identify and monitoring multi-platform and cross-platform access control
TRANSCRIPT
![Page 1: Identify and monitoring multi-platform and cross-platform access control](https://reader031.vdocuments.site/reader031/viewer/2022030318/5a65427b7f8b9a57138b47ef/html5/thumbnails/1.jpg)
Leverage Technology:Move Your Business Forward™
Risk and Compliance Financial Reporting Internal Audit Controls Catalog Application Security Advanced Analytics
A Leader in Risk Based Enterprise Controls Management Solutions
Copyright ©. Fulcrum Information Technology, Inc.Give me a lever long enough and a fulcrum on which to place it, and I shall move the world - Archimedes
IDandMonitoringMulti-PlatformandCross-PlatformAccessControl
JeffreyT.Hare,CPACISACIA
EduardoGaribaldi,DirectorofGlobalRiskAdvisory
![Page 2: Identify and monitoring multi-platform and cross-platform access control](https://reader031.vdocuments.site/reader031/viewer/2022030318/5a65427b7f8b9a57138b47ef/html5/thumbnails/2.jpg)
www.fulcrumway.comPage 2Copyright © FulcrumWay
IntroductionsIdentifying and Monitoring Multi-Platform and Cross-Platform Access Control RisksSegregation of Duties OverviewSoD Analysis False Positives and Exceptions Remediation Approach Q&A
Agenda
![Page 3: Identify and monitoring multi-platform and cross-platform access control](https://reader031.vdocuments.site/reader031/viewer/2022030318/5a65427b7f8b9a57138b47ef/html5/thumbnails/3.jpg)
www.fulcrumway.comPage 3Copyright © FulcrumWay
FulcrumWay Clients Over 250 engagements
Successful Track Record
Government Oil and Gas
Healthcare
Communications
Financial Services
Transportation Natural ResourcesManufacturing
Retail
High TechMedia/Entertainment Life Sciences
![Page 4: Identify and monitoring multi-platform and cross-platform access control](https://reader031.vdocuments.site/reader031/viewer/2022030318/5a65427b7f8b9a57138b47ef/html5/thumbnails/4.jpg)
www.fulcrumway.comPage 4Copyright © FulcrumWay
FulcrumWay™ InsightGlobal Thought Leadership
Oracle Cloud – London – Feb 1-2 GRC Round Table, London, UKEducational Webinar – Feb 17th – Self Service User Provisioning Educational Webinar – Mar 23rd – Continuous Controls Monitoring Oracle Cloud – Australia – March – GRC Round Table, Sydney, AustraliaCollaborate 17 – April 2-6 Las Vegas GRC Open HouseOracle Open World – October 1-5 – Mascone West, San Francisco, CAGitex – October 8-12 – GRC Round Table, Dubai UAEOracle UK Users Group – December – GRC Round Table, Birmingham, UKOracle Connect Africa – October – GRC Round Table, South Africa
Proven Expertise
![Page 5: Identify and monitoring multi-platform and cross-platform access control](https://reader031.vdocuments.site/reader031/viewer/2022030318/5a65427b7f8b9a57138b47ef/html5/thumbnails/5.jpg)
www.fulcrumway.comPage 5Copyright © FulcrumWay
IntroductionsIdentifying and Monitoring Multi-Platform and Cross-Platform Access Control RisksSegregation of Duties OverviewSoD Analysis False Positives and Exceptions Remediation Approach Q&A
Agenda
![Page 6: Identify and monitoring multi-platform and cross-platform access control](https://reader031.vdocuments.site/reader031/viewer/2022030318/5a65427b7f8b9a57138b47ef/html5/thumbnails/6.jpg)
www.fulcrumway.comPage 6Copyright © FulcrumWay
Identifying and Monitoring Multi-Platform and Cross-Platform Access Control Risks
Most organizations have multiple software applications to help run their business. Often there are several ERP and legacy applications that are considered in-scope from a compliance perspective. Hear from industry expert, Jeffrey T. Hare, CPA CISA CIA about common cross-platform and
multi-platform control risks and how organizations can mature their control environment through necessary manual controls, monitoring controls, and
access controls.
![Page 7: Identify and monitoring multi-platform and cross-platform access control](https://reader031.vdocuments.site/reader031/viewer/2022030318/5a65427b7f8b9a57138b47ef/html5/thumbnails/7.jpg)
www.fulcrumway.comPage 7Copyright © FulcrumWay
Scenario 1: Multi-platform risks across Oracle E-Business Suite and Hyperion
Organization uses Oracle E-Business Suite for core applications and Hyperion for budgeting and consolidations
Scenario 1
![Page 8: Identify and monitoring multi-platform and cross-platform access control](https://reader031.vdocuments.site/reader031/viewer/2022030318/5a65427b7f8b9a57138b47ef/html5/thumbnails/8.jpg)
www.fulcrumway.comPage 8Copyright © FulcrumWay
Risks Across Oracle E-Business Suite and Hyperion
Oracle E-Business SuiteUsing Journal Approval Workflow that now leverages AME. All ‘manual JEs’ are required to go through the journal approval workflow process
HyperionJEs can be entered and posted by anyoneManual controls of JEs (outside system)BudgetingConsolidations
Multi-platform
![Page 9: Identify and monitoring multi-platform and cross-platform access control](https://reader031.vdocuments.site/reader031/viewer/2022030318/5a65427b7f8b9a57138b47ef/html5/thumbnails/9.jpg)
www.fulcrumway.comPage 9Copyright © FulcrumWay
Risks across Oracle E-Business Suite and Hyperion
Oracle E-Business SuiteSoD Conflicts:
Enter Journals vs Journal SourcesEnter Journals vs Journal Authorization LimitsEnter Journals vs Profile Option ValuesEnter Journals vs AME SetupsEnter Journals vs Accounting Setup Manager
HyperionSoD Conflicts
Enter Budgets vs Maintain Budget Approvers
Multi-platform
![Page 10: Identify and monitoring multi-platform and cross-platform access control](https://reader031.vdocuments.site/reader031/viewer/2022030318/5a65427b7f8b9a57138b47ef/html5/thumbnails/10.jpg)
www.fulcrumway.comPage 10Copyright © FulcrumWay
Risks across Oracle E-Business Suite and Hyperion
Oracle E-Business SuiteSensitive Access Risks:
Journal SourcesJournal Authorization Limits Profile Option ValuesAME SetupsBudget SetupsJournal Import CorrectionAccounting Setup Manager
HyperionSensitive Access Risks:
Define BudgetBudget ApproversConsolidation SetupsEnter Journals
Multi-platform
![Page 11: Identify and monitoring multi-platform and cross-platform access control](https://reader031.vdocuments.site/reader031/viewer/2022030318/5a65427b7f8b9a57138b47ef/html5/thumbnails/11.jpg)
www.fulcrumway.comPage 11Copyright © FulcrumWay
Risks across Oracle E-Business Suite and Hyperion
Oracle E-Business SuiteOperational Sensitive Access Risks:
Enter JournalsPost JournalsChart of Account maintenance (Flexfield Values)AutoPost
HyperionOperational Sensitive Access Risks:
None
Multi-platform
![Page 12: Identify and monitoring multi-platform and cross-platform access control](https://reader031.vdocuments.site/reader031/viewer/2022030318/5a65427b7f8b9a57138b47ef/html5/thumbnails/12.jpg)
www.fulcrumway.comPage 12Copyright © FulcrumWay
Risks across Oracle E-Business Suite and Hyperion
Oracle E-Business SuiteOther Notes:
Further discussion on how Mass Allocations and Recurring Journals are handledAssumption is Journal Approval workflow is properly configured
HyperionOperational Sensitive Access Risks:
None
Multi-platform
![Page 13: Identify and monitoring multi-platform and cross-platform access control](https://reader031.vdocuments.site/reader031/viewer/2022030318/5a65427b7f8b9a57138b47ef/html5/thumbnails/13.jpg)
www.fulcrumway.comPage 13Copyright © FulcrumWay
Scenario 2: Cross-platform risks across Oracle E-Business Suite and Oracle ERP Cloud
Organization uses Oracle E-Business Suite for core applications (less Requisitions) and Oracle ERP Cloud (Fusion) for Requisitions
Scenario 2
![Page 14: Identify and monitoring multi-platform and cross-platform access control](https://reader031.vdocuments.site/reader031/viewer/2022030318/5a65427b7f8b9a57138b47ef/html5/thumbnails/14.jpg)
www.fulcrumway.comPage 14Copyright © FulcrumWay
Risks across Oracle E-Business Suite and Hyperion
Oracle E-Business SuiteActivities within EBS
Segregating JEs – Enter vs PostApproved Reqs are converted to POsPOs are updated manually since ERP Cloud doesn’t support PO updatesSuppliers i/f’d from ERP Cloud
Oracle ERP CloudActivities within ERP Cloud:
JEs not allowedApproved Requisitions are interfaced to EBSSuppliers are interfaced to EBS
Multi-platform
![Page 15: Identify and monitoring multi-platform and cross-platform access control](https://reader031.vdocuments.site/reader031/viewer/2022030318/5a65427b7f8b9a57138b47ef/html5/thumbnails/15.jpg)
www.fulcrumway.comPage 15Copyright © FulcrumWay
Risks across Oracle E-Business Suite and Hyperion
Oracle E-Business SuiteSensitive Access Risks:
Suppliers (none s/b entered)AutoCreate DocsBuyersPurchase OrdersPO Setups – Document Types PO Approval SetupsPayables Options
Oracle ERP CloudSensitive Access Risks:
Suppliers Requisition Approval SetupRequisition Setups –Document Types
Multi-platform
![Page 16: Identify and monitoring multi-platform and cross-platform access control](https://reader031.vdocuments.site/reader031/viewer/2022030318/5a65427b7f8b9a57138b47ef/html5/thumbnails/16.jpg)
www.fulcrumway.comPage 16Copyright © FulcrumWay
Risks across Oracle E-Business Suite and Hyperion
Oracle E-Business SuiteSoD Conflicts:
PO’s vs Enter Goods ReceiptsEnter Suppliers vs Enter PO’sPO’s vs PO OptionsSuppliers vs Payables OptionsPO’s vs Buyers
Oracle ERP CloudSoD Conflicts:
Requisitions vs Requisition Approval SetupEnter Suppliers vs Requisitions
Multi-platform
![Page 17: Identify and monitoring multi-platform and cross-platform access control](https://reader031.vdocuments.site/reader031/viewer/2022030318/5a65427b7f8b9a57138b47ef/html5/thumbnails/17.jpg)
www.fulcrumway.comPage 17Copyright © FulcrumWay
Risks across Oracle E-Business Suite and Hyperion
Oracle E-Business SuiteCross Platform SoD Conflicts:
Enter PO’s(EBS)
Oracle ERP CloudCross Platform SoD Conflicts:
Enter Suppliers (Cloud)
Multi-platform
![Page 18: Identify and monitoring multi-platform and cross-platform access control](https://reader031.vdocuments.site/reader031/viewer/2022030318/5a65427b7f8b9a57138b47ef/html5/thumbnails/18.jpg)
www.fulcrumway.comPage 18Copyright © FulcrumWay
IntroductionsIdentifying and Monitoring Multi-Platform and Cross-Platform Access Control RisksSegregation of Duties OverviewSoD Analysis False Positives and Exceptions Remediation Approach Q&A
Agenda
![Page 19: Identify and monitoring multi-platform and cross-platform access control](https://reader031.vdocuments.site/reader031/viewer/2022030318/5a65427b7f8b9a57138b47ef/html5/thumbnails/19.jpg)
www.fulcrumway.comPage 19Copyright © FulcrumWay
Are you ready for the Segregation of Duties Audit?SoD Overview
![Page 20: Identify and monitoring multi-platform and cross-platform access control](https://reader031.vdocuments.site/reader031/viewer/2022030318/5a65427b7f8b9a57138b47ef/html5/thumbnails/20.jpg)
www.fulcrumway.comPage 20Copyright © FulcrumWay
The Big PictureSafePaaS
MonitorPaaS
ProcessPaaS/DocumentPaaS Operations Management
RiskPaaSRiskLibrary KRIManagerPolicyManager
ProcessDefinition
Workflow BusinessRules
AuditManager AuditPlanner
ComplianceManager
MasterDataMonitor
Dat
aPro
be In
tegr
atio
n Se
rvic
es
RiskAssessments
AuditPaaS
TransactionMonitor AppConfigurationMonitor RulesRepository
AccessMonitor SODPolicyMonitor RolesManager
AccessPaaSiAccessPolicybasedprovisioning
IssueManager
SurveyManager
EnterpriseRiskManagement
ContinuousControlsMonitoring
FinancialGovernance AuditandComplianceAutomation
ITGovernance
![Page 21: Identify and monitoring multi-platform and cross-platform access control](https://reader031.vdocuments.site/reader031/viewer/2022030318/5a65427b7f8b9a57138b47ef/html5/thumbnails/21.jpg)
www.fulcrumway.comPage 21Copyright © FulcrumWay
Multi-platform
![Page 22: Identify and monitoring multi-platform and cross-platform access control](https://reader031.vdocuments.site/reader031/viewer/2022030318/5a65427b7f8b9a57138b47ef/html5/thumbnails/22.jpg)
www.fulcrumway.comPage 22Copyright © FulcrumWay
Responsibility
Form
Complicated Security ModelContains many overriding security attributes
Menu
Function
UserEvaluate User Access• Test by User • Test by Privilege
Manage Segregation of Duties• Identify incompatible Privileges• Predefined & Extensible SOD
Rule Sets
SoD Overview
![Page 23: Identify and monitoring multi-platform and cross-platform access control](https://reader031.vdocuments.site/reader031/viewer/2022030318/5a65427b7f8b9a57138b47ef/html5/thumbnails/23.jpg)
www.fulcrumway.comPage 23Copyright © FulcrumWay
Roles
Hyperion Security ModelHigh Risk of SOD Issues
Groups
Functions
User
Security Class
SoD OverviewEvaluate User Access• Test by User • Test by Privilege
Manage Segregation of Duties• Identify incompatible Privileges• Predefined & Extensible SOD
Rule Sets
![Page 24: Identify and monitoring multi-platform and cross-platform access control](https://reader031.vdocuments.site/reader031/viewer/2022030318/5a65427b7f8b9a57138b47ef/html5/thumbnails/24.jpg)
www.fulcrumway.comPage 24Copyright © FulcrumWay
Role
Page
PeopleSoft Security ModelHigh Risk of SOD Issues
Permission List
Menu
User Profile
Component
SoD OverviewEvaluate User Access• Test by User • Test by Privilege
Manage Segregation of Duties• Identify incompatible Privileges• Predefined & Extensible SOD
Rule Sets
![Page 25: Identify and monitoring multi-platform and cross-platform access control](https://reader031.vdocuments.site/reader031/viewer/2022030318/5a65427b7f8b9a57138b47ef/html5/thumbnails/25.jpg)
www.fulcrumway.comPage 25Copyright © FulcrumWay
JD Edwards Security ModelHigh Risk of SOD Issues
Evaluate User Access• Test by User • Test by Privilege
Manage Segregation of Duties• Identify incompatible Privileges• Predefined & Extensible SOD
Rule Sets
Roles
Menu / Task
User
Form
Application
Versions
Report
Versions
SoD Overview
![Page 26: Identify and monitoring multi-platform and cross-platform access control](https://reader031.vdocuments.site/reader031/viewer/2022030318/5a65427b7f8b9a57138b47ef/html5/thumbnails/26.jpg)
www.fulcrumway.comPage 26Copyright © FulcrumWay
Access/SOD Risk Based
DetectSOD/PolicyViolations
AnalyzeViolations
CorrectRole
Access
MonitorViolationIncidents
ApplicationSecurityModel
ApplicationSecurity
Snapshot
ExceptionsCorrect
UserAccess
App Control Owners/
IS SecurityIS Security/ Audit/Compliance
Control Owners/
IS Security
ApplicationTest
EnvironmentAccess AnalyticsRules Manager Action Workflow
Application Administrator
SOD Overview
Violations ManagerDataProbe ETL
Corrective Actions
Dashboard
ApplicationAccess Rules
Roles Manager
![Page 27: Identify and monitoring multi-platform and cross-platform access control](https://reader031.vdocuments.site/reader031/viewer/2022030318/5a65427b7f8b9a57138b47ef/html5/thumbnails/27.jpg)
www.fulcrumway.comPage 27Copyright © FulcrumWay
SoD Rule Consists of Business Activities Made Up of FunctionsSoD Overview
![Page 28: Identify and monitoring multi-platform and cross-platform access control](https://reader031.vdocuments.site/reader031/viewer/2022030318/5a65427b7f8b9a57138b47ef/html5/thumbnails/28.jpg)
www.fulcrumway.comPage 28Copyright © FulcrumWay
IntroductionsIdentifying and Monitoring Multi-Platform and Cross-Platform Access Control RisksSegregation of Duties OverviewSoD Analysis False Positives and Exceptions Remediation Approach Q&A
Agenda
![Page 29: Identify and monitoring multi-platform and cross-platform access control](https://reader031.vdocuments.site/reader031/viewer/2022030318/5a65427b7f8b9a57138b47ef/html5/thumbnails/29.jpg)
www.fulcrumway.comPage 29Copyright © FulcrumWay
Validate Access Risks and Verify Security Model
UseDashboardsandReportFilterstoanalyzerisks
Identify SoD Rule violations and analyze issues using Violation Score Card. Drill down into Responsibility and User Violations by OU, and Module
SOD Analysis
![Page 30: Identify and monitoring multi-platform and cross-platform access control](https://reader031.vdocuments.site/reader031/viewer/2022030318/5a65427b7f8b9a57138b47ef/html5/thumbnails/30.jpg)
www.fulcrumway.comPage 30Copyright © FulcrumWay
Violations by User and ResponsibilitySOD Analysis
ResponsibilitywithSODConflict
UserwithSODConflict
AccesstoSupplierForm
AccesstoInvoiceApprovalPage
![Page 31: Identify and monitoring multi-platform and cross-platform access control](https://reader031.vdocuments.site/reader031/viewer/2022030318/5a65427b7f8b9a57138b47ef/html5/thumbnails/31.jpg)
www.fulcrumway.comPage 31Copyright © FulcrumWay
Responsibility ConfigurationSOD Analysis
![Page 32: Identify and monitoring multi-platform and cross-platform access control](https://reader031.vdocuments.site/reader031/viewer/2022030318/5a65427b7f8b9a57138b47ef/html5/thumbnails/32.jpg)
www.fulcrumway.comPage 32Copyright © FulcrumWay
Download in Excel for further reviewSOD Analytics
![Page 33: Identify and monitoring multi-platform and cross-platform access control](https://reader031.vdocuments.site/reader031/viewer/2022030318/5a65427b7f8b9a57138b47ef/html5/thumbnails/33.jpg)
www.fulcrumway.comPage 33Copyright © FulcrumWay
IntroductionsIdentifying and Monitoring Multi-Platform and Cross-Platform Access Control RisksSegregation of Duties OverviewSoD Analysis False Positives and Exceptions Remediation Approach Q&A
Agenda
![Page 34: Identify and monitoring multi-platform and cross-platform access control](https://reader031.vdocuments.site/reader031/viewer/2022030318/5a65427b7f8b9a57138b47ef/html5/thumbnails/34.jpg)
www.fulcrumway.comPage 34Copyright © FulcrumWay
What Are False Positives ?Users and Responsibilities
InactiveUsers
ExpiredUsers
TerminatedEmployeesstillactiveinEBS
End-DatedUsers
End-DatedResponsibilityAssignments
MenuswithoutPrompts
Inherent False+
![Page 35: Identify and monitoring multi-platform and cross-platform access control](https://reader031.vdocuments.site/reader031/viewer/2022030318/5a65427b7f8b9a57138b47ef/html5/thumbnails/35.jpg)
www.fulcrumway.comPage 35Copyright © FulcrumWay
WithoutGrantFlagusercannotaccesstheSub-
MenuorFunction
Menuwithoutpromptsdisablesusertoseeand
navigate
A menu is a hierarchical arrangement of application functions (forms). In the definition of a responsibility, the specified menudefines what is displayed in the navigator. The specified menu does not necessarily define the functions that can be accessed by the responsibility, which are granted.
What Are False Positives ?Oracle Menus Inherent False+
![Page 36: Identify and monitoring multi-platform and cross-platform access control](https://reader031.vdocuments.site/reader031/viewer/2022030318/5a65427b7f8b9a57138b47ef/html5/thumbnails/36.jpg)
www.fulcrumway.comPage 36Copyright © FulcrumWay
Ifyouspecifytheparameter
QUERY_ONLY=YES,theformopensinquery-onlymode.
Inherent False+ What Are False Positives ?Oracle Functions
![Page 37: Identify and monitoring multi-platform and cross-platform access control](https://reader031.vdocuments.site/reader031/viewer/2022030318/5a65427b7f8b9a57138b47ef/html5/thumbnails/37.jpg)
www.fulcrumway.comPage 37Copyright © FulcrumWay
TheFormPersonalizationfeatureallowsyoutodeclarativelyalterthebehaviorofForms-basedscreens,includingchangingproperties,executingbuiltins,displayingmessages,andaddingmenuentries.
Inherent False+ What Are False Positives ?Oracle Form Personalization
![Page 38: Identify and monitoring multi-platform and cross-platform access control](https://reader031.vdocuments.site/reader031/viewer/2022030318/5a65427b7f8b9a57138b47ef/html5/thumbnails/38.jpg)
www.fulcrumway.comPage 38Copyright © FulcrumWay
Aprofileisasetofchangeableoptionsthataffectthewayyourapplicationlooksandbehaves.Youcansetuserprofileoptionsatdifferentlevels:site,application,
responsibility,user,server,andorganization,dependingonhowtheprofileoptionsaredefined.
Inherent False+ What Are False Positives ?Oracle Profile Options
![Page 39: Identify and monitoring multi-platform and cross-platform access control](https://reader031.vdocuments.site/reader031/viewer/2022030318/5a65427b7f8b9a57138b47ef/html5/thumbnails/39.jpg)
www.fulcrumway.comPage 39Copyright © FulcrumWay
Global False PositivesFalse+ Checklist
Filter False+
Form Extensions
TableAudit
ConditionalFunctionAccess
DataAccess
FunctionAccess
Read-OnlyAccess
FunctionLimits
Filter False+
MenuAccess
Menu /Sub-Menu/Grants/Prompts
Data/Function Access
Disabled OracleResponsibilityAccess
EnabledOracleResponsibilityAccess
Read-OnlyRBACAccess
RBAC(Role BasedAccessControl)
Filter False+
FunctionLimits
Ledger DataAccess
CustomForms/Pages
Ledger SetAccess
Multi-Org Access
IT SupportAccess
MenuGrant Flag
Filter False+
User AccesstoSub-Menu
Inactive Users
Privileged User(Interface,etc)
User ResponsibilityAccessInactive
User ResponsibilityAccessActive
UserAccess enabled
Form Customization
Filter False+
Data AccessGroup(SharedServices)
GL AccessLimit
OperatingUnitAccess
OraclesecurityProfile
![Page 40: Identify and monitoring multi-platform and cross-platform access control](https://reader031.vdocuments.site/reader031/viewer/2022030318/5a65427b7f8b9a57138b47ef/html5/thumbnails/40.jpg)
www.fulcrumway.comPage 40Copyright © FulcrumWay
IntroductionsIdentifying and Monitoring Multi-Platform and Cross-Platform Access Control RisksSegregation of Duties OverviewSoD Analysis False Positives and Exceptions Remediation Approach Q&A
Agenda
![Page 41: Identify and monitoring multi-platform and cross-platform access control](https://reader031.vdocuments.site/reader031/viewer/2022030318/5a65427b7f8b9a57138b47ef/html5/thumbnails/41.jpg)
www.fulcrumway.comPage 41Copyright © FulcrumWay
System Filters
False+Filters
DataSecurity
Read-Only
Custom
INVINV
UserOU
FormProfile
Role
Filters Type Conditions Results Excluded
Inactive User Global End-Date Users
Inactive Role Global End-Date Roles
Business Unit Global OrgName Organization
View Only Local Function Path Functions
DataSecurity Local Data Group Groups
Personalization Local Form/Page Forms
Approach
Role UserOU
![Page 42: Identify and monitoring multi-platform and cross-platform access control](https://reader031.vdocuments.site/reader031/viewer/2022030318/5a65427b7f8b9a57138b47ef/html5/thumbnails/42.jpg)
www.fulcrumway.comPage 42Copyright © FulcrumWay
Remove Inherent False PositivesApproach
UserGlobalConditionstofilter“inherent”FalsePositiveslike:
InactiveUsersInactiveResponsibilities
Read-onlyAccess
![Page 43: Identify and monitoring multi-platform and cross-platform access control](https://reader031.vdocuments.site/reader031/viewer/2022030318/5a65427b7f8b9a57138b47ef/html5/thumbnails/43.jpg)
www.fulcrumway.comPage 43Copyright © FulcrumWay
IntroductionsIdentifying and Monitoring Multi-Platform and Cross-Platform Access Control RisksSegregation of Duties OverviewSoD Analysis False Positives and Exceptions Remediation Approach Q&A
Agenda
![Page 44: Identify and monitoring multi-platform and cross-platform access control](https://reader031.vdocuments.site/reader031/viewer/2022030318/5a65427b7f8b9a57138b47ef/html5/thumbnails/44.jpg)
www.fulcrumway.comPage 44Copyright © FulcrumWay
Fortune 500 Global Manufacturer Improves
Segregation of Duty Controls across multiple ERP instancesOurClient
Fortune500company,manufacturesanddistributescoatings,specialtymaterials,andglassproducts.BusinessRunsonmultipleOracleEBS,SAPsystemsOver40,000employeesworld-wide
ChallengesReplacemultiplelegacysystemswithoneERPsolutionImprovedSegregationofDutycontrolswithinmissioncriticalapplicationsMaintainconsistentERPsystemaccessrolesacrossthesubsidiariesleveragingthesharedservicesmodelIncreaseexternalauditor’srelianceonERPAccessControlsMonitoring
SolutionsSafePaaSAccessPolicyManagerSafePaaSiAccessUserProviosning
Results:ReduceERPSODRemediationtimebyidentifyingandeliminating80%FalsePositivesresultinginover$50,000annualcostsavingsinAuditandRemediationCostsCreatedover100SegregationofDutycompliantRolesbybusinesssegmentwithtwoweeksfromFulcrumWayRoleTemplateswithinthecontrolscatalog.LoweredERPTotalCostofOwnershipbyreducingSoDremediationtimeandcostsbyensuringthatallusersaassignedonlythepre-approvedRolesImproveSoDandAccessControlstestingtimebyprovidingauditorstheaccesslogreportsshowingallUpdate,ReviewandApproveRoledesignchanges.AcceleratedERPAccessApprovaltimebyidentifyingvalidSODconflictsbeforetheRolesareassignedtoUsers.
Case Study
![Page 45: Identify and monitoring multi-platform and cross-platform access control](https://reader031.vdocuments.site/reader031/viewer/2022030318/5a65427b7f8b9a57138b47ef/html5/thumbnails/45.jpg)
www.fulcrumway.comPage 45Copyright © FulcrumWay
Sign-up for FREE 30 Days EvaluationQ & A
Register online to try out SafePaaS