As part of my blog on the top five concerns around managing access risk, last week we looked at concerns around improper systems access leading to loss from fraud or error. This week I discuss how to best manage emergency access to systems.
Emergency access to systems, without the proper controls and auditability
Emergency access to production systems is a fact of life. For example, performance troubleshooting or configuring a setting which cannot be transported, such as number ranges, or debug access.
A requirement always exists to meet immediate business needs when a role cannot be developed in time.
GRC Emergency User Access provides a balance between business requirements and the need to exercise internal control. Typical emergency processes are frail and do not stand up to audit scrutiny (e.g. no audit trail, approval occurs after the fact). EUA enforces a robust and auditable emergency access process.
This is very quick to implement. We recently implemented Emergency Access at a client in two weeks. Feedback from client was:
- One of the smoothest IT implementations they had seen
- Easy to use
- Will be of great benefit to the support team.
Turnkey Consulting is helping to make the world a safer place to do business by specialising its expertise across Integrated Risk Management, Identity and Access Management, and Cyber and Application Security. We provide business consulting, technology implementation and managed services to help customers safeguard their application environments - protecting critical ERPs (such as SAP, Oracle and MS Dynamics) and wider enterprise systems.
Since we began in 2004, we've been working with organisations committed to raising the standards of security, compliance and risk management. We believe in sharing what we learn and challenging convention with innovative and disruptive thinking - all with the aim of moving our industry forward.