Automate access, privileges, processes and resources to improve HR, whilst enriching information security
Automated Human Resources is business critical.
The Human Resources proposition for automation is focused on the use cases which help you manage the data, applications, and other resources that people will have access to whilst engaged on CSP business. They may be direct employees, contractors, vendor personnel, other suppliers and potential suppliers working on POCs. From visitors to everyone else, the systems ecosystem that your organisation uses can involve many people, but the majority of burden will be from your employees, joining, leaving, changing roles or just needing new privileges, and this is how we help you on this page.
As part of the CSP’s employee onboarding activities, tracking the approval and allocation of appropriate resources (Resource Allocation) is critical; this will include physical resources such as access cards, mobile phones, and laptops as well as logical resources such as software licences, phone services, and email addresses. Typically, the type and level of resources or access will be assigned based on the employee’s role and contractual agreement.
To correctly provision resources, access is commonly required across multiple departmental systems from HR and contract management to Facilities Management and IT. Some assets may have additional considerations when allocating (Data Centre assets, sensitive code, access to IP or commercial agreements) where speed in both deploying and when appropriate withdrawing, is critical.
Geographically distributed workforces mean it is imperative to deliver the correct physical and systems resources when required, this minimises lost man days and improves employee experience (EX) of the onboarding process. When the responsibilities of the employee change as they move roles, their allocation rights may also change – new resources may need to be assigned, and existing ones returned.
Faults, service issues, and complaints of poor service quality may also be reported to the contact centre by the customer. The contact centre can initiate a series of service-specific diagnostics to establish whether or not there is an issue with either the customer’s service, any CPE they have, or the shared network infrastructure.
When the employee leaves employment with the CSP, all their assigned assets should be returned to the CSP, and any access rights to internal applications revoked.
As some of these costs can be very high (Car Leases, High specification IT assets) or these assets need to be sensitively deployed (Data Centre assets, Sensitive codes, Access to IP or Agreements), resource allocation must be considered and governed closely, and better still quickly provide and withdrawn as needed.
The IT-related assets assigned to the employee must be maintained in accordance to the CSP’s technical, business, and IT Compliance policies. Ensuring that your IT estate and network are configured in line with your business and technical standards, as well as with vendor recommendations, is a critical cybersecurity defence.
Organisations’ defined compliance checks should be applied at the device level, scheduled, and executed to determine pass/fail status and to apply auto-correction and remediation where necessary.
Regularly scheduled audits can identify potential vulnerabilities and relevant software security patches and configuration updates can be automatically applied and validated To maintain accurate data integrity Inventory system records require updating in real time to align with actual device configuration status. IT Compliance is intrinsically linked to Resource Compliance with processes also part of wider Service Assurance and Lifecycle Management propositions.
Devices can be monitored for irregular, unauthorised, or unlawful use and the identification of such incidents can initiate disciplinary or training actions for the employee. Recording and maintaining an accurate inventory of company assets, is essential, especially with IT assets, to be able to demonstrate real-time or near real-time IT security compliance as part of ongoing audit functions.
User Access Management use cases ensure that access to systems and data is controlled and maintained on an as-needed basis. User access rights must be reviewed as employees join and leave the company, but also as they move roles or have changes in responsibilities. CSPs must ensure requests are made by authorised, authenticated personnel who can specify employee access within role based or user specific parameters.
Approvals and validation of requests should be captured and recorded, and data mapped to the user within the relevant systems such as Active Directory. Changes in roles and responsibilities also require access to systems and data review, notifications from HR or departmental managers require validation of current access status and amendments were necessary.
Access to systems and data is controlled and maintained on an as-needed basis. User access rights must be reviewed as employees join and leave the company, but also as they move roles or have changes in responsibilities.
Offboarding of employees is a critical process, often not highly prioritised but which without prompt action can leave organisations exposed to inadvertent or malicious activity if access is not retracted.
Contractors and suppliers may also have a need for access which must be approved, audited, and revoked as appropriate.
Ad-hoc or temporary access updates, for example, sharing departmental resources for a project, or users placed on secondment in a new team, may require an alternative but similarly controlled process to stand up and stand down user access.
To achieve this CORTEX applies controlled system access management configuration changes which are active in less than two minutes from update.
Completing regular audits on which users have access, and ensuring that such access is necessary and sufficient – and revoking it when necessary – is a key capability in reducing cybersecurity attack surfaces.
It is also fundamental to comply with legislation and corporate governance including ISO/IEC 27001 and Sarbanes-Oxley (SOX). CORTEX has delivered a 99% reduction in audit costs, increasing both operational efficiency and savings.
Electronic Access Control ensures that your staff and contractor staff only have access to the appropriate physical locations and is a key aspect of physical security. Just like logical access rights, physical access rights must be reviewed as employees join and leave the company, but also as they move roles or have changes in responsibilities.
For example, access may be granted initially to a new employee to access the Network Operations Centre, but no access to Data Centre facilities until their role deems it necessary.
Physical access to sensitive areas such as Secure Operation Centres (SOCs) may be governed on a needs-only basis, and requested, enabled, and disabled with the same processes as Access Management.
Contractors and suppliers may also have a need for access which must be approved, audited, and revoked as appropriate. Running regular audits on which users have access, and ensuring that such access is necessary and sufficient – and revoking it when necessary – is a key capability in reducing risk of security breaches.
Physical access to sensitive areas such as Secure Operation Centres (SOCs) may be governed on a needs-only basis, and requested, enabled, and disabled with the same processes as Access Management. Contractors and suppliers may also have a need for access which must be approved, audited, and revoked as appropriate. Running regular audits on which users have access, and ensuring that such access is necessary and sufficient – and revoking it when necessary – is a key capability in reducing risk of security breaches.