GLB, meanwhile, restricts financial institutions' ability to share consumers' personal information, both with other companies and within the organization. EUA products help meet these requirements by providing audits and controlling employees' access to critical customer data. For example, a bank employee in a loan-processing department can see an applicant's data but can't get information about credit-card applicants. Setting up these rights correctly is critical, both to comply with the law and to keep public trust.
Just think of the negative publicity and loss of consumer confidence that follows a security breach. Many large auditing firms (KPMG, for example) require public companies to pass an information security audit or risk having the failure noted on their SEC filings. There's no legislated financial penalty, but shareholders don't like to see such things.
By providing centralized management of access and resource allocation, companies can ensure that strict security policies are followed and identify when access is granted outside the normal processes. This is the basis of provisioning products and can reduce the chances of employees being granted unnecessary access that may breach security policies.
Automating Process Workflow
We've all suffered through manual processes that depend on undocumented phone calls, e-mail or interdepartmental routing of paper-based forms to provision employees. These methods can be time-consuming ("Sorry, the person who handles that is on vacation this week") and error-prone ("I wasn't sure if that box was checked so I didn't create the account"). Auditing is nearly impossible.
An EUA solution addresses these problems with a workflow component that manages the communication and sequence of required approvals to speed the process. Once approved, a request can be routed to an administrator for action or acted on automatically by the EUA package. The workflow component might provide a Web-browser interface that lets users and security administrators track the request and provide e-mail notification whenever the request is awaiting approval or action, when it has been acted upon, and if it is declined at any stage.
Many EUA products include in their workflow solutions an escalation procedure that allows for backup approvals of resources and access requests if the primary authority is unavailable or fails to deal with the request quickly. Requests, therefore, are handled within the organization's designated time frame, minimizing productivity loss while the employee waits for the request to be approved or denied.
The ROI Factor
Perhaps the prospect of paying $250,000 in fines and forwarding your mail to a federal penitentiary isn't enough reason to consider an EUA solution. Or perhaps HIPAA and BGL don't apply to your organization. In that case, you'll need other justification for the purchase of one these admittedly pricey systems.
A good EUA solution offers password self-service. If the product lacks this feature, don't buy it. Some products also offer configurable attribute self-service, which lets a user update his or her name, address and marital status without spending time filling out paper forms and routing them through HR.
Most EUA solutions can provide a relatively fast ROI simply through those self-service features. Because the solution provides centralized management and can synchronize with all the disparate systems across your enterprise, it's simple to let end users change and synchronize their passwords across applications, databases, directories and servers.
RSS
