Segregation of Duties (SoD)Management
Automate enforcing of SoD policies to identify toxic combinations of access rights
Policy-Based Access Control
To prevent fraud and theft organizations need internal policies to detect and evaluate toxic combinations or violations of access rights. Segregation of duties (SoD) breaks down tasks into multiple tasks, so no single person is solely in control of tasks that constitutes risks. Payment and approval of invoices, for example should be separated into individual tasks. The challenge for the organization is to find the balance between ensuring security by breaking up tasks to individual responsibilities, yet doing so without increasing complexity and restraining the business.
Omada’s SoD management allows for fine grained definition of constraints, based on business processes or resources. Business processes allows you to define constraints for a particular job function or role. This saves you from adding constraint policies for every possible combination.
The policy and SoD management processes are used to define policies for toxic combinations of access rights assigned to the same person, detect any violations, and evaluate these to determine if the combination of access rights should be allowed or blocked.
The SoD management supports a mitigation workflow where a security officer and/or manager can evaluate all violations for an identity with the possibility of overriding selected violations.
Omada’s SoD Management enables you to:
- Define enforceable policies for granting access.
- Detect policy violations based on defined rules and policies to ensure that critical access combinations are not granted without risk evaluations and approvals.
- Ensure that dispensations to violations are re-evaluated periodically.