Home > Expertise > Digital identity > ARCOS – Access rights compliance review service

ARCOS, an access rights compliance review service

Turnkey service to monitor your rights, manage recertification campaigns and easily build business profiles

60 %

of the most common cases of fraud involve access to sensitive information not required for an employee’s job.
Global Insider Threat Report 2022 – Ponemon Institute

Control access to your information system

Reviewing and controlling access rights to your information system is an essential part of risk management. It is also often a legal and regulatory obligation, and the person responsible for it may be more than just the CISO (Finance Director, Internal Audit and Control, etc.). Moreover, it is not always understood by business units, who have difficulty in understanding what is expected and what needs to be analyzed. The results are not always up to scratch, as some reviews are carried out without any real understanding of the actions taken. Finally, some of these reviews are still carried out manually, using files extracted from the systems. The ARCOS service offering provides a response to these problems, with an integrated range of tools to optimize the time spent on reviews, make them more reliable, benefit from the monthly input of experts, and increase the frequency of reviews, and thus the control of your risks.

A tool-based review service led by experts

Enabler – Setting up the service offering:

Integration of data sources to be analyzed
Quick access to an initial analysis of your IS rights
Access to a multitude of pre-configured dashboards
Our experts present their analyses
Definition of a customized roadmap and control plan.

Monitoring – Monthly monitoring of your rights for better control:

Monthly pre-analysis by our team of experts
Monitoring safety trends and making recommendations
Monitoring the impact of action plans implemented
Proposed changes to the control plan

Certification – Definition of the certification perimeter:

Rights documentation to be reviewed
Certification campaign settings
Launching and managing the review
User support
Preparation of certification reports
Results presentation

Role mining – Defining the scope of role mining:

Pre-analysis by our rights experts and identification of potential business roles
Workshops with business units to validate/update business roles
Supply of a catalog of business roles.

A turnkey rights review service

Get fast results

Once you’ve integrated your data, you’ll have a consolidated view and your first dashboards.

Easily answer all your rights management questions

Benefit from multiple pre-configured dashboards accessible via the service, enabling you to respond quickly to any request.

Monitor your access compliance

Benefit from monthly monitoring of your accesses, enabling you to see the concrete results of your actions and define progressive action plans.

Industrialize and increase the frequency of your reviews

Our experts pre-configure all the elements required for industrialized reviews, optimizing preparation times.

Make life easier for your users with business roles

Easily identify the business roles you need to configure and use in your existing system, facilitating the assignment of authorizations and associated reviews.

Benefit from expert feedback

Our data analysis teams are IAM experts who can guide you in your choice of priorities and remediation plans.

Our customer references

Business sector: Banking

As part of its risk management program, the IT department of a banking group wanted to implement a new IAM solution and take advantage of the opportunity to industrialize access management based on business roles.

Mission description:

Implementation of the Brainwave solution (Radiant Logic) on the customer’s infrastructure
Identification of primary data sources to be integrated and analyzed: HR repositories, LDAP and AD directories, application rights repositories
Configuration of connectors for regular data integration
Organization of a business role definition process.
Upstream analysis, for each organization, of the existing situation and the possibilities for creating business roles.
Preparing and leading workshops with the business units, to help them agree on business roles.
Implementation of business roles in the entity’s IAM solution.

Business sector: Banking

In response to requests from internal control, one of the entities in a banking group wanted to set up an identity and access review tool and service offering.

Mission description:

Implementation of the Brainwave solution (Radiant Logic) on the customer’s infrastructure
Identification of primary data sources to be integrated and analyzed: HR repositories, LDAP and AD directories, application rights repositories
Configuration of connectors for regular data integration
Definition of an identity and access review service offering
Configuration of review templates for industrialization.
Implementation of reviews, according to the schedule defined with internal control
User support during the review process.
Supply of reports.

Business sector: Insurance

In order to respond in an industrialized and agile way to the demands of various regulatory bodies, an insurance group wanted to set up a rights monitoring service on its IS, as well as periodic reviews.

Mission description:

Implementation of the Brainwave solution (Radiant Logic) on the customer’s infrastructure
Identification of primary data sources to be integrated and analyzed: HR repositories, LDAP and AD directories, application rights repositories
Configuration of connectors for regular data integration
Initial analysis of IS rights, presentation of initial dashboards and proposed implementation of a control plan.
Deployment of the monthly control plan. Support in implementing remediation measures.
Definition of a schedule of reviews to be carried out with business teams.
Configuration of reviews and conduct of review campaigns.
Support for users during the campaign
Supply of review reports for remedial action.

FAQ

What is the advantage of using a service offering versus carrying out clearance reviews in-house?

Carrying out identity and authorization reviews can be a time-consuming process, especially when they are not supported by tools: definition of scope, data recovery, data structuring, preparation of reviews, communication with the various stakeholders. The ARCOS offer frees you from these constraints and enables you to industrialize your reviews, based on powerful market tools and a team of experts.

What can I expect from ARCOS Monitoring? Isn't it redundant with the ID and authorization review offer?

The Monitoring offer is the first to be implemented. It provides an overview of the compliance of your rights and authorizations in several areas. It also enables you to work on the quality of your repository data. Monitoring is carried out on a monthly basis. The identity and authorization review service completes this offer, ensuring that the rights granted are always up to date.

How can I use business roles in my systems?

There are several advantages to using business roles:

Sharing with your business contacts a vision of the rights to be granted according to business / organizations
Industrialize the implementation of authorizations, using business roles which themselves combine several unitary rights.
Facilitating the review of rights, with a language shared with the professions.

How does ARCOS consider the evolution of my IS?

It is always possible to add/remove repositories to be analyzed in the ARCOS offer. Our teams will support you with your annual subscription.

Does the ARCOS offer include the software license for the solution used?

The ARCOS offer is an integrated service package, including all the elements that enable our teams to provide you with the service. This licensing element is transparent for you, so you don't have to do a thing.

What is the minimum commitment period for the service offer?

The minimum commitment period is 1 year.

Do my teams have access to the interface of the solution used in the service offering?

Your teams have access to all the dashboards defined in the service offer.

What does the subscription cost depend on?

The annual subscription cost takes into account:

The number of identities,
The number of data sources to be analyzed,
The complexity of these data sources,
The modules you subscribe to: Monitoring, Role Mining, Certification.

Can the modules be purchased separately?

The basic package comprises the Enabler and Monitoring modules, which are inseparable. The Certification and Role Mining modules can be purchased in addition to this package.

Let's stay in touch

Our experts can provide you with ongoing support for your cyber issues. Do you have a question? You’ve come to the right place, and we’ll get back to you within 24 hours!