I was driven to write this short article due to a recent visit I made to a large bank that has been using TSS for over 20 years. This short questionnaire is designed for Top Secret administrators and Security Directors.
Below, you will find Eurekify’s average statistics for some of the questions.
1. Do you know how many dead accounts you have in your TSS system?
2. Do you know how many dead transactions you have in your TSS system?
3. Do you know how many dead profiles you have in your TSS system?
4. Do you know how many profiles have exactly the same users, or overlap in 80%? Would it be interesting to try and merge a few of them?
5. Do you know how many profiles provide access to exactly the same transactions or data sets, or overlap by 80%? Would it be nice to try and merge them?
6. Do you know how many users have direct access rights to transactions (not via a profile)? In addition how many direct links does each user have? Would you like to get this detailed report?
7. Do you want to quickly figure out profiles to which direct access rights may be assigned?
8. Do you know how many users have “dual access” rights to transactions (i.e., via a profile as well as directly)? How many dual links does each user have? Would you like to get this detailed report?
9. Do you know how many users have out-of-pattern privileges to profiles or direct access rights? For example, analysis of HR attributes and other access rights may reveal people that moved to a new job, but retained access rights.
10. Over the years, you have probably established a few “rules” to govern the distribution of access rights in your TSS. Do you want to automatically verify that these rules are upheld?
11. Your auditors probably ask you to implement a few other rules such as segregation of duty and other constraints on the assignment of privileges, especially to sensitive and high-risk transactions and data. Do you want to automatically verify that these rules are upheld, and to be able to easily provide them with a report that proves so?
12. Would it be nice to be able to answer complex queries on access rights with a few clicks in a visual browser?
On a higher level:
1. Would you be interested to design and implement a role-based access control (RBAC) framework within TSS across TSS and other enterprise platforms?
2. Would you be interested to establish and manage a governance, risk, and compliance management framework within TSS and across TSS and other enterprise platforms?
Eurekify estimations for an average TSS:
# of dead accounts: 5%-15%
# of dead transactions: 10%-40%
# of overlapping profiles: 30%
# of users that have direct access rights: 50%
# of users that have out-of-pattern access rights: 20%-40%
For TSS, we built a special connector that makes it easy to run an initial evaluation in a matter of 3-5 days. You will usually start to see substantial results in the FIRST day.
Let me know if you want a demo on your own TSS system.
Ilan Sharoni
http://www.eurekify.com/
