Xpandion creates “behavior-based profiling” for business applications. Sounds impressive, huh? However, do you know what it means, exactly?
What? It’s already the third quarter? Yes, it is. We suddenly realized it ourselves, and wanted to make sure to remind you authorization managers and CISOs what you’ll be facing during this second half of the year. We’re assuming that these three things are already on your task list for Q3/Q4 (and if not, they should be), but we thought it would be nice to summarize them anyway.
Task 1: Review Employee Authorizations
This is a very important task whether your company is obligated to GRC compliance or not. It’s necessary to verify that employee authorizations are still required to do their jobs. You’d be surprised, but in every organization in which we’ve conducted an authorization review process, there were invalid authorizations or employee permissions that were not relevant anymore for the employee’s current role. If you’re in an organization that is obligated to SOX compliance you must conduct the survey, and if you’re not, it’s still a very good thing to do if you wish to help prevent the next act of fraud.
Task 2: Eliminate Inactive Accounts
Don’t pay for nothing and don’t give a hacker an opportunity – just take a minute and eliminate user accounts that haven’t been active in the last 90 days. Of course, don’t lock the administrator accounts even if they aren’t active, and don’t lock people who are on sick leave or pregnant. But for all the other employees that aren’t logging into the system, they can probably do their job without an expensive user account. For each eliminated account you save twice: First, you’re freeing up the license. Second, you’re removing a potential account that can be hacked.
There are more delicate ways to go about this if you wish to have happier users. You can warn inactive employees with a nice email before locking their accounts, you can ask someone to approve the list of accounts that are slated to be locked, and you can implement a process that does all the above automatically in multiple systems, but this is all nice-to-have. Eliminating user accounts that haven’t been active for a long time is what’s important.
Task 3: Do Some Data Cleansing and Data Completeness Checks
We can’t stress how important is to have full and accurate data. Having high-quality and complete data is the key to finishing tasks more quickly, performing data queries more effectively, and spotting suspicious areas in your system that need to be further investigated. There is no best specific time for performing data cleansing, but it should be done from time to time.
- Check that all user accounts have the most recent data, such as names, departments, email addresses (VERY important), physical location, telephone number, etc.
- Check that all authorization roles have proper descriptions and that they are really still required.
- Go to your ABAP programs and verify that all the Z programs have authorization checks in place.
- Then… well, you get the idea. Just take 3-4 topics and check that they are 100% accurate.
With all this done, you will promise yourself a cleaner and a much more secure system.
Did you know Xpandion has software to fully control authorizations? Get a demo of Xpandion ProfileTailor Security & Authorizations.
Have a great second half of the year!