System Access Auditing

Background

A major operator had a manual process for systems and buildings access. Creating access for new starters, as well as removing for leavers and adjusting for movers created significant complexity for IT and HR teams.

Similarly, at any point, the team might be asked to confirm the access credentials and any one or group of employees, or they may be requested to alter an employees access so that it did not confirm to a group policy or role specific set of permissions.

It was apparent that the business suffered from a lack of visibility and struggled to maintain effective control of the systems accessed by their staff. This has led to an increased risk of employees who have exited the business and those moving departments having access to applications that are no longer relevant to them, or for movers, not to be able to do their new role as effectively as they should.

Discovery and UAM was a quarterly process which included an audit by the security teams. Each audit revealed a number of issues and as growing business it was increasingly concerned by its own inability to close out the growing list of issues. Cyber teams needed this to be addressed, as did the business as not only did this pose material security concerns but had resulted in substantial productivity losses.

Objectives

The We Are CORTEX team devised an automation solution to address Starter,  Leaver and Mover (SLAM) governance , but to also enable effective UAM visibility and control over of employees.

Solution

CORTEX connects to Active Directory (AD), IAM/IGA systems, ERP, HR systems, to audit against employee employment status, AD group status, and employee's access to applications.

CORTEX will then flag all violations to the respective cyber teams, owners, managers and other personnel for mitigation. CORTEX will then send a summary and detail report to audit administrators.

Outcomes

Once implemented, CORTEX delivered upon the agreed objectives ensuring compliance and governance was achieved.

The customer achieved more than  a 99% reduction in unauthorised access to accounts by leavers and movers

The customer also achieved more than a 99% reduction in costs. This was previously this was labour intensive, provisioning and deprovisioning, amending permissions. 

Importantly, the process became transparent, granting the infosec team full visibility of the SLAM process.

Lastly, security improved. The time taken to identify unauthorised access reduced from quarterly to real-time. and so intrusion and potential bad actors could be challenged or suspended immediately.