The client is a subsidiary of a large and diverse conglomerate, one of the largest equipment and service providers for the Oil and Gas industry. It is faced with the task of mitigating security risks and managing and reviewing access to the geographically distributed and technically diverse inventory of applications. The existing process was manual, unwieldy, inefficient and limited to only a subset of the applications and servers. The audit process was time-consuming and relied on the Application and Networking team; therefore, it was prone to resource and time constraints. The entitlements were being pushed to the Audit team.
The BuzzClan Solution
The BuzzClan recommendation is to shift the task of retrieving the user listings from the Application teams to the Audit/ Access Review team, and then implement an efficient and scalable automated solution. This ensures the accuracy, completeness and timeliness of the user listings and mitigates the risk of stale data. BuzzClan worked with the Application owners and Technology teams at the client site to understand the existing process and technological profile of each application. They consolidated the existing manual process into deployable automation agents for the respective applications.These agents are reusable entities which can be configured to connect to the application instance via appropriate service accounts and
can be controlled via a centralized Business Process Management (BPM) dashboard. The agents are capable of querying the underlying security schema and extract the users, roles, resources and the entitlements for the application. The BPM process integrates these responses into a standard harmonized schema. This schema presents a reportable data-mart which is presented to the auditors as a set of reports and dashboards with rich filtering, drill-down, and drill-through capabilities. The reporting system also allows for an event-based notification system capable of broadcasting various reports and alerts to a set of recipients. The BPM tool is presented to the Audit team and becomes the command center to initiate on-demand
pull of entitlements from all or a set of applications at a time.
“BuzzClan delivered a solution that empowers us to ensure timely completion of our access review process and also expand our footprint to all applications and servers. The Oracle BPM solution gives us greater control and better accuracy to our review process. We are already seeing the improved efficiency which is even more pronounced with our global (non-US) applications where we faced coordination issues before.”
– Senior vice-president of IT Security Audit