Managing Access via Self-Service Requests
A global professional services firm with 60,000 employees needed to streamline key IT processes like access management, as well as reporting and audit, which required too many manual steps. The firm also wanted to utilize self-service capabilities for access requests.
The global IT team used StealthAUDIT® and its Access Information Center (AIC) to achieve these objectives. With StealthAUDIT’s out-of-the-box reports, global IT team members gained visibility into their Active Directory users and groups—and access to their critical resources. This insight helped the team deploy AIC workflows to manage access via self-service requests.
By providing this capability to the business units, global IT can now better monitor and control access across the organization. The team can also enforce a least privilege security model because business units make changes in the AIC, rather than in Active Directory. This approach empowers the data custodians to truly own their data—and control and review access themselves—rather than go through IT processes that may slow things down. It also drives more process efficiencies, accountability and compliance for both global IT and the business units.
Currently, the company is managing 10,000 AD groups in the AIC and has handled over 6,000 self-service access requests. By the end of 2017, the firm anticipates having 50,000 AD groups in the AIC—with the AIC managing all access to applications and file shares.
The ability to model access and membership changes before they go into effect is invaluable to the company. It enables the global IT team to test the impact of permissions changes and make needed adjustments ahead of time.
Other benefits of automated access provisioning include:
- Increased staff productivity and process efficiency
- Improved security with better access visibility and control
- Enhanced ability to identify and remediate unstructured data
- Enriched user experience
The company is investigating more ways it can leverage StealthAUDIT and the AIC.
Entitlement Reviews for Active Directory and File Systems
In addition to using StealthAUDIT to manage all access to applications, the company also wants to use the solution as its primary compliance platform. It plans to have the business units perform quarterly entitlement reviews to ensure employee access matches current job roles—and any inappropriate or access rights are removed. The global IT team would maintain an audit trail with reports showing what users have access to and how they’re using that access.
Local Administrative Reviews
The global IT team is looking to move its current administrative access reviews to StealthAUDIT/AIC. The aim would be to keep local administrative access in compliance by reviewing local group membership and membership changes and remediating the overprovisioning of admin access, stale/disabled accounts with admin rights and ‘backdoor’ local user accounts with local admin access—all using the same tool and workflows.
Stale File Cleanup and Reclamation
Since the business units pay for storage, they try to remediate stale data and files to reduce their footprint and keep costs low. However, the remediation process is manual and labor-intensive—with few standard procedures or compliance controls in place. STEALTHbits offers data clean-up capabilities so global IT can have the business units remediate stale data using self-service in the AIC.
About STEALTHbits Technologies, Inc.
STEALTHbits Technologies is a data security software company focused on protecting an organization’s credentials and data. By removing inappropriate data access, enforcing security policy, and detecting advanced threats, we reduce security risk, fulfill compliance requirements and decrease operations expense.
Identify threats. Secure data. Reduce risk.
- Professional services firm with 60,000 employees needed to automate access control, reporting and reviews
- Business units use self-service requests to manage groups and access
- Company benefits from improved security, efficiency and cost effectiveness
- “We’re planning to make the AIC the self-service platform for access to all our applications and shared folders.”