As part of my blog on the top five concerns around managing access risk, last week we looked at concerns around improper systems access leading to loss from fraud or error. This week I discuss how to best manage emergency access to systems.
Emergency access to systems, without the proper controls and auditability
Emergency access to production systems is a fact of life. For example, performance troubleshooting or configuring a setting which cannot be transported, such as number ranges, or debug access.
A requirement always exists to meet immediate business needs when a role cannot be developed in time.
GRC Emergency User Access provides a balance between business requirements and the need to exercise internal control. Typical emergency processes are frail and do not stand up to audit scrutiny (e.g. no audit trail, approval occurs after the fact). EUA enforces a robust and auditable emergency access process.
This is very quick to implement. We recently implemented Emergency Access at a client in two weeks. Feedback from client was:
- One of the smoothest IT implementations they had seen
- Easy to use
- Will be of great benefit to the support team.