpath’s comprehensive, interactive tool that enables organizations to identify security conflicts within their ERP application, better understand their overall security, and provide the necessary documentation to both internal and external audit teams. It also eliminates manual processes, increases accuracy, and ultimately saves time. Fastpath works with nearly every ERP application on the market today, which was just one of the reasons for choosing it. Not all of Hearst’s companies use Oracle for their ERP, so the solution needed to be flexible. In addition, Ivan’s team found that Fastpath was rich in functionality they required, easy to set up and use, and had the

ability to perform access monitoring, which was important with all the applications and platforms in use at Hearst. “It is very apparent that the application was written by auditors for auditors,” said Ivan.

With Fastpath in place, the company launched an automated mass review of 4,000 user role assignments. With that step completed, the team set about refining user roles. Ivan recommends using custom roles, to get exactly what your organization needs and reduce the risk of SoD or other issues that can occur with roles that come out of the box with most ERP packages.

The results

The organization has been thrilled with Fastpath—supported by 100% user adoption across multiple business units in a very short period. It has also helped on the finance operational side with designing and redesigning their roles, enabling quick analyses to ensure they are being designed properly. Most importantly, Fastpath passed the internal audit test with flying colors. Audits are much faster and cleaner. “I gave them access to the reports they needed, which helped them get their testing done much more efficiently compared to the past,” continued Ivan.

“So, this was one area where there was big ROI right off the bat.” With roles cleaned up and an SoD structure in place, future reviews—slated for every 6 months—will get incrementally faster and easier. “It boils down to how easy Fastpath is to use and that it actually keeps what should be a simple process simple,” said Ivan. “It has been refreshing to see what the right technology can do.”