Webinar feb 16 2017 Learn to Streamline User Provisioning process in Oracle Apps with workflows.

  • Published on
    22-Jan-2018

  • View
    71

  • Download
    0

Transcript

1. Leverage Technology: Turn Risk into Opportunity Risk and Compliance Financial Reporting Internal Audit Controls Catalog Application Security Advanced Analytics A Leader in Risk Based Enterprise Controls Management Solutions Copyright . Fulcrum Information Technology, Inc.Give me a lever long enough and a fulcrum on which to place it, and I shall move the world - Archimedes LearntostreamlineUserProvisioningprocessinOracleApplications withworkflows Monthly Educational Webinar Series Adil Khan, Managing Director Feb 16, 2017 2. www.fulcrumway.comPage 2Copyright FulcrumWay Streamline User Provision in Oracle Apps Introduction User Provisioning Overview Access Policy Compliance Oracle User Security Assignment Self Service User Provisioning Process Case Study Q&A Agenda 3. www.fulcrumway.comPage 3Copyright FulcrumWay Streamline User Provision in Oracle Apps Introduction User Provisioning Overview Access Policy Compliance Oracle User Security Assignment Self Service User Provisioning Process Case Study Q&A Agenda 4. www.fulcrumway.comPage 4Copyright FulcrumWay FulcrumWay Insight Global Thought Leadership Oracle Cloud London Feb 1-2 GRC Round Table, London, UK Educational Webinar Mar 23rd Continuous Controls Monitoring Oracle Cloud Australia March GRC Round Table, Sydney, Australia Collaborate 17 April 2-6 Las Vegas GRC Open House Educational Webinar April 20th Internal Audit Management with Advanced Control Analytics Oracle Open World October 1-5 Mascone West, San Francisco, CA Gitex October 8-12 GRC Round Table, Dubai UAE Oracle UK Users Group December GRC Round Table, Birmingham, UK Oracle Connect Africa October GRC Round Table, South Africa Proven Expertise 5. www.fulcrumway.comPage 5Copyright FulcrumWay FulcrumWay Client StudiesSuccessful Track Record Government Oil and Gas Healthcare Communications Financial Services Transportation Natural ResourcesManufacturing Retail High TechMedia/Entertainment Life Sciences 6. www.fulcrumway.comPage 6Copyright FulcrumWay Streamline User Provision in Oracle Apps Introduction User Provisioning Overview Access Policy Compliance Oracle User Security Assignment Self Service User Provisioning Process Case Study Q&A Agenda 7. www.fulcrumway.comPage 7Copyright FulcrumWay Current Challenges Portal Email Help Desk Provisioning Paper form IT Admin User Provisioning Process Process Hundreds of user add, change, deletes requests every day Inconsistent, ad-hoc and manual processes platform dependent Disparate provisioning tools and workflows Many human touch points: business managers, help desk, IT, etc Challenges No consistent policy enforcement No common controls or audit trail Very difficult to ensure compliance and assess risk 8. www.fulcrumway.comPage 8Copyright FulcrumWay #1 area requiring remedial action User Access Common Source of Internal Abuse A Top Focus for IT Audits Gartner survey: 44% of IT audit deficiencies are IAM-related Ernst & Young: 7 of Top 10 control deficiencies relate to user access control PROTECTED Information Entitlement Creep Accumulated privileges Potential toxic combinations Increased risk of fraud Privileged Users Users with keys to kingdom Poor visibility due to shared accounts Rogue Accounts Fake accounts created by criminals Undetected access and activity Data theft, fraud, and abuse Orphan Accounts Poor de-provisioning High risk of sabotage, theft, fraud User Provisioning Process 9. www.fulcrumway.comPage 9Copyright FulcrumWay Streamline User Provision in Oracle Apps Introduction User Provisioning Overview Access Policy Compliance Oracle User Security Assignment Self Service User Provisioning Process Case Study Q&A Agenda 10. www.fulcrumway.comPage 10Copyright FulcrumWay Role Definition Privliges 10 Access Policy 11. www.fulcrumway.comPage 11Copyright FulcrumWay Components of access policy 11 Source: Fusion Applications - Role Based Security, Kiran Mundy, Nigel King, Oracle Fusion Access Policy 12. www.fulcrumway.comPage 12Copyright FulcrumWay Responsibility Form Complicated Security Model High Risk of Access Control Deficiencies Menu Function User Evaluate User Access Test by User Test by Privilege Manage Segregation of Duties Identify incompatible Privileges Predefined & Extensible SOD Rule Sets Access Policy 13. www.fulcrumway.comPage 13Copyright FulcrumWay Compliance Checklist Inability to translate corporate governance into actionable IT policy Segregation of Duties Data Privacy policy Access Controls Testing Email or spreadsheet-based Human error, inconsistencies Data is hard to obtain, missing No ability to manage identity through a business lens Lack of transparency IT / Identity data not understood by the business Management Control Assessment q Is ERP system access protected? q Do we conform to access policy? q Are we responding to risk Incidents? Access Policy 14. www.fulcrumway.comPage 14Copyright FulcrumWay Streamline User Provision in Oracle Apps Introduction User Provisioning Overview Access Policy Compliance Oracle User Security Assignment Self Service User Provisioning Process Case Study Q&A Agenda 15. www.fulcrumway.comPage 15Copyright FulcrumWay Oracle EBS Access ProvisioningUser Security Assignment OracleEBSUser PasswordPolicy Userisassigned totheHRRecord Active/Inactive User Oneormore responsibilities assignedtoa User AResponsibility hasmanyMenus andSub-Menus Menuhasmany functions/ forms 16. www.fulcrumway.comPage 16Copyright FulcrumWay User: John Doe Responsibility: Payables Manager, US Menu: AP_Navigate_GUI12 Submenu: AP_Invoices_Entry Function: Invoice Batches User: Mike Jones Payables Users Responsibility: Payables Supervisor Responsibility: Payables User Menu: UK_AP_Navigate_GUI12 SubMenu: AP_Invoices_Entry SubMenu: AP_Invoices_GUI12_G Menu: AX_Payables_User Responsibility: Payables Supervisor Responsibility: Payables Manager, US Responsibility: Payables User Access Policy Violations are costly to remediate after provisioning What if we exclude Invoice Batches from AP_Invoices_Entry? Root Cause Analysis is required for remediation! User Security Assignment 17. www.fulcrumway.comPage 17Copyright FulcrumWay Self Service User Provisioning in Oracle Introduction Identity Governance Overview Access Policy Compliance Oracle User Security Assignment Self Service User Provisioning Process Case Study Q&A Agenda 18. www.fulcrumway.comPage 18Copyright FulcrumWay 19. www.fulcrumway.comPage 19Copyright FulcrumWay Risk Based Approach to Access Management User Provisioning Process Provisioning Life-cycle Self Service Actions Policy Evaluation Tacking& Reporting Regulatory Reporting Business Security Help Desk Users Risk Model ? Provisioning & Directory Access Analytics Roles Management Violation Monitoring Workflow for user provisioning process 20. www.fulcrumway.comPage 20Copyright FulcrumWay Self Service Access ManagementUser Provisioning Process Move from fragmented approaches to centralized visibility and control Automate identity controls and business processes A business-friendly layer linking business users and processes to underlying technology and technical users Actively measures and monitors risk associated with users and resources 21. www.fulcrumway.comPage 21Copyright FulcrumWay Self Service User Provisioning in Oracle Introduction Identity Governance Overview Access Policy Compliance Oracle User Security Assignment Self Service User Provisioning Process Case Study Q&A Agenda 22. www.fulcrumway.comPage 22Copyright FulcrumWay A Leading Global Auto Manufacturer Improves User Access Management across multiple ERP instances OurClient Aleadingglobalsupplierofdrivetrain,mobility, brakingandaftermarketsolutionsforcommercial vehicleandindustrialmarket Withmorethana100-yearlegacyofproviding innovativeproductstocustomersaroundtheworld Challenges ReplacemultiplelegacysystemswithoneERP solution ImprovedSegregationofDutycontrolswithin missioncriticalapplications MaintainconsistentERPsystemaccessrolesacross thesubsidiariesleveragingthesharedservices model IncreaseexternalauditorsrelianceonERPAccess ControlsMonitoring Solutions RolesManager/AdvancedSelfService Results: ReduceUserprovisioningtimebyidentifyingand eliminating80%manualstepsresultinginover$50,000 annualcostsavingsinAuditandRemediationCosts Createdaccesspoliciestoensurecomplianceduring userprovisioningprocess. LoweredERPTotalCostofOwnershipbyreducingSoD remediationtimeandcostsbyensuringthatallusersa assignedonlythepre-approvedRoles ImproveSoDandAccessControlstestingtimeby providingauditorstheaccesslogreportsshowingall Update,ReviewandApproveRoledesignchanges. AcceleratedERPAccessApprovaltimebyidentifying validSODconflictsbeforetheRolesareassignedto Users. Case Study 23. www.fulcrumway.comPage 23Copyright FulcrumWay User Provisioning Challenges DotheERPRoles meetrequirements forallusers? DoesUser provisioning preventsecurity policyviolations? Howdoyou monitorsuper- useractivities? Doyouobtainuser accessverification frommanagers, periodically? Howdoyoudetect SegregationofDuty policyviolations? Isaccessto sensitivedataand functions protected? Doyoumaintain audittrailonERP configuration controls? Canyouprevent unauthorized MasterData changes? Howdoyouensure thatterminated employeescant accessERP? Case Study 24. www.fulcrumway.comPage 24Copyright FulcrumWay A Risk Based Approach to User Provisioning User Registration Request Roles Add/ Update User Monitor Application Access Employee/ Manager List Network User List (AD) Test Access Policy Add/ Update Role Requesters / ApproversIS Security/ Audit/Compliance IS Security Active Employee Users iAccessRules Manager Workflow Application Administrator iAccess Rules ManagerDataProbe ETL Process Approval Request Dashboard Application Access Rules DataProbe ETL 25. www.fulcrumway.comPage 25Copyright FulcrumWay Discover User Activities and Improve Productivity Enhance security, improve helpdesk productivity, reduce support costs Analyze User Access Rights Design and Manager User Roles Configure Application Security Control Data Access Deploy Role Configuration Provision Roles to Users Grant Emergency Access (Fire Fighter ID) Certify User-Role Assignment Case Study 26. www.fulcrumway.comPage 26Copyright FulcrumWay SafePaaS CapabilitiesSOD Rules Can be developed or deployed from FulcrumWays Controls Catalogue 27. www.fulcrumway.comPage 27Copyright FulcrumWay UserRegistrationUser Provisioning 28. www.fulcrumway.comPage 28Copyright FulcrumWay UserRegistrationUser Provisioning 29. www.fulcrumway.comPage 29Copyright FulcrumWay UserRegistrationUser Provisioning 30. www.fulcrumway.comPage 30Copyright FulcrumWay UserRegistrationUser Provisioning 31. www.fulcrumway.comPage 31Copyright FulcrumWay UserApplicationRoleRequestUser Provisioning 32. www.fulcrumway.comPage 32Copyright FulcrumWay UserApplicationRoleRequestUser Provisioning 33. www.fulcrumway.comPage 33Copyright FulcrumWay UserApplicationRoleRequestUser Provisioning 34. www.fulcrumway.comPage 34Copyright FulcrumWay UserApplicationRoleRequestUser Provisioning 35. www.fulcrumway.comPage 35Copyright FulcrumWay AnalyzeERPRiskswithAnalytics Use Adhoc Reporting to establish scope, analyze issues, remove false positives and exceptions Risk Analytics 36. www.fulcrumway.comPage 36Copyright FulcrumWay SafePaaS CapabilitiesRoles Redesign 37. www.fulcrumway.comPage 37Copyright FulcrumWay Self Service User Provisioning in Oracle Introduction Identity Governance Overview Access Policy Compliance Oracle User Security Assignment Self Service User Provisioning Process Case Study Q&A Agenda 38. www.fulcrumway.comPage 38Copyright FulcrumWay Sign-up for FREE 14 Days EvaluationQ & A Register online to try out SafePaaS