Description

Fastpath

Fastpath Delivering Value in Automated Access Controls and Monitoring Across Multiple Business Systems

Organizations are best served to take an enterprise and automated approach to access control management across employee and third-party access, business systems, and processes. This can then roll into risk management and reporting that is integrated with decision-making processes. This can be done through a common access control management strategy, process, and technology architecture that supports overall access control management activities and automated continuous enforcement from the user and process level up through an enterprise view. To address access control risk, organizations are establishing an access control and SoD strategy with process and technology to build and maintain an access control program that balances business agility, control, and security to mitigate risk, reduce loss/exposure, and satisfy auditors and regulators, while enabling users to perform their jobs. When evaluating solutions for SoD and access control the organization needs solutions that are intuitive, easy to use, and should look for a solution that covers the range of ERP and business systems used in their environment.

Fastpath Access Control Management Fastpath is a GRC solution provider that GRC 20/20 has researched, evaluated, and reviewed with organizations that are using it in complex, distributed, and dynamic business environments. Fastpath delivers a new breed of intuitive automated access controls and SoD across a range of ERP and business systems. The solution delivers significant business value and brings a contextual understanding of access controls across an organization’s distributed and heterogenous business system environment. Customers use Fastpath Assure® to assess SoD and critical access, provide audit trails on key data in their application, and enable a single-source location to request and approve access requests in the context of risk, ranking them based on access policies. GRC 20/20 finds that Fastpath is a solution that can grow and expand with the organization and adapt as the organization and its environments change. It can be easily implemented to meet single ERP SoD and access control requirements for organizations just beginning a GRC journey or implemented as the information and technology architecture core for automated SoD and access controls across a range of ERP and business systems.

GRC 20/20 interviewed Fastpath clients in telecommunications, systems integration, consumer electronics & entertainment retailer, and hi-tech electronics manufacturer. GRC 20/20’s evaluation, research, and interactions with i-Sight clients has revealed the following:

• Large organizations using i-Sight can typically see a return on investment in under 9 months.
• Medium-sized organizations using i-Sight can typically see a return on investment in just over 9 months.
• Small organizations using i-Sight can typically see a return on investment in just over 10 months.

• Monitoring and Managing Access Controls Effectively
  • Agility Required in Access Control & Segregation of Duties
  • Understanding the Interrelationship of Access Controls
  • Providing 360° Contextual Awareness of Access Risk & Controls
• Fastpath Access Control Management
  • What Fastpath Does
• The Value of Fastpath
  • Value: One Time Security Rationalization
  • Value: Annual Segregation of Duties Scoping
  • Value: Segregation of Duties Review
  • Value: Periodic Access Certification
  • Value: Gap/Deficiency Impact Assessment
  • Value: Configuration Change Tracking
  • Value: Access Maintenance (Identity Management)
  • Value: Periodic Reporting & Audit
  • Qualitative Value of Fastpath
  • Total GRC Value & Return
• GRC 20/20’s Final Perspective
• Appendix
  • Disclosures
  • GRC Value Perspective Methodology
• About GRC 20/20 Research, LLC

Author

Michael Rasmussen – The GRC Pundit @ GRC 20/20 Research, Michael Rasmussen is an internationally recognized pundit on governance, risk management, and compliance (GRC) – with specific expertise on the topics of GRC strategy, process, information, and technology architectures and solutions. With 26+ years of experience, Michael helps organizations improve GRC processes, design and implement GRC architectures and select solutions that are effective, efficient, and agile. He is a sought-after keynote speaker, author, and advisor and is noted as the “Father of GRC” — being the first to define and model the GRC market in February 2002 while at Forrester Research, Inc.

---

©GRC 20/20 Research, LLC. All Rights Reserved.

No part of this publication may be reproduced, adapted, stored in a retrieval system or transmitted in any form by any means, electronic, mechanical, photocopying, recording or otherwise, without the prior permission of GRC 20/20 Research, LLC. If you are authorized to access this publication, your use of it is subject to the Usage Guidelines established in client contract. The information contained in this publication is believed to be accurate and has been obtained from sources believed to be reliable but cannot be guaranteed and is subject to change. GRC 20/20 accepts no liability whatever for actions taken based on information that may subsequently prove to be incorrect or errors in analysis. This research contains opinions of GRC 20/20 analysts and should not be construed as statements of fact.  GRC 20/20 disclaims all warranties as to the accuracy, completeness or adequacy of such information and shall have no liability for errors, omissions or inadequacies in such information.  Although GRC 20/20 may include a discussion of related legal issues, GRC 20/20 does not provide legal advice or services and its research should not be construed or used as such.