By far, remote access is one of the primary considerations of our clients in these times of rapid change. In some situations, mass numbers of employees have been set up to connect remotely. The FFIEC IT Examination guidelines recommends employing the following measures (among others) to ensure security with regard to remote access:
Employing these recommendations during normal business operations is one thing, but how do you maintain tight control, continue audits, and keep track of who has access to remote applications when circumstances are frequently changing?
It’s a fairly common practice for organizations to enable remote access through a VPN in addition to using tokens as a way of establishing secure connections. Often, virtual desktop capability and other important applications are authenticated using Active Directory. Full access/permission reviews for all of Active Directory are common; however, when changes are happening so quickly, it’s not an ideal time to start an access/permission review for ALL of Active Directory. Still, many of our clients have security at the forefront of their minds and have talked about the importance of making sure that potential risks weren’t introduced in the midst of so many changes.
One solution to reduce the risk while still maintaining a certain level of sanity is to consider permission reviews that are specific to remote access. This provides the ability to find any potential errors that may have been introduced and reduces the risk of improper access to critical systems.
To create reviews that are specific to remote access:
2. Specify the AD group employees need for remote access:
3. Schedule automatic imports – let Permission Assist handle the updates for you! New data can be imported weekly, daily, or multiple times a day – just select the frequency and time that works best for you.
The application is ready for review! Creating a quick review specifically for your remote access application(s) saves time and helps you focus specifically on the changes.
Tip: If you want to focus on your critical applications, create a review using the “Choose a Priority” option and select the “Critical” priority. Permission Assist will automatically include any applications identified as critical.
Want a quick and easy way to track access outside of an official review? The Changelog allows you to quickly see whether access has been added, changed or removed.
User Changelog data can be exported in either Excel or PDF format.
These are the moments you’ve planned for, and you’ve got this. We hope these tips help save some time and reduce stress.
Active Directory is a licensed trademark of Microsoft Corporation. All other product names, trademarks, registered trademarks, and service marks are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, trademarks and brands does not imply endorsement.
Happy New Year!! As we review our memories of last year, we first want to thank all of our clients – those of you who have been with us from the beginning and those of you we’re just getting to know; we appreciate you all. We’ve enjoyed so many conversations, collaborations, and consultations that have resulted in valuable feedback.
As we take this feedback into an exciting vision for the future, we want to celebrate by ringing in the new year with a new release! Permission Assist version 4.9 emphasizes the ability to customize permission names, descriptions, and Taskboard options to help you further streamline the review process and shrink your permission reviews. This release also provides the ability to export Entitlement Role permissions (yes – we can already hear some of you cheering and we’re cheering right along with you)!
We work hard to ensure privileges are displayed in an organized way that is easy to understand. Still, there are times when privileges are given very general descriptions such as “Area 123” or “Customized Privilege”. This not only makes it hard for reviewers to understand, it also results in a long list of questions for you during a review.
For these cases, we wanted to provide a flexible way of allowing you to personalize these unique privilege names and descriptions. With the new Privileges tab (see picture below), you can add context by customizing privilege names and descriptions in a way that makes sense for your financial institution.
Depending on your organization’s review workflow, having the ability to reassign identities or supervisors may make sense for some Permission Assist users, but not for all. That’s why we’ve added a new set of options within the System Configuration area that allow you to decide which users see certain options during a review.
From the System Configuration, Workflow area, you can customize the availability of the following options:
You have a new employee starting Monday…
You have an employee transitioning to a new position within the bank…
How do you know which applications they should have access to and which privileges should be assigned? Many clients have a system for requesting an employee’s access be set up, but they want to prevent issues from the start and ensure that the permissions being assigned accurately reflect the person’s role.
With the new Entitlement Roles Details report you can provide guidance to supervisors, IT, and others to help ensure permissions are set up appropriately!
We’re wishing you all the very best this year, and we hope you enjoy this new release!
In Fargo, ND it’s already that time of year when leaves begin to change from various shades of green to those of red, orange, and yellow. Children of all ages get excited about the massive piles of leaves they can catapult themselves into. Managing the ever-changing organizational structures, job titles, user permissions and access reviews may not be quite as fun and exciting as catapulting oneself into a pile of leaves… but they can be so much easier with Permission Assist version 4.8. This new release provides a combination of features that are designed to further streamline the review process and help you manage ongoing changes to permissions across systems.
Let Permission Assist do the importing for you! All you need to do is have the import files saved to a consistent folder (either on the server or within a network folder that the server has access to), tell Permission Assist where the files are located, and then set the import schedule. Files will be automatically imported on the day and time specified.
With application alerts, you can receive automatic email notifications when user permissions for a specific application change.
We hope you enjoy this new release!
Permission reviews for applications that either have a large number of users or a highly complex set of permissions get a lot easier and faster after integrating that data into Permission Assist. And – since we prefer permission reviews that are easy, fast and not shaken or stirred – we’ve added several new application importers that are ready and waiting to help you shrink your permission reviews!
Here are the latest additions:
Finastra Decision Pro
Finastra PARC (Payments Archive and Research Center)
Fiserv Collections for Premier®
Fiserv Commercial CenterSM (Corporate)
Fiserv Compass for Popmoney®
Fiserv Intelligent Workplace
LexisNexis Bridger Insight® XG
Moody’s Analytics Lending Cloud
Online Banking Solutions (now Fiserv): Treasury Banking Suite
ProfitStars FactorSoft (formerly Cadence)
Schneider Electric Continuum
Street Resource Group (SRG) Warehouse Loan System
Stucky (William Stucky & Associates) ABLM.NET
TS Partners TranStar
Thank you to everyone who made requests and provided feedback on these importers. We hope you enjoy them!
All product names, trademarks, registered trademarks, and service marks are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, trademarks and brands does not imply endorsement.
You get a review, they get a review – everyone gets a review!!!! Simultaneous reviews are now possible with our latest release of Permission Assist version 4.7. Why conduct simultaneous reviews? Well, there are many reasons, but the one we like best is the one we’ve heard most from clients… flexibility!
Let’s say, as a general best practice, you typically conduct larger quarterly reviews with supervisors for non-critical systems. While that review is being conducted, one of the following happens:
Prior to version 4.7, you would have had to wait for the previous review to be completed before starting a new review even though the two (or more) reviews would have been conducted on completely different applications. With the added flexibility of simultaneous reviews, you can save time and stay more responsive to security needs as they arise.
As young man named Ferris Bueller once said, “Life moves pretty fast.” If you don’t stop and check up on outstanding review items once in a while, open reviews can drag on for what feels like an eternity. That’s why we’ve made it easier to see list of all reviewers that have outstanding review tasks as well as a list of their applications and the pending responses for each (see picture below).
With features that allow you to send email reminders – either to all reviewers at once or to a single reviewer – you’ve got everything you need to keep your review on track and running smoothly.
We hope you enjoy this new release!
We’ve been working hard to add features and enhancements that will help you continue shrinking your permission reviews.
Here are a few highlights in the Permission Assist 4.6 release…
Excel Exports – If you’ve ever wanted to export all identities, applications, privileges, conflicts, or even the current summary of a review (including all counts of pending, approved, and remediated items) – now you can! Simply click the Export button and you can view, sort, and Excel in whatever way makes you happiest all day long.
Import Data, Trending, and Diagnostics – One question our clients get asked more frequently during an audit is, “How do you know the information in Permission Assist is the same as the information in your application?” Another question clients often ask is, “From a security perspective, how do I know if new privileges have been added?”
We’ve made getting the answers to these questions even easier with improved import data and diagnostics. Now, you can quickly see a summarized list of each import along with the date, the number of users and the overall percentage of change when the import took place.
With more detailed views, you can clearly see new users, new privileges, and an overall percentage of change after each import.
Permission Assist tracks these changes with each new import so that, over time, you’ll start to see trends. If an import results in changes that go outside of that trend, you’ll know immediately.
In the event an error occurs during an import, the new Import Log allows you to see what happened so the issue can be corrected.
Need help solving the problem? We’ve made it even easier! Just follow the step-by-step instructions to create an encrypted diagnostic file (basically just click a button) and send it to our support team using our secure support portal. You’re support issues are our top priority so we’ll get on it as soon as possible!
Set ‘On Behalf Of’ Reviewers for Supervisors – If you have supervisors who don’t typically review the permissions of their direct reports or who may be out of the office during a review, the new ‘On Behalf Of’ feature allows you to either temporarily or permanently shift review responsibilities to another person.
Audit Multiple Active Directory Applications – Do you have multiple banks or other entities in your Active Directory application? If so, you now have the ability to set up multiple Active Directory applications allowing you to audit each individually.
We have gotten a lot of great feedback on these enhancements and we appreciate it! More great enhancements are planned for 4.7 and we couldn’t be more excited. Thank you to all of you who helped in this release!
As we march towards v5.0, we’ve continued to make serious investments in architecture and testing; ensuring the future releases on our roadmap are going to be great!
Permission Assist™ 4.5 has been a significant release for us to continue delivering the promise of shrinking your permission reviews. Here are a few highlights of the new features introduced…
Optional Security Team Reviews – Security team members can now be considered optional for a review. If a review item does not have any reviewers (that is, has no application managers nor supervisor) then responsibility falls back on a security team member. This is great for reviews where you only want an application manager to review a single specific application.
Reviewing Supervisor Reassignments– In version 3.5 we gave you the ability to reassign a review item to a different identity. We’ve had a number of different requests to enhance this functionality in a number of ways. As a result, now you have two new abilities: reassigning the reviewing supervisor and unassigned review items.
Common situations that lead up to supervisor reassignments: (1) the supervisor has left the company, and (2) the supervisor duties fall on an employee that does not participate in security audits such as C-level executives. With the ability to reassign temporarily or permanently no “work-arounds” are now needed. Unassigning the supervisor is a choice as well, and reviews that require supervisors will simply show it as not applicable.
Automatic Entitlement Roles – We’ve made building roles lightening fast in every sense of the word with better entitlement role building.
Simply select either an employee, directory group, or employee title. Using statistics the system will automatically suggest which applications and privileges should be used to review against. This is a HUGE time saver when asking the question “What privileges does this group of people have in common?”, or when attempting to build a role that encompasses the entitlements of a particular person…one click and you’re done! Your role will match all the identities based on your criteria, include the applications they have in common, and select the recommended privileges for you.
The software development team is very happy to finally deliver you this release as we can now focus on the “big picture” yet again. Thank you to all of our clients who helped in this release!
It’s a pleasure of ours to continue building the highest priority integrations our clients need. We know they are helping you save tons of time and helping to avoid errors in reporting. We’ve got a lot of changes coming for even more helpful plugin configuration, but until then here are the latest built specifically for the financial industry:
If we don’t have it, you only need to ask – if we haven’t proven it yet, we can integrate with anything. Bank identity access audits at lightening speed is what we are shooting for, so eliminate the task of parsing those permission reports!
Permission Assist™ 4.4 is finally here with a much requested new way to rank your application privilege reviews with some enhancements to our permission tracking.
Permission Risk Ratings – You can now track and report your high risk user privileges through our new risk ratings feature. By applying a criticality rank to your applications and/or permissions a new dimension is added to your reports. A much requested feature in 2018!
Improved Individual 360 Report – Easier search functionality to find individuals who were in a particular review, application, permission risk rating(s), or a combination of all. Create custom reports that have these filters applied to display just the information you are interested in.
Application Permission Report – Report on all the permissions within an application including their permission risk rating and overall usage. Find and filter custom reports based on a particular review, permission risk rating(s), or a combination of both.
The 4.4 release took a lot of time, attention, and testing due to the finer details to support risk ratings; however, now that it’s in the books we have our eyes set on 4.5! Thank you to all of our clients who participated in this release!
It has been a long awaited integration, but the Salesforce plugin is finally here!
Doing this integration had a lot of challenges – one of which forced us to evolve our plugins to allow custom configurations. However, we persevered for all the clients that have been asking for this very important integration as we continue to strive to make user access reviews as simple as possible.