A Fresh Perspective on Access Controls & SoD
[tabs style=”default”] [tab title=”Executive Summary”]
Manual processes and document-centric approaches to SoD, inherited rights, critical and super user access, is time-consuming, prone to mistakes and errors, and leave the business exposed. Organizations need to establish an access control and SoD strategy and process that is supported by technology to manage access control in a context that balances business agility with control and security to mitigate risk, reduce loss/exposure, and satisfy both auditors and regulators while enabling users to perform their jobs. By automating access controls, organizations take a proactive approach to avoiding risk while cutting down the cost and time required to maintain controls, be compliant, and mitigate risk.
CSI tools is a GRC offering that GRC 20/20 has researched, evaluated, and reviewed with organizations that are using it in changing, distributed, and dynamic business environments. CSI tools provides analytic control solutions that audit and monitor SAP environments, manage and validate authorizations, and build roles tuned to the organizations security requirements and business needs. CSI tools enables organizations to evaluate existing roles, access rights of users, remediate issues, restructure roles to remove unnecessary roles and entitlements, as well as grant and document exceptions for non-compliant access for business reasons. GRC 20/20 has interviewed and engaged several CSI Tool clients and finds that the CSI tools solutions have helped them keep up with access controls and SoD in a way that maximizes their GRC resource efficiency, effectiveness, and agility.
[/tab] [tab title=”Table of Contents”]
- Struggling to Keep Up in Access Controls & SoD
- CSI tools
- A Fresh Perspective on Access Control & SoD
- The Value of CSI tools
- Capabilities of CSI tools
- Considerations for CSI tools
- About GRC 20/20 Research, LLC
- Research Methodology
[/tab] [tab title=”Author”]
Michael Rasmussen – The GRC Pundit @ GRC 20/20 Research, Michael Rasmussen is an internationally recognized pundit on governance, risk management, and compliance (GRC) – with specific expertise on the topics of GRC strategy, process, information, and technology architectures and solutions. With 23+ years of experience, Michael helps organizations improve GRC processes, design and implement GRC architectures, and select solutions that are effective, efficient, and agile. He is a sought-after keynote speaker, author, and advisor and is noted as the “Father of GRC” — being the first to define and model the GRC market in February 2002 while at Forrester Research, Inc.
©GRC 20/20 Research, LLC. All Rights Reserved.
No part of this publication may be reproduced, adapted, stored in a retrieval system or transmitted in any form by any means, electronic, mechanical, photocopying, recording or otherwise, without the prior permission of GRC 20/20 Research, LLC. If you are authorized to access this publication, your use of it is subject to the Usage Guidelines established in client contract. The information contained in this publication is believed to be accurate and has been obtained from sources believed to be reliable but cannot be guaranteed and is subject to change. GRC 20/20 accepts no liability whatever for actions taken based on information that may subsequently prove to be incorrect or errors in analysis. This research contains opinions of GRC 20/20 analysts and should not be construed as statements of fact. GRC 20/20 disclaims all warranties as to the accuracy, completeness or adequacy of such information and shall have no liability for errors, omissions or inadequacies in such information. Although GRC 20/20 may include a discussion of related legal issues, GRC 20/20 does not provide legal advice or services and its research should not be construed or used as such.