Few security issues annoy end users more than when they are unable to complete a task because of a failed authorization check, bringing their work to a standstill. Authorization issues irritate administrators as well, as they require hours of research, disrupt work, and delay interesting projects. These incidents are often urgent, ambiguous, and adversely affect IT’s customer satisfaction scores.
New tools, such as Authorization Help from Security Weaver, reduce the effects of incidents. Security Weaver recommends eight strategies to streamline the authorization incident management process:
1. Integrate Authorization Incident and Authorization Request Processes
The initiating causes, success measures, and challenges of authorization incident and authorization request processes are materially different, so the design and management of the processes must be separate. However, because the resolution of an authorization incident often initiates an authorization request, it is best to provide triggers for the provisioning process as part of the incident management process.
2. Automate Ticket Creation and Data Collection
Automated ticket creation means end users face less hassle in notifying IT about their specific issues. Automated data collection fills tickets with robust, consistently formatted data, accelerating both incident and problem management processes for IT.
3. Provide Easy Access to Policy Documentation
Users must quickly determine if their authorization issue is due to a policy constraint or an assignment error. By helping users quickly determine that the issue should be escalated to auditors and business owners instead of IT, security administrators can minimize misdirected requests for access and reduce ticket volume.
4. Integrate Authorization Incident Tickets with a Service Management Platform
This allows users to leverage status-tracking capabilities and auditors to trace authorization changes back to the source. Meanwhile, IT can keep security processes aligned with IT operational processes.
5. Automatically Recommend Options to Users
Unnecessarily locking valid critical transactions that a user needs is one of the fastest ways to lower IT satisfaction survey scores. Depending on the nature of the transaction and the existing authorization privileges, users should be offered suggestions that alert them to alternative ways of processing a transaction. This capability should be configurable so that management, auditors, and security personnel can be assured that the recommendations support security policies.
6. Add User Transaction Data to the Automated Ticketing Process
It’s important to capture detailed user transaction data to expedite research and remediation, as it provides the necessary context and reduces the need for users to re-run transactions under trace conditions.
7. Automatically Recommend Role Assignments
Segmenting roles based on inventory, policies, and user metrics can lead to smart role recommendations. Role owners and IT can then quickly determine if an issue is due to the design of a role, its configuration of authorization objects, or a missing assignment.
8. Automate Role Testing
Regression errors and design bugs can sneak into production. Proper testing can go a long way toward reducing the number of authorization incidents.
SAP’s robust authorization model coupled with the constant technical and organizational changes within an enterprise means authorization incidents are inevitable. However, some security administrators are able to radically reduce the number and severity of these incidents to streamline their authorization incident process. To learn more, download our white paper at www.securityweaver.com/authorizationhelp_wp.