A cornerstone of security best practices -- and therefore of compliance requirements -- is to limit access to critical resources to only those employees and users who have a legitimate business need to access those resources. As a result, most companies adopt a policy of "least privilege" which is intended to restrict users to access only those applications that are required to do their job. See the table below for the relevant least privilege text in each of the major regulatory frameworks:
Least privilege policy violations result in excessive access rights, also called excessive privileges or entitlements. These are the top cause of IT audit findings, and represent both a compliance exposure and a security vulnerability.
Cloud Compliance is developing an Identity and Access Control (IdAA) solution to ensure compliance with least privilege policies. We identify users with excess access rights, and provide tools for isolating high levels of over-entitlement by group, business unit or by application. Such tools enable root cause identification, and provide the necessary insight for remediation and process improvement. Furthermore, due to our global visibility as a cloud-based SaaS solution, we capture statistics industry-wide that our customers can access for setting their own policy benchmarks. Finally, the Cloud Compliance SaaS solution requires no software to install, maintain and operate, no appliances to deploy, no consultants, advisors or professional services to deploy, and no huge upfront capital expense to incur.
More Top Audit Findings
Identity and Access Assessment (IdAA) Demo
Click here to see the demo!