YouAttest vs Spreadsheets for Access Reviews – Top 10 Reasons
Access Reviews are a crucial part for secure enterprises and for meeting industry required compliances: SOX, SOC, HIPAA/HITRUST, ISO 27001, PCI-DSS and a recommended best practice by NIST SP 800-53 rev5, namely PR.AC-4. Most enterprises are using excel spreadsheets – a very manual and trying process. Why we provide here – YouAttest vs SpreadSheets for Access Reviews: Top 10 Reasons.
YouAttest has shown that this process is wasting enterprises resources – both time and money. (Ref: Cost of Access Reviews and the TCO of YouAttest)
This document will show quantitative improvements of YouAttest over using manual methods such as spreadsheets.
1. Multiple Reviewers
Audit best practice is to have both Business and System owners review application and user accesses. YouAttest quantifies the roles and then sends out an audit request to each owner. The central console tracks the status of the reviews and which reviewers are completed and which will be automatically “nagged” to complete their attestation.
2. Delegation (manual and automatic)
Best practice for audit is to have the direct managers of the users attest to the access privileges of their users. YouAttest has the ability to AUTOMATICALLY send out the attestation to the managers of the users – the managers set it up in the directory of record. In addition, managers can be manually quantified for attestations.
3. Time-Stamped Immutable Reports
Accurate, timestamped, reports are created and available in .csv, Excel, or PDF format. These reports can be automatically filtered for just active users, revoked, or inactive users. Reports can be assigned and emailed out to anyone all without leaving YouAttest.
Reports show who took the action, what was the action, who was the action on, and when did the action take place.
4. Selected Topics for Review (By User, By Group, By Manager, By Application)
YouAttest allows an enterprise to choose what is the key prism for the audit view, this can be: by user, by group, by manager or by Application.
In this manner the review is set on how the audited wishes the resource privileges and rights are reviewed.
5. Auto-Scheduling of Attestations
YouAttest has the ability to auto-schedule attestations. Reviews can be scheduled to specific reviewers, on specific topics at specific intervals: days, weeks or months.
6. Centralized management console for ALL management campaigns
Enterprises often have multiple resources that require compliance. YouAttest provides a single console to all of campaigns, by all reviewers, at all stages of review.
7. Centralized Secure Repository for All Access Review Campaigns
Unlike XLS spreadsheets – which may or may not be held in a secure manner. YouAttest is a centralized repository, usually integrated into the SSO system that requires configured authentication for access to the sheets. Knowledge of where and how the sheets are accessed is easily and centrally managed. Auditable view of who has managed the reviews is viewable via YouAttest – unlike XLS sheets.
8. Revocation of Roles
If YouAttest is tied to the SSO engine (Okta supported now) – the reviewer can actually revoke a user’s permissions upon completion of the report. For non-Okta customers a full report of all the revocations can be recorded and then submitted as the recommended change. (Priorities for automation are being taken by YouAttest – let us know in which what system you would like to have automated revocations.)
9. Selectable Single or Multiple Users/Groups to Review
YouAttest has the ability for the admin to select, single or multiple users or groups based on modifiable search criteria. YouAttest makes it simple to add or subtract groups and users from a configurable GUI console.
10. Easily Implemented % of Users, Groups, Applications to Review
If YouAttest is connected to a SSO platform (Okta presently) the admin can select a % of users, groups, applications the the reviewer wishes to attest to. Important for expediency and still meeting certain compliance requirements.
YouAttest is automated identity audit tool for Okta, AD and other resources. Cloud based and simple to use – YouAttest provides a quantified platform for your identity audits. Schedule an appointment with a YouAttest identity audit professional.