Client's challenge
After enduring several security breaches, this leading manufacturer realized that if it continued to rely on a fragmented and inconsistent user management process, it could not be certain that the many users accessing its systems were authorized and legitimate. Critical systems control issues not only stood between the corporation and Sarbanes-Oxley compliance, but also highlighted the company’s need to pursue remediation in the context of an overall security plan.
PricewaterhouseCoopers Advisory solution
PricewaterhouseCoopers (PwC) Advisory was retained to help the company respond to the latest incident, identify the source of the breach and put a plan in place to mitigate risk from similar future events. As part of a much broader initiative assisting the company’s CIO in developing an enterprise security plan, PwC Advisory helped design and implement an identity management solution across the client’s key applications to resolve the user access and audit-related issues. We identified and helped deploy a centralized user management system that gave the company a single access control process to add, modify or delete users across all financially significant applications. In addition to other capabilities, the centralized system gave the company the ability to request network ID and email accounts, modify access rights associated with transfers according to security policy and instantly disable user accounts upon termination.
Impact on client's business
As a result of this work, the company resolved its compliance issues related to user access and potentially unsatisfactory audit findings. This was achieved primarily by automating user provisioning and de-provisioning for financially significant applications, and by establishing a documented, auditable process for provisioning employees and contractors. Since the initiative, this client has added additional internal user groups to ensure that only the intended users are accessing its critical financial applications. At the same time, by streamlining and automating what was once a three-day, manual process for adding new accounts, the company has improved customer service.
