...
A company would like to have risk management in place to prevent people from getting toxic combinations of access that could be a risk to the company. For example, a person might get access to create a purchase order as well as access to approve the same purchase order. This is a toxic combination of access and is a potential risk for a company.Given the sensitive nature of many organizational IT
resources and the complexity of current regulatory and oversight initiatives, they are maintaining the transparency of "who has access to what, where, and when" in a readily available format requires more than just following the path of an audit trail layered with page after page of reports. Although these are indispensable to any compliance strategy, employing an "after-the-fact-only" approach to resource security can prove to be disastrous, as many recent insider breaches have shown. Therefore, to minimize the risk, for all the risky accesses, we should be able to certify and recertify on a regular basis that the access is still needed. For example, is this user account still needed? if a user has already resigned from the company, the user account should not be active. These kinds of potential risks are checked and minimized with the help of recertification at regular intervals.
EmpowerID provides a powerful Attestation and Recertification platform that gives any organization the ability to take a more proactive approach to rectify potential security issues before they occur through crafting EmpowerID Audits and Recertification Policies.
...