 |
|
|
|
| Step by Step to Compliance-conformity in IT
|
A Firm Grasp on Identities, Rights and Resources
In addition to the inadequate ability to audit the granting of access rights, other factors which likewise jeopardize the secure execution of
IT-supported business processes include:
- Non-erased user accounts which belonged to former employees
- Inconsistent access conditions
- Numerous user accounts requiring labor-intensive administration
- Manual administration with high susceptibility to human error
- Lack of user management
A suitable IT solution which supports the comprehensive management of users, identities, rights and resources is essential to neutralize these
risks and satisfy the corresponding verification requirements. Many of the functions are by no means solely needed for specific regulating
requirements, but are already also preconditions for efficient IT operations. Such functions include the automated provision of tools, resources
and information to employees, as well as the granting and revocation of authorizations. Functions of this sort are subsumed under the category
of “provisioning.”
The implementation of the correct provisioning system increases the security of business processes and accelerates their execution.
- Setup and administration of digital identities and identifiers
- Implementation of role-based and mandate-based authorization concepts
- Self-service functions with verified approval and release workflows
- Comprehensive reporting and auditing functions
- Reduced susceptibility to error with increase in the degree of automation
- High quality and up-to-dateness of data and logical dependencies
- Consistent rule management minimizes risks when processes are changed
But what if administrators circumvent the provisioning system when they grant authorizations? To prevent such risky practices, the provisioning
system automatically compares its rights-related information with the corresponding data in the connected target systems. The provisioning system
recognizes and reports illegitimate changes and, if desired, it can automatically countermand them.
To prevent the unauthorized utilization of rights, it is essential to assure that accesses can be blocked and authorizations can be revoked,
deactivated or erased at any desired time and from a central location: for example, when an employee leaves the company or switches to a new
department within it. This so-called “de-provisioning” is a central component in all rules. Measures to secure the IT infrastructure via audits,
as well as obligatory verifications of authorization structures, can be derived from this component.
> Download PDF
|
| |
| |
1 |
2 |
3 |
4 |
5 | |
| |
|
|
|
|
