What is Access Control?
Access Control is the foundation of effective cybersecurity because it addresses the largest and most common attack vector - the user account. A comprehensive access control system for your ERP and database allows you to transform risk into an enduring competitive advantage. Access Control addresses both internal and external threats. The severity of risk for both categories is rising. On the one hand, malicious agents are always searching for soft targets and the sophistication of their attacks is increasing. On the other hand, a simple accident from a user with too much access to the system or database can all too easily turn into an existential threat to the company.
Investing in better Access Control is a practical way to eliminate the most serious consequences of security breaches and at the same time demonstrate better discipline, responsibility, and control to regulators and stakeholders. Access Control works hand in glove with existing internal accounting controls and reinforces critically important segregation of duties.
Why Role-Based Access Control (RBAC)?
Role-based access control sees system users being assigned roles and through these roles permissions needed to perform particular functions. This means that users are not assigned permissions directly, but rather acquire them through their assigned job function or roles. In Vista we create these roles using security groups. RBAC is one of the most efficient ways to manage access rights in an organization because it is granular enough to offer good security but not so granular that it becomes too complex to manage. The power of RBAC is its ability to address the three most common and costly issues with managing access rights, lack of transparency, inefficient manual administration processes, and keeping access rights updated, without compromising security.
In short, RBAC allows Administrators to efficiently create, change, or discontinue roles as the unique needs of an organization evolve over time. It's for these reasons that RBAC is becoming more and more common in cybersecurity. In fact, many of the premier technology companies in the world today, like Microsoft, Amazon Web Services, and Oracle use RBAC as the core of their cybersecurity architecture.
Creating Role-based Security Groups in Vista
The benefits of RBAC far outweigh the costs but the initial design and implementation is a complex process. The transition to the new security groups can also be challenging because changing user access levels always carries a risk of cause disruptions to workflow and can also be extremely frustrating for users.
Olsen consulting has created a suite of risk analysis and user behaviour tools that overcome these challenges and facilitate a swift, error free, and uneventful transition to role-based security groups. Our approach to creating high quality role-based security groups in Vista breaks down into four steps:
1. Audit
We audit your current security groups to identify gaps, hidden risks, and to determine baseline user activity. We also provide a risk profile for every program in Vista and provisions that prevent or mitigate common types of accounting fraud.
2. Design
We use user activity data, company organizational structure, and the existing security groups to design new security groups. We aim to reinforce segregation of duties, simplify and clarify workflow for users, and increase the effectiveness of fraud prevention and mitigation measures.
3. Support
We support the transition to the new security groups. We gather feedback from users along the way and use that information to further refine and/or augment the new security groups. We guide the company through the implementation process and minimize disturbances to regular operations.
4. Monitor
We provide reports, documentation, guides, and monitoring tools that make administering the new system and keeping it up to date simple and routine.