Emergencies happen. Yes, even in businesses. The ones I’m referring to are related to work processes and ERP security. Ok, so it’s not a fire or flood; still any business must be able to handle operational emergencies quickly and effectively.
Emergencies of this sort can include resolving configuration changes, troubleshooting critical issues, or providing immediate assistance to business users. Solving these problems is done in the production environment, usually by the IT team (system administrators, programmers, training staff, etc.).
So far you see no problem, right? Wrong. Accessing the production environment entails the following risks: fraud, misuse of authorizations and deficiency in audit reports. Although risky, timely and privileged access into production systems is essential for enabling an organization to operate smoothly and efficiently, at all times. In case of an urgent business requirement, a company needs to allow its IT team the flexibility around the production environment, as they must prevent, attend and manage critical issues then and there.
Let’s say that a financial implementer requires urgent access to the production environment in order to take care of a critical bug, which is preventing the Payment Run program to run properly (a very stressful situation indeed…). The financial implementer should be granted with the required authorizations to ensure that this situation is handled immediately and effectively. Nonetheless, while working in the production environment to fix the bug, a lot can happen, whether by mistake or on purpose…
How IT teams can support production systems without compromising security and control
The ideal solution for guaranteeing full control over production systems is setting an emergency access (sometimes referred to as IT access) process in place. Such a process defines the rules for privileged access in case of an emergency; specifically for users that are not supposed to enter the production environment on a regular basis, as well as business users required to handle ad-hoc issues.
Based on what I hear from customers, the best process should run more or less like this:
- User requests access to the production environment and needs to provide a reason justifying the request.
- Automated testing system determines whether the request for accessing the production system is justified. If the reason provided did not “pass the test” (meaning the user’s request is suspicious in comparison to the user’s regular behavioral profile) the request is directed to a security administrator for further inspection.
- The request is automatically sent to the relevant manager for approval.
- Upon approval the user’s account in the production system is unlocked, or a dedicated user name is provided, and a powerful role is assigned for enabling the prompt completion of the urgent task.
Wait, there’s more: to make sure things don’t go wrong from here, all activity in the production environment needs to be monitored continuously. What I mean by this is that every action taken in the production system is recorded (just in case the user was fooling around in there, or even made an innocent mistake). In addition, alerts should be sent if a sensitive activity was performed. After a defined amount of time the username is automatically locked and all extra authorizations – granted for the purpose of resolving the issue – are removed. Finally, and I really recommend this, a full report of all activities in the production environment should be generated, available to security managers for further inspection.
In a nutshell: emergency access is inevitable. Managing and controlling it is essential.