Access Informer Logo

ACCESS INFORMER

Simplifying user authorizations

Overview

Access Informer is a simple yet powerful solution to collect, analyze and monitor user authorizations across your key systems

 

Why Access Informer?

Access Informer helps you retake control of user authorizations across your key systems by improving:

Knowledge

Knowledge

Gain a direct and comprehensive view of user authorizations across your key systems
Centrally investigate and report on authorizations
Get valuable insights and identify potential risk from excessive access
Efficiency

Efficiency

Reduce drastically the effort and complexity in performing periodic reviews of user authorizations
Schedule extractions of user authorizations and automate analysis
Produce detailed analytics to redesign and simplify authorizations
Why Access Informer

Governance

Maintain compliance ruleset within and across key systems
Visualize the status and evolution of risks and compliance exceptions with integrated dashboard
Provide key analytics to support the definition of priorities and strategy relating to authorizations
Archive and restore snapshots of authorizations to support eDiscovery, audits and investigations

Features


Collect

Collect and Centralize

Capture snapshots of authorizations across platforms, including SAP®, Active Directory® (AD), Network Shares, and SharePoint®
Configure and schedule the extractions of user authorizations
A non-intrusive solution requiring read-only access to the target environments
SAP Certified connector. No agent, script or custom ABAP® code required
Explore

Explore and Report

Perform complex analysis off-line, without impacting the performance of production environments
Leverage built-in queries, intuitive drill-downs and 80+ predefined reports
Identify outliers, suspicious and excessive access
Produce reports in Excel format for further analysis, and CSV to integrate with external reporting and dashboard solutions
Tag

Classify and Prioritize

Centrally maintain criticality and assign tags of security assets
Maintain ownership and relationships between assets
Leverage the classification information in queries, ruleset and reporting
Maintain a compliance ruleset of sensitive access and segregation of duties
Monitor

Monitor and Visualize

Dramatically increase your insight into the risk and identification of excessive access
Monitor and document compliance exceptions within and across systems with integrated dashboard
Compare user authorizations over time within and across systems
Warning

Alert and Recommend

Assign severity levels to security and compliance rules and security KPIs
Be notified of exceptions after each extractions and automated analysis

Use Cases

Access Informer brings significant added value to a number of key activities

Check

Provide greater assurance

That the access to sensitive information and activities is adequately restricted
The access of employees that left the organization is timely removed across applications
Employees transferring within the company do not retain sensitive permissions from previous roles
Segregation of duty conflicts are monitored within and across key applications
User authorizations are timely modified to reflect and support organizational changes
Support

Accelerate ad-hoc investigations

Centrally troubleshoot missing or excessive permissions across your key systems
Drill down and identify the root cause for excessive sensitive access and SOD conflicts
Simulate the impact of modifying and removing specific SAP permissions
Leverage SAP User Transaction usage in analysis and reports
Target

Reduce the risk of fraud and data leakage

Timely identify and remove excessive and unrequired access
Simplify the review of sensitive and conflicting access when employees change job responsibilities within the organization
Identify and remove orphan application accounts, which are no longer linked to an active AD account
Rules

Improve Compliance

Assess and improve compliance with SOX and GDPR
Demonstrate compliance to auditors with minimum effort
Perform quality reviews of compliance and SAP GRC ruleset
Support periodic re-certification of user authorizations
Costs

Reduce operational costs

Identify and remove unused authorizations
Discover opportunities to merge/simply the authorization model
Assess impact of removing authorizations and reduce the amount of testing required
Generate scripts to automate remediation
Review and optimize user licensing
Project

Support critical projects

Provide detailed analytics on user authorizations to support key projects and initiatives
Adapt authorizations with organizational changes, such as mergers, acquisitions, divestitures and outsourcing
Evaluate risk of sensitive access and SOD conflicts throughout an implementation and prior to a cutover or go-live

Testimonials


Frequently Asked Questions


Subscription

Subscription

What is the pricing model for the subscription?
The pricing is based on three main variables: the overall number of user accounts being monitored, the number of systems being extracted and the number of analysts using the Access Informer desktop application. Contact us to schedule a demo/discussion or for a quote
What type of company is using Access Informer?
Access Informer is primarily used by large companies using SAP ERP, either as a companion or alternative solution to SAP GRC Access Controls.
Who is the target user of the solution within the company?
The Access Informer desktop application is meant for IT security, internal controls and audit professionals.
Can we organize a trial of the solution in our environment?
We recommend to contact us to schedule a one week on-site security assessment. Apart from valuable observations and recommendations, the assessment will enable you to gain confidence that the solution operates in your environment and meets your specific requirements in terms of analytics and reporting.
Installation

Installation

Is the solution available on-premise?
Yes, while the solution can leverage the Azure SQL cloud, due to the potentially sensitive information being collected, we do recommend an ‘on-premise’ configuration with a local Microsoft SQL Server to store snapshots of authorizations
Does the extraction process requires any agents or code on the target environments?
No, the Access Informer solution is non-intrusive and only requires basic read-only permissions to extract the user authorizations. No agents on servers. No ABAP code to be deployed for SAP.
How is the Access Informer Desktop deployed?
The desktop application is available as a single executable file, digitally signed with an Extended Validation (EV) Code Signing Certificate from GlobalSign root certification authority.
Installing and running the Access Informer desktop application do not require local administrator rights your workstation.
Is the solution compatible with SAP S/4HANA?
Yes, the Access Informer can be used with all releases from 4.0B to S/4HANA edition 1709. Unicode as well as non-Unicode.

Our Services

Our mission is to protect companies by helping to identify and remove incorrect and excessive access across their critical IT systems

Subscription

Subscription

Annual or project-based subscription
Includes application installation, updates and support
Configuration of the SQL Server or Azure SQL for the storage and retention of snapshots
Configuration and scheduling of the extraction process
Conduct initial training on Access Informer desktop application
Managed Extraction Service (optional)
Contact us for a quote based on your specific requirements
Consulting

Consulting

Perform security and compliance reviews
Review the quality of compliance / GRC ruleset
Accelerate remediation effort for sensitive access and SOD conflicts
Development of custom .NET solutions integrated with SAP
Customize Access Informer solution with additional connectors and specific requirements
Review and optimize SAP licensing
Provide training on SAP and AD Security and auditing
Assessment

Security Assessment

One week security on-site assessment, starting at CHF 12,000 all-inclusive
Leverage Access Informer to extract user authorizations from AD, SAP, network shares, and SharePoint environments
Perform the analysis together with customer representatives to showcase the Access Informer solution and provide observations throughout the week
Produce additional reports to support any customer initiatives and projects
Conclude the week with a presentation of the key observations and recommendations
All detailed reports generated during the week remain at the customer's disposal after the review
The cost of this assessment is deducted from the Access Informer subscription (if signed within 6 months of the assessment)

News



Subscribe to Newsletter

Get in touch


Main Office

Access Informer Security Solutions GmbH
c/o Cofigest Management SA
Chamerstrasse 77
6300 Zug, Switzerland
Phone  +41 (0) 41 588 07 32
Contact Us     Contact Us
VAT Number: CHE-231.957.314
DUNS Number: 486659647

Sales Office

Access Informer Security Solutions GmbH
Ch. Du Bochet 13B
1110 Morges, Switzerland
Linkedin Twitter

About us


2019

Major upgrade of the Access Informer solution, including a compliance dashboard, classification of security assets and significant UI improvements

Nominated for the PwC SecTech 2019 startup award in recognition for innovation in cybersecurity

Selected for the Tech4Trust startup acceleration program from the EPFL Innovation Park

2018

Selected for the ICT startup acceleration program from the EPFL Innovation Park

2016

Additional connectors to analyze authorizations from unstructured data stored in SharePoint and Network Shares

2015

Initial release of the Access Informer solution to analyze user authorizations for SAP and Active Directory

Company pivots to software solution provider

2012

Company established in Zug, Switzerland, providing IT and SAP Security Consulting services


Cyril Hauppert   Linkedin Profile

Cyril Hauppert

Founder

15+ years of experience in IT Consulting, Audit and Security roles in large companies including Sun Microsystems, KPMG, Altria/Philip Morris and Kraft Foods
Combines Business Degree from ESCP Europe with IT Security expertise
Achieved key IT Security and Project Management certifications, including CISSP, CISA, CISM, CGEIT, CRISC, ABCP, and PMP

Michael FlÜhler   Linkedin Profile

Michael Fluehler

Operations Advisor

Seasoned professional in the areas of management consulting and corporate finance
Extensive experience in management positions and leading strategic, international projects for renowned companies in the Financial Service, Consultancy and FMCG industries
Master in Economics and a master in advanced European Studies

Adam Koniuszewski   Linkedin Profile

Adam Koniuszewski

Business Development Advisor

Fellow of Order of Chartered Professional Accountants of Quebec (Canada)
Chartered Financial Analyst (CFA)
Finance, risk management and audit/internal controls professional with fraud investigation experience and an international track record in Big Four / Fortune 100 and private-sector & non-profit board experience

Antonio Fontes   Linkedin Profile

Antonio Fontes

Technical Advisor

OWASP Geneva: Chapter leader
Web application threats and countermeasures
Secure development lifecycle
Penetration testing and vulnerability assessment
Software threat modelling and risk analysis
Microsoft Logo
EPFL Innovation Park
SAP PartnerEdge Logo
MS BizSpark
La Forge
Theobald Software Logo
Innosuisse Logo
Innosuisse Logo

Business Portal

Access to technical resources for our customers and business partners

Logo