XLS for Enterprise. Right or Wrong? Not sure if you saw this one, but great example of a tool being used wrong – this is a case of XLS for Enterprise database usage.
The UK’s Public Health England (PHE) had created a COVID contact tracing system. Admirable. Necessary. Understandable.
But the system they were using to ingest lab test data, inported the data as CSV files into Excel format files. That is the depository of this data was NOT an enterprise database – but XLS files. And not just XLS files, but a format that went extinct in 2003 – and thus only supported 65,536 rows. (Current limit of XLSX is now over around 1 million.)
Ref: How Not to Kill People w/ Spreadsheets
The result: Over 48,000 contacts were not warned of possible contact exposure to the virus – all because of errors in the data input.
Bad. And more relevantly, very avoidable.
The Right Tool for the Job – XLS for Enterprise ?
Excel is wonderful. I create/edit 2-3 a day for task, communication and projects. But no one at Microsoft (or Google) thinks Excel (or Sheets) is a database.
The same logic has to go for auditing.
Many of my prospects are still using Excel speadsheets for their IT Access Reviews. These are quantified as a best practice in Section PR.AC-4 in the NIST Cyber Security Framework 1.1. And these are spelled out in info and data security guidances such as SOX 404B, ISO 27001, HITRUST and SOC 2 TYPE 2 Certifications.
The process of using spread sheets for access reviews is, painful, time consuming and often fraught with errors. YouAttest did a TCO study and discovered that the internal resources, utilizing manual tools like Excel, for the purpose of auditing and access reviews – its extremely wasteful. The TCO studies showed that a single audit, utilizing an automated tool like YouAttest, can pay for a (1) year license for the tool. (Webinar: YouAttest TCO Study) These same organizations reported having to do these audit 8 to 16 times a year!
YouAttest enables an organization to automate IT Access Reviews, all without spreadsheets. YouAttest conducts:
- Resource access reviews
- User access reviews
- Groups access reviews
- AD Service Accounts reviews
- AD Domain Accounts
- Permission changes (benign or malicious) based on event triggers!
When integrated as a key facet of your cybersecurity protocols, YouAttest access reviews are highly advantageous in helping you to stay ahead of cybercriminals while simplifying your IT audits.
—
YouAttest is the only cloud-based IGA platform that deploys in minutes via application SSO to platforms like Okta. Register for the November 18th YouAttest webinar on auto-scheduling attestations of your cloud and legacy applications.
