arrow-left Back to Announcements
DATE:
AUTHOR:
The folks at Scrut
New Feature

Access Review (Beta Release)

DATE:
AUTHOR: The folks at Scrut

Note: This feature is currently in Beta. If you are interested in exploring this feature, please don't hesitate to contact your account manager.

We are excited to introduce the Access Review Module, now available in beta mode, as a new feature in our compliance automation tool. This module enables organizations to review and validate access rights and permissions granted to users within their systems and third-party vendor applications.

Challenges faced by organizations

  1. Unauthorized access: Unauthorized access can cause security breaches and put an organization's sensitive data at risk.

  2. Compliance challenges: Compliance with regulatory requirements can be complex and time-consuming.

  3. Audit preparedness: Internal and external audits require organizations to demonstrate proper access management and compliance practices.

Benefits

  1. Enhanced security: By regularly reviewing access rights, organizations can identify and mitigate security risks, ensuring that only authorized users have appropriate access to critical systems and sensitive data. Access Review helps organizations proactively manage access privileges and prevent unauthorized activities.

  2. Improved compliance: Access Review ensures that organizations adhere to regulatory requirements by validating access rights and permissions. It provides a comprehensive overview of user access across systems and third-party applications, facilitating compliance monitoring and reporting.

  3. Audit preparedness: An organization can successfully demonstrate its access management and compliance practices to its external and internal auditors. The proactive approach taken by the organization can help the auditors place trust in the intentions of the organization.

How does it work?

  1. Create an Access Review Project by clicking the “Create New” button.

  1. You can enter the project details and select vendors for which you want to conduct a user access review.

Tip: The list of vendors is imported from vendor management. So you can add a new vendor in vendor management, and it will appear here.

  1. Click “Create,” and the “Access Review” will be created.

  1. Once we click on the project, it will show us the List of Vendors, the Owner of the project, the Due Date, the Start Date, the Finish Date, the Status, and Actions.

  1. You can now upload the Access file by clicking on the “Access file” button. (Access file - a file that has the list of users who have access to AWS)

  2. You can download the reference template, where the file should contain the Name, Email address, and Role of the user.

  1. Once you have uploaded the file, you can click on the "View" button and see the list of users who have access to AWS.

  1. Now, you can start a review by clicking on the “Start Review” button.

  1. We have two options for maintaining access where by clicking on the "X" button, we can revoke access, and by clicking on the "Green tick," we can grant access to the specific user. By doing this, we are not directly revoking or granting access to the AWS platform, but instead, Scrut has the data of access for these users.

  1. When you revoke access, you can create a remediation task by creating tickets through Jira or Monday.com so that a team member can actually review and revoke access on the AWS platform.

  1. Once the task has been created, the review status will be moved to 'Pending.'

  1. Once the review has been done, you can mark it as done by clicking on it manually.

  1. Once you are done with maintaining access, click on “Complete Review.”

  1. Now the status will be “ Complete.”

If you have any questions or issues, please reach out to your assigned customer relationship manager. They'll be happy to assist you!

To view all the product updates, please click here.

Powered by LaunchNotes