Prevent Risks in ITSM User Request Management

Integrated Fulfilment – Prevent Risks in ITSM User Request Management

Today many businesses use ITSM tools to fulfil access requests using roles that are manually configured as catalogs. The downside: the manual management of roles at a high level created audit findings where the attribute level details in the business application do not accurately reflect in the Catalog role.  For example, a role of Payables Inquiry available in ServiceNow does not prevent the risk of fulfilment where the user may also be granted access to the role in the Oracle ERP Cloud application that enables supplier creation – causing and significant risk to financial statements – enabling a user to create suppliers and pay suppliers. 

Furthermore, the lack of integration with business application increases the risk where the access requests in the ITSM system do not match the actual user access in the business application where the access is granted within the application or through multiple provisioning workflows or systems,

Enterprise-Wide Real-Time Fulfilment from ITSM

As users join the organization or change roles within it, SafePaaS rules and policy-driven fulfilment process manages the user access rights management within business applications with integrated ITSM services. User access is updated with authorized access for the approved start and end times, such as adding a user to Oracle Cloud ERP or SAP Hana S/4 and assigning authorized privileges through roles, and security attributes.  SafePaaS ITSM integrated fine-grained fulfilment process improves organizational security posture and business productivity through accurate and timely fulfilment processes.

ITSM Access Request Control Analysis Prevents Policy Violations 

All access requests that are submitted in ITSM for business application access are seamlessly initiated in SafePaaS for fine-grained controls analyses to ensure compliance with access governance policies. SafePaaS opens the ticket in the ITSM while syncing with SafePaaS for real-time ticket status.  Once the request is received in SafePaaS, it is tested automatically against the policies and rules to detect violations and initiate additional workflows with violation analysis to control owner (that is usually not the immediate supervisor) for authorization. Once the request is either approved, rejected, or approved with waiver and compensating control SafePaaS fulfils the requests and the ticket is automatically updated in the ITSM. If access must be manually fulfilled, SafePaaS can assign the ticket to the ITSM. Workflow logic can be configured based on business needs.

Self-Service Access Request Controls 

End-users can also simulate the risks in access requests in SafePaaS proactively to detect any potential access policy violations such as Segregation of Duties or Sensitive Access.  If the access request is submitted with policy violations, the approver has the option to add mitigating controls to the SoD. This results in end-to-end controls over the access management process.