View
223
Download
0
Category
Preview:
Citation preview
PwC 2
Key messages Access Management issues
How AccessAble can help you
SummaryPurchasing AccessAble
Contents
1 2 3
4 5
PwC
Key messages
13
Weak IT access controls cost Société Générale $7.2 billion.
The case should prompt you to rethink how you balance IT security with employee access to critical systems.
“
”CIO Magazine
Access Governance as a Service
PwC
AccessAble gives you the confidence to know whether the right people in your business have access to the right applications – at all times
• Quickly and cost effectively give you the confidence to take control of your access management risk:
• Developed in response to our clients across the globe expressing frustration with the cost, time and effort of developing their own solutions or the market alternatives.
• AccessAble can help you:
• Improve your security
• Reduce your management overhead
• Protect your reputation
• Reduce your risk efficiently
• We are not a technology company – we have developed AccessAble to solve real client problems, quickly and cost effectively.
4
PwC’s assurance and access management expertise
Market-leading technology
Pre-configured cloud-based tool means you are up and running quickly, scaled to your business’ needs
Access Governance as a Service
PwC
Access Governance Issues
25
Insider threats represent one of the most significant information security risks.
“”
Ponemon Institute
Access Governance as a Service
PwC
What issues are organisations facing?
Access Governance as a Service
6
• Are my processes working correctly?
• How much is it costing me to test and monitor the JML process?
Governance
• Who owns the Joiner-Mover-Leaver process?
• Do I know which are my critical applications?
Ownership
• Do I know who has access to what?
• Do I know who poses an ‘insider threat’?
Access risk
• Can I easily identify employees, contractors and third parties?
• Is access terminated in tandem with contract expiry/termination?
Identity
PwC
How AccessAble can help you
37
Much time is spent on protecting the external threat…
…but the internal threat can be even larger in terms of risk to the company.
“
”Bearingpoint
Access Governance as a Service
PwC
PwC’s AccessAble
Access Governance as a Service
8
What is AccessAble?
• Combining PwC’s audit experience with the market leading technology
• PwC hosted
• Intuitive web interface
Why a hosted service?
• On premise can be
• Costly
• Complex
• Long delivery timescales
How does this solve your issues?
• A clear record of access
• Embedded monitoring
• Generic account usage
• Simple to use business interface
• Risk scored accounts
PwC
How does it work?
Access Governance as a Service
9
What are the levels of functionality?
Where is my access governance data?
How do my users interact with the service?
What support do we get post go-live?
• An industrialised solution based upon best practice COBIT and Sarbanes-Oxley guidance.
• Users receive alerts if there is a policy breach.
• The ability to undertake user and application re-certifications
• The service is run from a PwC data centre.
• Each client has their own secure and individual instance
• Minimal systems integration to lower risk and minimise startup time.
• Secure acquisition, transfer and storage of client’s identity data.
• Flexibility
• The service is presented as if it’s ‘on-premise’ with access to a dashboard that is secure, easy to understand and use.
• All staff
• Ad-hoc reporting
• Revision to the service will reflect changes to the regulatory market.
• Uses the world’s leading technology
• A service desk is provided to log calls (either break-fix or service / training assistance).
PwC
Let’s look in a little more detail
Access Governance as a Service
10
Inventory ofuser access
Good practiceaccess policies
Generic account identification
User recertification
User risk profiling
Inventory of user access across your application
estate.
Repository of up-to-date access related policies
aligned to CoBiT
Rapid identification of generic accounts and
whether they are actively used.
A user re-certification process which allows
management to evaluate the appropriateness of
user access on a regular basis.
A risk profiling facility which allows
identification of high risks users for specific
treatment
Policy violation detection facility which provides
alerts to breaches of access-related policies.
PwC
Benefits of AccessAble
Access Governance as a Service
11
Reputation protection
Taking advantage of simpler access governance processes tied to automated management and reporting tools delivers greater security at lower cost.
Reduced overhead
Reducing the risk of major losses through data breaches and protecting your reputation.
Improved security
Minimising the opportunity for inside attacks through mistakes, misuse or malicious activity by managing user access and using effective controls.
1AccessAble is a lower-risk route to identity governance, charged on a pay as you go basis, with the delivery of the return on investment at least six months quicker than a typical on-premise solution.
Having a second line of defence to identify what needs to be controlled and who owns it lowers your operational costs, while taking a risk-based approach ensures greater reporting efficiency.
Risk-managed access
Lower risk, lower financial outlay
2
3
4
5
PwC
Alternatives to AccessAble
Access Governance as a Service
12
Build your own Use PwC’s serviceDevelop an on-premise
service
Scalability
Repeatability
Early value realisation
Drives business
ownership
Cost Efficient
Timeliness Scalability
Repeatability
Early value realisation
Drives business
ownership
Cost Efficient
Timeliness Scalability
Repeatability
Early value realisation
Drives business
ownership
Cost Efficient
Timeliness
PwC
Purchasing AccessAble
413
While employees remain the most cited source of compromise, incidents attributed to business partners climbed 22%
“
”Global State of Information Security Survey - 2016
Access Governance as a Service
PwC
A tried and tested approach to rapid deployment
Information gathering
• Identify processes and policies
• Establish the criteria for high risk users
• Nominate applications
Configure and test
• Deploy baseline instance into service
• Configure standard instance
• Acquire data and undertake data acquisition rehearsals
• Penetration testing
• Stress testing
Design
• Data collection
• Risk scores
• Policies
• Processes
• Access security
Deploy
• Initial data import
• Switch on live instance
• Enable live user access
• Commence Maturity phase
14
Access Governance as a Service
PwC
Pricing
Access Governance as a Service
15
• On-board up to five applications
• Agree which controls and policies to monitor, definition of recertification processes
• Setup will take no longer than three months
• Setup costs waived for five year contracts
Rapid setup
• Monthly per-user fee with discount for increased user estate
• Five year contract as standard, although four and three years available
• Support included
Recurring
• Menu based pricing for various activities e.g. update policy, add new applications, etc.
Ad-hoc
PwC
AccessAble gives you the confidence to know whether the right people in your business have access to the right applications – at all times
• Quickly and cost effectively give you the confidence to take control of your access management risk:
• Developed in response to our clients across the globe expressing frustration with the cost, time and effort of developing their own solutions or the market alternatives.
• AccessAble can help you:
• Improve your security
• Reduce your management overhead
• Protect your reputation
• Reduce your risk efficiently
• We are not a technology company – we have developed AccessAble to solve real client problems, quickly and cost effectively.
17
PwC’s assurance and access management expertise
Market-leading technology
Pre-configured cloud-based tool means you are up and running quickly, scaled to your business’ needs
Access Governance as a Service
Recommended