Upload
others
View
4
Download
0
Embed Size (px)
Citation preview
THE MARKET LEADER ACCESS ORCHESTRATION SECTION DESCRIPTION
© Pathlock. All rights reserved. 1
DynamicsCon 2021
Make SOX Compliance A Breeze with Cross App Superpowers
THE MARKET LEADER ACCESS ORCHESTRATION SECTION DESCRIPTION
© Pathlock. All rights reserved. 2© Pathlock. All rights reserved. 2
Today’s Presenters
Kevin DunnePresidentPathlock
Anand KottiDirector of Customer Solutions
Pathlock
THE MARKET LEADER ACCESS ORCHESTRATION SECTION DESCRIPTION
© Pathlock. All rights reserved. 3© Pathlock. All rights reserved. 3
Our Customers
Trusted by the world's leading enterprises, governments, and
auditors
The market leading platform for Access Orchestration.
Our Integrations
User monitored for our customers
Business activities monitored for our customers
Employees around the world
Typical ROI achieved by customers through automation,
automation, reduced costs, and minimized risk exposure
exposure
Users governed for our customers
Millions
Business activities monitored for our customers
Billions
Employees around the world
130+
Typical ROI achieved by customers through automation,
reduced costs, and minimized risk exposure
4-7x
COMPANY OVERVIEW
+ 140 others
4© Pathlock. All rights reserved.
4
Management-driven
formal assessment of
internal controls
Executive officer
responsibility for financial
reporting
and internal controls
External audit on
effectiveness of ICFR and
financial statements
Remediation for any
issues or weaknesses that
are discovered
SOX 404 and 302 compliance requires …
© Pathlock. All rights reserved.
5
SOX Compliance and Financial Control Programs Cost Big Money…
Cost Center Annual Cost
Generating, reviewing, documenting User Access Reviews (UARs) $250k
Productivity lost due to manual access provisioning $600k
Internal sample testing of controls $1.4M
Tooling to gather data for audits (IGA, PAM, audit, data analytics) $1.0M
External audit costs to document and retest controls $500k
Single occurrence of fraud $1.5M
Cost of a failed audit $3M
Loss due to inefficiencies in business processes (POs overpaid, invoices duplicated, supplied goods not invoiced , time wasted) $50M
TOTAL ANNUAL SPEND $58.5M
6© Pathlock. All rights reserved.
But these compliance programs aren’t very effective…
Average enterprise loses 5% of
annual revenue due to fraud.(ACFE)
Market drop
$3.5B
Poor privileged access controls
led to material weakness
IT General Controls
Loss
6.7%
Material weaknesses required
prior year’s restatement
ICFR
Loss
$103M
Lack of oversight allowed ethics
officer to embezzle
Fraud
Cost to resolve
$54M
Poor controls caused lack of visibility
into inventory
Multiple ERPs
~20% disclose material
weaknesses or significant deficiencies
every quarter.
(Pathlock)
Half of all fraud cases
involve internal control
weaknesses. (Center for Audit Quality)
F100 RetailerF500 Food ServiceF500 MachineryF1000 CPG
THE MARKET LEADER ACCESS ORCHESTRATION SECTION DESCRIPTION
© Pathlock. All rights reserved. 7
Real-time Connection
ERP
Cloud
Legacy
Enterprise Systems
ALL APPLICATIONS
Connect to Applications
“Can Do” Analysis
Access Analysis
User Access Review
Access Management
Emergency Access
ALL USERS
Govern User Access
“Did Do” Analysis
Segregation of Duties
Business Processes
IT General Controls
Data Security & Privacy
ALL ACTIVITY
Monitor Business Transactions
Quantify Risk
Financial Reporting
Information Technology
Industry Requirements
Anomalous Activity
ALL RISKS
Prioritize by Impact
ALL THE TIME
Secure your users, applications and data and prove it to the worldAutomate Segregation of Duties (SoD) and Data Security policies across 100s of cloud and on-premise systems
PLATFORM
THE MARKET LEADER IN ACCESS ORCHESTRATION • Better: comprehensive view of all entitlements, allowing for real time risk analysis and centralized user access review flow
• Cheaper: decrease user access review labor by 90%+
• Better: simulate and quantify risk of any separation of duties conflicts in real time
• Cheaper: decrease risk from roles by 50%+
• Better: identify and track changes to application configuration or master data
• Cheaper: decrease preventable data loss by 30%+, while increasing compliance
• Better: complete, real time view of all transactions across all financially relevant systems
• Cheaper: decrease controls testing labor by 95%+
User Access Reviews
Compliant Provisioning
Segregation of
Duties
Continuous Controls
Monitoring
Emergency Access
Management
ConfigurationManagement
• Better: complete audit reporting for all user elevations and termination of suspicious sessions
• Cheaper: reduce manual provisioning and audit labor by 80%+
• Better: automatically provision down to the privilege level with no delay
• Cheaper: decrease onboarding delays and zombie accounts by 95%+
THE MARKET LEADER ACCESS ORCHESTRATION SECTION DESCRIPTION
© Pathlock. All rights reserved. 9
Solution Overview
THE MARKET LEADER IN ACCESS ORCHESTRATION
© Pathlock. All rights reserved. 10
Business RolesSingle RolesDerived RolesComposite RolesEnabler Roles Custom Roles (Z*)Authorization Objects
RolesDutiesPrivileges Permissions
The number of software apps deployed by large firms across all industries world-wide has increased 68% over the past four years, reaching an average of 129 apps per company. Reference Link
“Performing periodic SOD analysis is time-consuming. Cross-platform SOD is not feasible without automation. We know we are risking compliance failure and we do not have a choice” - Head of Internal Audit
“The rise in the use of the Privileged Access functionality is causing our organization to see a huge spike in unaudited logs and they go unchecked “– Firefighter Controller
“When employees move departments and new roles are added and old roles are removed. When internal auditquestions about the audit trail, it turns out be a nightmare when we are dealing with thousands of users across platforms“ - Director of Business Applications
THE MARKET LEADER IN ACCESS ORCHESTRATION
© Pathlock. All rights reserved. 11
+ 140 more apps
Identify Sync
Repository Sync
OOTB SOD Risks Custom SOD Risks
SOD
*SOD Analysis (Ad Hoc)*SOD Analysis (Campaign)
Admin/Campaign Owner
SOD
User Security AttributesApp #1-NEntitlements Roles Functions
User Identity Attributes Location ProjectBusiness UnitPosition “N
Remediate Mitigate
Trigger a workflow within Pathlock Platform to deprovision
Create a ticket in external ticketing system.
Send an alert to App owner to Analyze the risk and deprovision within Pathlock Platform
Reporting to support internal and external auditors show the security poster of the app
Accept the risk with a reason code
Enable Continuous control monitoring
Detailed reporting access violations – Who , What, When and How.
Reporting to support internal and external auditors show the security poster of the app
SOD Analysis
User Attribute Source
THE MARKET LEADER IN ACCESS ORCHESTRATION
© Pathlock. All rights reserved. 12
Workflow Privileged Access Management
Identify Sync
Repository Sync
Provision
Monitor
• Assign or provision time bound privileged access to Enrolled Asset
• Set-Up Deprovisioning policy for violations
Prevent
• Set-Up Alert -Policy
Admin/Campaign Owner
User Security AttributesApp #1-NEntitlements Roles Functions
User Identity Attributes Location ProjectBusiness UnitPosition “N
ID Based
Role Based
Audit
• On-demand self serving audits on all activities performed using this access
Approve
• Ability to handle requests from 3rd party Apps
• Support any Business App for provisioning
• Prevent any fraudulent activity
Privileged Access Management
+ 140 more apps
User Attribute Source
THE MARKET LEADER IN ACCESS ORCHESTRATION
© Pathlock. All rights reserved. 13
Workflow UAR- User Access Reviews
Identify Sync
Repository Sync
Business Roles *UAR by Business Role*UAR by Technical Role
Technical Roles
User Security AttributesApp #1-NEntitlements Roles Functions
User Identity Attributes Location ProjectBusiness UnitPosition “N
Revoke Approve
Trigger a workflow Pathlock Platform to deprovision
Create a ticket in external ticketing system.
Send an alert to App owner to Analyze the risk and deprovision within Pathlock Platform
Reporting to support internal and external auditors show why the access is revoked
Detailed User attributes info available to make decision process seamless – Who , What, When and How.
Approve and certify the access
Audit reporting to support internal and external auditors to show why the access is approved
Business Role
Technical Role
Admin/Campaign Owner
User Access Reviews
+ 140 more apps
User Attribute Source
THE MARKET LEADER IN ACCESS ORCHESTRATION
© Pathlock. All rights reserved. 14
Analyze
Identify Sync
Repository Sync
Security Analyst
User Identity Attributes Location ProjectBusiness UnitPosition Manager“N
User Security AttributesApp #1-NEntitlements Roles Functions “N
Real-time sync of User Activity
Security Automation & Access Enforcement
Security Controls
Multiple login failuresCross platform Login attemptsLocation Downloads Dormant AccountsAmount (AP)Encryption
“N
AnalyzeExtract Respond
Alert Notifications
Audit Reports
Incident Investigation
Access Enforcement
Third-Party integrations
Sync
+ 140 more apps
User Attribute Source
© Pathlock. All rights reserved.
15
Pathlock can automate SOX Compliance saving $ and preventing risk:
Cost CenterWithoutPathlock
WithPathlock
How Pathlock Helps
Generating, reviewing, documenting User Access Reviews (UARs) $250k $25k Automated, easy-to-consume reviews surface exceptions
Productivity lost due to manual access provisioning $600k $0Instant, “what-if” provisioning streamlines access checks at point of provisioning
Internal sample testing of controls $1.4M $0 Testing is automated and continuous
Tooling to gather data for audits (IGA, PAM, audit, data analytics) $1.0M $250kAll systems are integrated and data is aggregated for a complete picture
External audit costs to document and retest controls $500k $250k Evidence and documentation are already complete
Single occurrence of fraud $1.5M $300k Risk of insider fraud is greatly reduced
Cost of a failed audit $3M $0 Risk of audit failure is eliminated
Loss due to inefficiencies in business processes (POs overpaid, invoices duplicated , supplied goods not invoiced , time wasted)
$50M $25M Processes are more efficient and cash is preserved
TOTAL WITHOUT PATHLOCK → $58.5M $25.8M TOTAL WITH PATHLOCK
THE MARKET LEADER IN ACCESS ORCHESTRATION
Comparing Pathlock with Other MSFT Dynamics Solutions:
Capabilities Built in to Dynamics365 Other Solutions Pathlock
Compliant Provisioning • Limited to Dynamics365 • Limited to Dynamics365
• Provision with specific privileges automatically, across systems
• Direct integration to IGA (Azure AD, Sailpoint, etc.)
Segregation of Duties• Access level conflicts only• Limited to Dynamics365
• Limited to Dynamics365 + small number of applications
• Privilege level conflict management along with risk quantification
• Cross application SOD rule set, supporting 140+ applications
User Access Reviews
• Single application• No ability to deprovision
directly• No workflow management
• Limited to Dynamics365 + small number of applications
• No ability to deprovision directly
• Automate workflow on ad-hoc and scheduled cross app UAR
• Deprovision directly upon UAR
Emergency Access Management • N/A• No monitoring or logging of user activity• No ability to terminate suspicious
sessions
• Monitor and log all user activity in privileged user sessions
• Rules to auto-terminate suspicious session
Continuous Controls Monitoring • N/A• No ability to monitor non-SOD
transactions
• Identify and quantify actual violations of SOD risks
• Monitor business processes and find trapped cash and ITGC’s
Configuration Management• Only available at object
level• Only available at object level
• Audit trail of all configuration and master data changes
• Real-time alerts on suspicious behavior
THE MARKET LEADER IN ACCESS ORCHESTRATION
© Pathlock. All rights reserved. 17
Fortune 1000 Apparel company leverages Pathlock to provide cross application governance in a heterogeneous
environment
Feedback
Monitor all transactions for internal control failures, improve visibility and exposure to areas of
key risk to facilitate audit reporting and documentation
Key Criteria
Implement a cost-effective, cloud-based solution that will minimize complexity in their digital
landscape as they continue to connect a diverse set of applications
Background
SAP ECCMSFT Dynamics365Manhattan Warehouse System
Systems
$2.8B US D (2019)
Revenue
8,900
Employees
Sportswear
Products and Services
Apparel
Industry
USA
Fortune 1000 Manufacturer
With existing technology investments
like SAP Access Control to minimize
time to value and maximize ROI
Integrated
Compliance that grows
with the business
Sustainable
Financially relevant
business applications
10+Transform fragmented approach and siloed processes for access governance into a centralized and
standardized enterprise model
Replace a mostly manual control environment to improve audit and compliance efficiency through increased automation and a single pane of glass for access risk, compliant provisioning, user access reviews, and emergency access
Pathlock was selected over other solutions for breadth of integrations available (only vendor to
support Manhattan Warehouse), depth and volume of use cases (SOD, ICFR, ITGC) across all
financially relevant applications
THE MARKET LEADER ACCESS ORCHESTRATION SECTION DESCRIPTION
© Pathlock. All rights reserved. 18
Want to learn more?
Head to pathlock.com
© Pathlock. All rights reserved.
19
In summary, Pathlock can automate SOX Compliance saving $ and preventing risk:
Cost CenterWithoutPathlock
WithPathlock
How Pathlock Helps
Generating, reviewing, documenting User Access Reviews (UARs) $250k $25k Automated, easy-to-consume reviews surface exceptions
Productivity lost due to manual access provisioning $600k $0Instant, “what-if” provisioning streamlines access checks at point of provisioning
Internal sample testing of controls $1.4M $0 Testing is automated and continuous
Tooling to gather data for audits (IGA, PAM, audit, data analytics) $1.0M $250kAll systems are integrated and data is aggregated for a complete picture
External audit costs to document and retest controls $500k $250k Evidence and documentation are already complete
Single occurrence of fraud $1.5M $300k Risk of insider fraud is greatly reduced
Cost of a failed audit $3M $0 Risk of audit failure is eliminated
Loss due to inefficiencies in business processes (POs overpaid, invoices duplicated , supplied goods not invoiced , time wasted)
$50M $25M Processes are more efficient and cash is preserved
TOTAL WITHOUT PATHLOCK → $58.5M $25.8M TOTAL WITH PATHLOCK