Our product was installed in SITA, a world’s leading air transport communications and information technology with 4700 employees and operations in 197 countries, covering 95% of all international destinations.
Each year SITA’s Internal Audit department reviews multiple applications worldwide in accordance with ISO27001 standards and their internal controls. A large part of this review is focused on validating User Access Control, including credentials and entitlements. The auditors undertake a manual process to review 4700 employees with their managers, then work with Security Teams and Help Desks to modify access. This process must be repeated every three months.
A client attempted to send emails to management listing their direct reports, including permissions they have. The managers had no choice but sort through the listings manually, then proceeding in a follow up with the Security teams with necessary changes to be made.
Rarely were they completed to the fullest extent. Some managers took their own time to update. Meanwhile, the entire tracking mechanism was manual and inefficient. Additionally, they had to complete the User Access Reviews every three months. It was difficult to track on an ongoing basis via spreadsheets. Once the updated spreadsheet was sent to the Security team, there arose again a list of manual tasks to go through each employee record and update the Help Desk team to modify the user access.
The client determined there had to be a more effective solution, so they began the search for SaaS solutions that would help in auditing the credential and entitlement reviews. There were some IAM solutions that obtained the credential and entitlement reviews in their solution, but the solution overall was quite costly and it would take 18-24 months to deploy.
Client found the SecurEnds solution met their requirements to audit User Access Reviews. They started with a PoC and found it extremely easy to implement, populate and run test campaigns. They took the leap and deployed a QA version, proceeding with constructing a production version. They partnered with Internal Audit to ensure it would meet their requirements and were surprised as to how quickly they could implement our solution within the entire organization. They gave their Internal Audit the role of Auditor so they could pull all the campaign reports themselves for all their application audits.
Client runs quarterly CEM campaigns for all their end points. The solution has been accepted by the Managers and the Executive team. They understand the importance in removing the unnecessary access to reduce the risks associated with the applications they access and manage. Additionally, if Internal audit wanted to see specific access for an application, the reports were readily available.
Since they must adhere to different regulatory rules, having CEM was beneficial in providing the evidence required to meet those standards. It demonstrates the commitment to credential and entitlement reviews.
Our Client now has several external Auditors, including Deloitte.
This Client also used our product to control costs for their internal SaaS solutions where they had several user licenses for other products. Our product helped them to consolidate the number of optimal licenses they need and helped them decrease the cost of other product licenses.
The CEM solution from SecurEnds has provided our company with a solution that enables us to pass internal and external audits for access control. We don’t have to use spreadsheets, emails and many hours of manual review to complete our credential and entitlement reviews. Plus, we reduce our risk exposure by deleting unused accounts every quarter.