Fraud and other compromises happen when malicious users are able to bypass internal controls. This typically means that a user has too many access rights to systems and applications, for example acting as both a requester and approver for a transaction. More generally, businesses assume risk when users have many and/or elevated access rights. Users with the ability to harm an organization are sometimes legitimate and unavoidable, but these circumstances should be quantified, justified and monitored.
Hitachi ID Identity Manager helps organizations to define and enforce policies to block users from assuming too many privileges:
- A powerful segregation of duties policy engine allows organizations to define controls, prevent users from acquiring new violations and detect users who either had pre-existing violations or acquired violations outside of the IAM system.
- Risk scores empower organizations to rank users by how much risk their access rights pose and focus additional controls and surveillance precisely on those users that can cause the greatest harm. This makes it possible to focus limited audit and control resources where they will have the greatest impact.
- Periodic reviews of user access give stake-holders an opportunity to identify no-longer-needed access rights, and so reduce overall risk.
Effective controls minimize the opportunities for both intentional accidental harm.