Thursday, June 10, 2010

#1 Top Audit Finding for 3 Years Running is
Excessive Access Rights - Deloitte Survey




Excessive Access Rights is the #1 audit finding according to Deloitte's 7th annual security survey.(a) Moreover, excessive access rights was the #1 audit finding in the previous two annual surveys.(b & c)


Given that excessive access rights are often due to job changes and terminations it is no surprise that the #5 audit finding is "Lack of clean up of access rules following a transfer or termination."

Why are Excessive Access Rights so Prevalent?
The problem is that “completely eliminating excessive access rights is almost impossible” according to Deloitte because organizations are dynamic and access rights requirements are constantly changing.

“Employees are hired, promoted (sometimes doing both jobs for a period of time) and fired; job requirements change; contractors come and go; off-site consultants (often in unsecure environment) need access to documents and applications; mergers and acquisitions mean restructuring.” (a)

While preventive controls like identity and access management systems are essential, detective controls are crucial to finding the user access policy violations that may continue to exist due to human error or malicious intent.

Detective Controls can be People Intensive
Regular, independent review of user rights and access activity can identify excessive access rights, dormant user accounts, shared logins, and other user access policy exceptions. Unfortunately, if done using traditional methods and tools, user access review creates an enormous amount of work for business managers and IT.

Eliminate the Work and Receive Actionable Remediations
Veriphyr identity and access intelligence services eliminates manual grunt work by applying advanced analytics to your existing rights and user activity data. Veriphyr identity and access intelligence pinpoints user access policy exceptions and delivers actionable remediation. And Veriphyr is an on-demand service so there is no software to install, no hardware to procure, and no scripts or connectors to maintain.

To learn more about Veriphyr watch our 3 minute video.

Sources:
(a) Deloitte 2010 Global Financial Services Security Survey
(b) Deloitte Sixth Annual Global Security Survey
(c) Deloitte 2007 Global Security Survey


No comments:

Popular Posts

Copyright © 2010-2017 by Veriphyr Incorporated, All Rights Reserved.

Contact us at Veriphyr.com.