Integrated Risk Management
Through the application of technology and automation, we'll help you manage your risks efficiently and effectively across the entire enterprise.
Identity and Access Management
We'll help you ensure everybody within your organisation has access to the right systems and data, for the right reasons, and at the right time.
Cyber & Application Security
Our experts will uncover security weaknesses within your security design and business-critical applications. Helping you protect your organisation from both internal and external threats.
About us
A group of passionate individuals with a shared purpose to help the world's leading companies embrace best practices for GRC and risk management.
Partners
Turnkey's strategic partner network consists of selected organisations that complement our capabilities.
Corporate Social ResponsibilityCSR
We are committed to being agents for change through our Climate Action Plan, championing diversity in our workplaces, and more.
Get in touch
We have operations in all corners of the globe, so see which office is nearest to you and connect with them.
Careers
We have operations in all corners of the globe, so see which office is nearest to you and connect with them.
Webinars & eBooks
All of Turnkey's webinars, guides and other insights available in one place.
Blogs
Read the latest insights from our experts on GRC and risk management, covering the latest industry topics.
Press Coverage
See all the publications where Turnkey, our experts and our successes have been noted.
Key events
See the key industry conferences on GRC, SAP security and risk management which we are attending.
Case Studies
Client satisfaction is of the utmost importance to us, and we strive to constantly deliver above expectations, going the extra mile at every opportunity.
FAQs
We've put together a comprehensive list of frequently asked questions - along with our responses - to the most common GRC and SAP security issues.
28 May 2020

How would an audit describe your privileged access posture?

In recent years ‘Privileged Access’, and how it is managed, has become a favoured hunting ground for auditors. With this in mind, how would an audit describe your privileged access posture?

Does your organisation have a definition of what is meant by the term ‘privileged access’? Would you know where all your privileged accounts are? Would your organisation be able to satisfactorily provide the answers to all of their questions?  Even if the answer is ‘yes’, how much effort is expended in being able to provide the evidence for those answers?

Privileged accounts provide administrative access to an organisation’s most critical assets and resources and, as with anything, the first step to controlling them is identifying them – but this is no simple task.

When you hear Privileged Access Management (PAM) it’s easy to consider just your just your financially critical systems, but in reality Privileged Accounts are spread far and wide throughout your organisation – business applications, ERP, databases, on-premise applications, cloud environments, endpoints (Laptops, Desktops, Servers), BYOD, DevOps, the list goes on.

But this first step doesn’t have to be so arduous. Tools like CyberArk’s Discover & Audit (or DNA) can help you to discover these privileged accounts before your auditors do.

DNA scans your organisation’s IT systems for vulnerable privileged credentials like passwords, SSH keys, embedded credentials and even those hard-coded, clear text credentials that are the life-blood of, sometimes critical, business applications. The scan also maps out and helps visualise, the systems they could gain access to, highlighting exactly how an attacker could capitalise if these vulnerable credentials were compromised.

Turnkey’s team of PAM consultants can guide you through the discovery process and help you make sense of the comprehensive results a DNA scan provides. Together, we can enable you to understand your current Privileged Access position, plan your next steps to mitigating your risks & tackle your vulnerabilities, and help put a business case together for a comprehensive reform of the way you manage your privileged access, keeping you one step ahead of the auditors!