Segregation of Duties is the act of separating a process so that one person alone cannot complete the transaction by themselves. For example one user should not be able to create a supplier/vendor and then pay that supplier. The risk is that the user could create a fictitious supplier and pay them, when the payment goes to the person's bank account.
The challenge with segregation of duties (SoD) within Enterprise applications is their sheer scale, thousands of permissions and settings that alone or combined introduce risk if not managed properly.
Here are some examples:
* JD Edwards EnterpriseOne has over 60,000 objects that can be secured.
* Oracle ERP/HCM Cloud has over 9,000 Privileges, hundreds of Data Security Policies and Profile Options.
* Salesforce has hundreds of permissions and thousands of fields.
The first step if your organization is running these large applications is to translate the risks you or your auditors state need to have controls built around. How do you sift through all these permissions to identify what needs monitoring?
The second step is to identify the effectiveness of controls around these risks, what users have SoD conflicts?
The challenge is trying to find these issues within applications, but also across them. Many processes are spread across applications, and so getting these answers is even more difficult.
From here things get 'subjective', should these users being reported on be allowed to keep their access or should it be removed?
If it is to be kept, a compensating control needs to be documented and tested for effectiveness.
Seecuring provides 'out of the box' SoD and Sensitive Access rules, or for new applications that you need to be assessed, a rapid onboarding process. This ensures results can be delivered to you rapidly.
Detective and Pro-Active testing of your application controls ensures that you can maintain a healthy and secure environment.
There is no software to install, and services ensure that alongside the results you get the opportunity to get the required assistance to resolve your issues.
Seecuring combines the power of services and software to bring the most complete solution for solving those tough access problems.
To discuss your requirements, you can schedule a call with us: