Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Cloud Compliance Use Case Demo


Published on

Demonstrate identification and root cause analysis of operational error with Cloud Compliance Identity and Access Assessment (IdAA) solution.

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

Cloud Compliance Use Case Demo

  1. 1. Cloud Compliance Identity and Access Assessment (IdAA) Use Case Demo, Oct 2009
  2. 2. Identity and Access Assessment <ul><li>Excess entitlements typically increase over time </li></ul><ul><ul><li>Primary cause is employee transfers, role changes </li></ul></ul><ul><ul><ul><li>Prior entitlements often maintained through transition period, then fall through the cracks </li></ul></ul></ul><ul><ul><ul><li>New transfers often provisioned with rights of most-entitled employee in new department </li></ul></ul></ul><ul><ul><li>But human error and operational issues also lead to excessive access rights, virtually impossible to detect – without Cloud Compliance </li></ul></ul><ul><li>Identifying excessive access rights is only part of the solution </li></ul><ul><ul><li>Fault isolation and root cause identification are essential to remediate underlying processes </li></ul></ul><ul><ul><li>Cloud Compliance provides complete solution for identification and remediation of excessive access rights </li></ul></ul>
  3. 3. How does IdAA work? <ul><li>Access audit owner visits Cloud Compliance site </li></ul><ul><li>Browser-based wizard guides owner through automated data collection process </li></ul><ul><ul><li>Which resources to audit </li></ul></ul><ul><ul><li>Access rights </li></ul></ul><ul><ul><li>Login history/logs </li></ul></ul><ul><li>Data uploaded to secure Cloud Compliance site </li></ul><ul><li>Compliance assessments provided within minutes </li></ul><ul><ul><li>Management metrics </li></ul></ul><ul><ul><li>Trends, problem isolation and root cause analysis </li></ul></ul><ul><li>Integrating IdAA into access control processes can eliminate audit findings for excessive access rights and other access control issues </li></ul>
  4. 4. The Excess Rights Dashboard The Excess Rights Dashboard presents a multidimensional view of least privilege compliance by showing the recent trend as well as a breakdown by application, by group or department, and by user.
  5. 5. The Excess Rights Dashboard This view presents FFIEC audited applications for a financial services firm. Resource views can be defined for specific audits – FFIEC, SOX, PCI, internal, etc.
  6. 6. The Excess Rights Dashboard Access control assessment results are indicated for each dimension: time; resource; group or department; and users. Trends and problem areas are easily identified.
  7. 7. The Excess Rights Dashboard Scale-independent metrics measure performance along each dimension, and are the basis for objective-setting. Here, we look at dormant rights percentage to measure least privilege compliance performance.
  8. 8. The Excess Rights Dashboard Overall performance is tracked by the upper-left status indicator. In this case, 7% of accounts are dormant – higher than the 6% objective and therefore colored red.
  9. 9. The Excess Rights Dashboard This trend tells us that prior to Cloud Compliance being deployed, access controls were not performing well. Then, using our solution, dormant rights were significantly reduced. But dormant rights have jumped up this month…
  10. 10. The Excess Rights Dashboard In the Resource view, we see that Equity Trade is the likely source of this month’s increase in dormant rights. We can click on that application to see what’s going on.
  11. 11. Equity Trade We have now isolated Equity Trade from all other applications. Note that the Trend, By User Group and By User displays have all been updated to reflect the new view.
  12. 12. Equity Trade We see that the problem lies with the Bond Traders group. They have been provisioned with rights to Equity Trading that are now dormant. Let’s drill into the Bond Traders group to investigate.
  13. 13. Bond Traders Now we have isolated the view to Bond Traders with provisioned rights to the Equity Trade application.
  14. 14. Bond Traders We see that Bond Traders are broken into Executives and three Trader sub-groups. It looks like Executives have a business need, but the Bond Traders sub-groups don’t need access to the Equity Trade application.
  15. 15. Bond Traders In the User view, we see that these Traders all went dormant on the same day. If the dormant policy is 60 days, then they were all granted rights 67 days ago.
  16. 16. Bond Traders In this case, an HR admin granted these rights based on generic job descriptions. Mergers, layoffs, and ad-hoc rights requests often lead to the same result.
  17. 17. IdAA Results <ul><li>Identified access control deficiency </li></ul><ul><ul><li>Determined root cause </li></ul></ul><ul><ul><li>Knowledge to fix problem and underlying process </li></ul></ul><ul><ul><li>Avoid repetitive find/fix cycles </li></ul></ul><ul><li>Part of an ongoing management process </li></ul><ul><ul><li>Automated data collection, analysis and visualization </li></ul></ul><ul><ul><li>Before auditors arrive </li></ul></ul><ul><ul><li>No fire drills required </li></ul></ul><ul><li>Relevant metrics support informed management decision-making </li></ul>
  18. 18. Thank You! <ul><li>For further information, contact Cloud Compliance: </li></ul>Cloud Compliance, Inc. 1250 Oakmead Pkwy # 210 Sunnyvale, CA 94085 (408) 501-8812 [email_address] Blog: