Introducing Firefighter Capabilities for Ariba
Greenlight ResQ for Ariba
Firefighting capabilities such as compliant emergency access and support are now available for Ariba with Greenlight ResQ for Ariba. This solution provides end-to-end access lifecycle management for super users including access request, approval, credentialing, and activity auditing for chosen business applications.
Fast and Compliant Emergency Access
Numerous situations arise where an organizations needs to grant “super-user” access to employees under unusual circumstances. These are instances of “exceptional access” that fall outside the user’s typical job role or responsibilities and will typically create access policy violations that need to be highly supervised. Despite the need, access privileges that create risks, such as segregation of duties conflicts, need to be mitigated and requires the maintenance of an audit log of all super-user access activities in order to satisfy regulatory compliance requirements.
Examples of temporary super-user access include:
- Employees not in the accounting role that need access to post journal entries to assist with the close of the fiscal quarter in order to meet SEC reporting deadlines
- Employees in the accounts payable role that need permissions to pay vendor invoices, in addition to having permissions to post invoices for payment, due to a staffing shortages with personnel out on leave
- Contractors that need temporary access to update information in the HR system where highly sensitive information on employees resides
- Developers that require access to the ERP production system to troubleshoot a performance problem.
Requests for non-standard super-user access to core business systems in emergency situations that fall outside the standard, structured process for access-provisioning create unacceptable compliance gaps and risk exposures that will draw audit scrutiny. How can organizations balance the need to provide exceptional access to maintain the “speed of business” without circumventing access-control barriers that compromise compliance objectives or the integrity of transactions and master data?
Monitoring Super Users
The solution provides end-to-end access lifecycle management for super users using a closed-loop process for request, approval, credentialing, activity monitoring and auditing within business systems.
- Comprehensive, standardized approach that automates and manages super-user access requests, approvals, ID issuance, and revocations
- User-status indicators notifies IT security or application administrators when ResQ IDs are in use
- Streamlines the temporary/emergency access request and fulfillment process using defined emergency access provisioning roles
- Policy rules for monitoring for high-risk activities of temporary/emergency super-users
- Intuitive, business-friendly user interface
- Simplifies audit preparation and reporting for exceptional access
Comprehensive Firefighting for Ariba
Greenlight ResQ offers an efficient, consistent, structured and compliant process for granting temporary, highly privileged access. It offers a well-controlled environment for providing emergency or highly sensitive access that is performed either on an ad hoc basis by IT personnel or by business users, or scheduled activities that need to be restricted within a production system.
The solution enables temporary users to perform emergency activities outside the parameters of their normal role, within a fully auditable environment. Users are granted access via temporary ResQ IDs or by emergency access provisioning roles set up in Greenlight ResQ.
Once the ResQ IDs are in use, management or IT security is notified and user activities, as well as changes within the system, are tracked providing management and auditors with a complete audit trail. It reduces risk by monitoring for deviations from carefully predefined access policy rules, which enables an organization to spot any misuse of temporary access privileges and immediately respond to these risks.
- Consistent, compliant, secure process for controlling super-user access across multiple systems
- Fully documents reasons for exceptional access
- Independent system of record to prevent audit-trail manipulation
- Complete audit trail of all super-user activities with no performance impact or overhead to the target application
- A complete, centralized system that eliminates one-off provisioning
- Eliminates the use of shared system and database administration passwords in IT
- Strengthens compliance, reduces access risk as well as access administration and auditing costs