Manually on-boarding user with email communication

The hiring Manager, Human Resources (HR) team and Information Technology (IT) team are always in constant email communications to ensure on-boarding process is done one time before employee joining date. This on-boarding process includes entry into Human Resources Management Systems (HRMS), HR then pass the information to IT, so that IT team can create access to set of systems which is deemed as default access for all employees such as network login (typically Ms. Active Directory) and email systems or employee portal.

Manually sending email with information HR and then to IT team to create access not practical and here’s why:

  • Sending email on required access for employee may not be efficient, and always error-prone
  • Information may not be received on-time and may be incomplete, – required access may not be created on-time
  • Sending access credentials (id and password) via email to manager or employee may not be safe
  • Employee may not be productive due to delay in access creation
  • Access may not be created appropriately – wrong or excessive access

Off-boarding employee manually without proper access record

Off-boarding of employee access from enterprise applications and infrastructures always pose threat when no proper record maintained for access issued right from day one of employment. Added to complexity is the access creep, which happens gradually and in an unmonitored way when granting permission to individuals or roles over an identity lifecycle.

Why manual removal of access right is not practical:record what was issued from day one, and ad-hoc basis;

  • No access certification or rubber stamping of access removal during exit process;
  • Removal of access rights may not be complete, especially when the user account and employee name are not similar in nature;
  • Access cannot be removed on timely manner and some access may be left behind for many reasons;
  • Risk of insider threat when other employees or manager takes ownership of leavers account

Spread-sheet based manual access right review not practical

Access right review, attestation or access certification (re-certification) are no longer new buzz word in the industry. Most of the organization today, in one way or another need to perform user access review for critical applications to address regulatory or audit requirements.

Manually tabulating access matrix information in spreadsheet, exported from various target systems, correlating them against users and generating entitlement review report is no longer practical.

Here’s why it’s not practical:

  • Access matrix data not updated on time for review
  • Not able to export beyond user accounts and group information
  • Normalising the data take effort, cumbersome and error prone
  • Manual review, sign-off and remediation process is time-consuming

Paper-based or excel-based password check-out for Privileged Users

Password for privileged and sensitive accounts across many target systems and applications has been kept in the envelopes for many years. When required for maintenance work, these passwords are requested manually and approved via mail, and finally password with envelopes will be given to the requestor. Today instead of manual envelopes, passwords are kept in the spreadsheet and managed the same way.

Managing the privileged accounts manually or using spreadsheet, rotating the passwords and updating the spreadsheets on daily basis is tedious, time-consuming and no audit trails for the actual usage of this privileged accounts.

Here are more reasons why paper-based or manual password check-out not secure and practical:

  • No proper audit trail for privileged account request, reasons, approval and usage
  • Lack of audit trail for the usage of the privileged accounts
  • No remote monitoring capabilities if the work is done remotely
  • Lack of privileged account usage review

Managing file and folders manually not practical and tedious

Unstructured documents (files) and folders in the Microsoft Windows Files Server or Microsoft Sharepoint Servers grows significantly over times. Analyst predicts that these documents grows between 65-75 percent every year across all enterprises.

New files and folders created on daily basis and to make the numbers worst, each of these existing files being copied and shared. There are large number of duplicate files with different time-stamp and version. Controlling access to unstructured data is becoming difficult, complex and un-manageable.

Here are why you may not be able to manually manage the folders and files in your enterprise manually:

  • No record of who have access to what across folders and files
  • Lack of access control and authorization for files and folder access
  • No insights into orphan, dormant and duplicate files and folders
  • Not able to assign ownership and data classifications
  • Lack of access request, approval, review of access and audit trail for all files and folders