Overview
In case of financial institutions, it is expected that entitlements in any system to be set after appropriate approval only. For this very purpose during the first decade of the 2000s (around 2008), most of financial institutions have introduced some kind of IDM system that supports request and approval of user entitlements, and generally (but not everywhere) implemented automatic provisioning for the main systems. But for less relevant systems the approved entitlement changes are sent by email and applied manually by the system administrator.
In the case of such offline systems the approved and actual granted entitlements and their differences (incorrect settings) are checked and corrected typically on a quarterly basis. In the meantime these possible deviations and – perhaps unauthorized – access rights are controlled only by the system administrators. This is a serious risk a compliance problem for the organization.
With CreaSys YourEasySec, we provide a simple, read-only connection for offline systems and – in addition to the functionality of an IDM system – a continuous, quasi-online entitlement audits.
For details...
…please send us an email to info@creasys.hu requesting the complete document.