Implementing Controls for Exceptional/Super User Access

It is not possible to eliminate all access policy conflicts where exceptional access needs to be granted to users to support business requirements.  Emergency access enables a business or IT personnel to resolve problems in a timely manner within key business operating and transaction systems.  When these situations occur, organizations need to deploy a set of risk acceptance approval processes that consists of automated compensating controls to manage and monitor these situations across both applications and databases. This requires continuous monitoring activities for:

  • Developing an access monitoring road map that focuses on highly sensitive data and systems
  • Implementing a risk acceptance process for granting exceptions to users who require noncompliant access for approved business reasons
  • Applying compensating monitoring controls for users with exceptional access (capture and review access activities associated with exceptional access to demonstrate compliance)
  • Limiting the length of time that a user has exceptional access privileges

Traditional access management frameworks are based on fixed prescriptive mechanisms commonly centered on identity credentials, with centralized policy, centralized alerting and manual supervision. These fixed access control systems are not dynamic and do not provide the automation to scale to meet the needs of today’s business operating realities.

Automated SoD controls monitoring approaches vary in what timeframe they provide monitoring insight (after the fact) and most are not able to enforce fine-grained access risk monitoring in a preventative control fashion (example – navigating to a data table that has sensitive information on personnel). Most approaches are after the fact log file analysis that requires the business to review activity logs once the emergency or SoD access has completed. The problem with this approach is that it doesn’t put entitlement activities in a context that makes it easy for business managers to understand what the risk is and what financial impact the access risk has introduced (example – number of SoD transactions processed).

Greenlight Technologies provides an adaptive, real-time, context-aware access control monitoring solution that is able to monitor a set of rules for risk activity analysis in the moment that access is occurring (risk adjusted super user access control).

This approach provides a dynamic risk prevention and mitigation capability that analyzes access behavior activities in real-time to determine when the access exceeds the scope of what is required by an exceptional user to accomplish the specific task that created the need for SoD monitoring. This creates a risk decision point that can dynamically change how the risk control operates (prevents an action from occurring and logs the activity for supervisory review or can terminate the exceptional access and shuts down an exceptional user’s session).

Learn more about Greenlight’s approach for Emergency & Super User Access monitoring.