Access management 

Our Regulatory compliance services ensure adherence to the many diverse access control and data protection requirements identified by regional and country centric regulators like US Federal Reserve Board (US FRB), Monetary Authority of Singapore (MAS), and Germany’s Federal Financial Supervisory Authority (BaFin) supervising banking institutions. The service provides an end-to-end perspective of access controls starting from new hire request provisioning and ongoing entitlements re-certifications to the spontaneous joiner-mover-leaver processes. Enforced practices need to comply with least privilege, segregation of duties, and never alone principles. Scope of systems includes Unix/Wintel servers, database servers, middleware, networks, desktops, and mainframe.

Based on the client requirements, the regulatory compliance team defines the scope of the remediation effort both in terms of users and end-systems. Existing people, process and technology applications are analyzed to capture the current state. Compliant with required controls, a target state model is defined along with the strategy and roadmap to achieve the improved efficiencies in a well-defined timeframe. Through an Agile software development lifecycle, service improvements are made to existing solutions or new applicable products are identified for pilot followed by general rollout. A governance process is defined to ensure ongoing compliance and support periodic internal and external regulatory reporting.

• UNIX/Wintel access remediation – ensures access to server accounts and access rights are aligned to user role in production and user acceptance test environments.
• Database Remediation– ensures access to database accounts and access rights are aligned to user role in production and user acceptance test environments.
• Secure Shell Keys (SSH) Remediation ensures access to SSH keys is aligned to user role in production and user acceptance test.
• Source Code Review ensures unauthorized changes are not introduced in production and pre-production environments.
• Governance & health check ensures regular reporting on key performance and key risk indicators.

Data Masking

Any organization’s most valuable asset is data. Today’s growing concerns with intentional (fraud) and unintentional data losses (theft) forces organizations to protect the data more carefully than ever before. Among various necessary data protections, the main reason for applying ‘data masking’ is to protect data that is classified as personal identifiable data, personal sensitive data or commercially sensitive data in non-production environments while maintaining the usability for the purposes of valid test cycles in SDLC.

The primary concern from a corporate governance perspective is that personnel conducting work in non-production environments are not always security cleared to operate with the information contained in the production data. This practice represents a security hole where data can be copied by unauthorized personnel and security measures associated with standard production level controls can be easily bypassed. This represents an access point for a data security breach.

Our service provides a comprehensive solution and careful implementation of data masking ensuring the adherence to data protection requirements identified by audit control and regulatory authorities.

Data masking or data obfuscation is the process of hiding original data with random characters or data using variety of techniques such as substitution, shuffling, number and date variance, encryption, nulling out or deletion, masking out, additional complex rules as applicable to unique scenarios. Our overall practice of Data Masking at an organizational level is tightly coupled with the Test Management Practice and underlying Methodology, incorporating processes for the distribution of masked test data.

While there are many technologies and solutions available in the market, our flexible services allow organizations with its own unique challenges and needs to solve the problem leveraging our strong expertise and accelerators that works neutrally with any solution.

Combined with our strong expertise in regulatory services and deep understanding of data, we deliver an efficient and cost effective solution to any size organization for data masking services.