YouAttest vs Spreadsheets for Access Reviews – Top 10 Reasons
Access Reviews are a crucial part for secure enterprises and for meeting industry required compliances: SOX, SOC, HIPAA/HITRUST, ISO 27001, PCI-DSS and a recommended best practice by NIST SP 800-53 rev5, namely PR.AC-4. Most enterprises are using excel spreadsheets – a very manual and trying process. Why we provide here – YouAttest vs SpreadSheets for Access Reviews: Top 10 Reasons.
YouAttest has shown that this process is wasting enterprises resources – both time and money. (Ref: Cost of Access Reviews and the TCO of YouAttest)
This document will show quantitative improvements of YouAttest over using manual methods such as spreadsheets.
1. Multiple Reviewers
Audit best practice is to have both Business and System owners review application and user accesses. YouAttest quantifies the roles and then sends out an audit request to each owner. The central console tracks the status of the reviews and which reviewers are completed and which will be automatically “nagged” to complete their attestation.
Image #1: YouAttest automates the process of applying mutliple reviewers to an access review
2. Delegation (manual and automatic)
Best practice for audit is to have the direct managers of the users attest to the access privileges of their users. YouAttest has the ability to AUTOMATICALLY send out the attestation to the managers of the users – the managers set it up in the directory of record. In addition, managers can be manually quantified for attestations.
Image #2: YouAttest allows you to automate the process of selecting which manager to review access.
3. Time-Stamped Immutable Reports
Accurate, timestamped, reports are created and available in .csv, Excel, or PDF format. These reports can be automatically filtered for just active users, revoked, or inactive users. Reports can be assigned and emailed out to anyone all without leaving YouAttest.
Reports show who took the action, what was the action, who was the action on, and when did the action take place.
Image #3: YouAttest creates timestamped reports of the access reviews.
4. Selected Topics for Review (By User, By Group, By Manager, By Application)
YouAttest allows an enterprise to choose what is the key prism for the audit view, this can be: by user, by group, by manager or by Application.
In this manner the review is set on how the audited wishes the resource privileges and rights are reviewed.
Image #4: Select by what method to conduct the review: by user, by group, by application or by manager.
5. Auto-Scheduling of Attestations
YouAttest has the ability to auto-schedule attestations. Reviews can be scheduled to specific reviewers, on specific topics at specific intervals: days, weeks or months.
Image #5: YouAttest allows auto-scheduling for access reviews
6. Centralized management console for ALL management campaigns
Enterprises often have multiple resources that require compliance. YouAttest provides a single console to all of campaigns, by all reviewers, at all stages of review.
Image #6: YouAttest provides a single console for all your access reviews.
7. Centralized Secure Repository for All Access Review Campaigns
Unlike XLS spreadsheets – which may or may not be held in a secure manner. YouAttest is a centralized repository, usually integrated into the SSO system that requires configured authentication for access to the sheets. Knowledge of where and how the sheets are accessed is easily and centrally managed. Auditable view of who has managed the reviews is viewable via YouAttest – unlike XLS sheets.
Image #7: YouAttest allows a single view of the access reviews that have been executed.
8. Revocation of Roles
If YouAttest is tied to the SSO engine (Okta supported now) – the reviewer can actually revoke a user’s permissions upon completion of the report. For non-Okta customers a full report of all the revocations can be recorded and then submitted as the recommended change. (Priorities for automation are being taken by YouAttest – let us know in which what system you would like to have automated revocations.)
Images #8: YouAttest provides revocation either in a single report or direct link to an Okta system.
9. Selectable Single or Multiple Users/Groups to Review
YouAttest has the ability for the admin to select, single or multiple users or groups based on modifiable search criteria. YouAttest makes it simple to add or subtract groups and users from a configurable GUI console.
Image #9: YouAttest simplifies which users and groups that you want to focus on for review.
10. Easily Implemented % of Users, Groups, Applications to Review
If YouAttest is connected to a SSO platform (Okta presently) the admin can select a % of users, groups, applications the the reviewer wishes to attest to. Important for expediency and still meeting certain compliance requirements.
Image #10: YouAttest allows an enterprise to just review a random % of entities.
—
YouAttest is automated identity audit tool for Okta, AD and other resources. Cloud based and simple to use – YouAttest provides a quantified platform for your identity audits. Schedule an appointment with a YouAttest identity audit professional.