The auditor is to an enterprise what Internal Affairs is to a Police Department. Tops of the Christmas card list, first guy or gal invited to happy hour. OK, so some of that is part-and-parcel of your job as the internal cop for your company. But SCUID can at least help make your job easier – by making the IDM aspect of what you need your company to do much, much simpler. With all of the information you need at your fingertips, your next audit will be quick and painless – so you’ll have time for a beer with your “suspects” and show them how cool you really are.
Because SCUID has already been intimately involved in provisioning (and deprovisioning) or reconciling your company’s users, you always have access to an up-to-date report on all the access rights of all your users. You don’t need to bother anyone to run an audit or pore through spreadsheets or application logs. You can even figure out how they got that access, who approved/recertified it, and why.
Recertification / Attestation
In spite of knowing who-has-what, you know you need to get people to eyeball it from time-to-time. SCUID lets you run scheduled and ad-hoc processes that require people to go through a recertification process. You can configure different processes for different applications or groups of users, even creating different processes based on the risk classification or categorization of the entitlements using simple tags. For each one you can specify the frequency (quarterly, annual, ad-hoc) and the approver (every manager and/or every designated application or entitlement owner). SCUID automatically notifies anyone that needs to perform recertification and its innovative design makes it easy for them to figure out what they need to do and just get it done. This may not make them like you more, but it will make them hate you less.