 |
 |
 |
|
|
 |
 |
 |
 |
| PRODUCTION ACCESS - Allow developers instant security access to the resources they need to perform production deployments or handle emergencies. |
|
| AUDITS - Gather and organize audit data from production systems to satisfy SOX auditing requirements. |
|
| REPORTING - Provides standard reports as well as review and approval workflow functionality to ensure authorization and accountability. |
|
|
 |
 |
 |
In any organization there is a need for developers to access production systems in order to perform applciation upgrades or deal with emergencies. However,
best practices and SOX compliance guidelines dictate that application developers do not have full time access to production systems. Companies struggle to put
in place procedures that allow developers the access they need, while at the same time monitoring any changes that are made to production systems while the
developer has access. Insufficient processes put an increased workload on both the security administration team that will provide on demand access to production systems,
as well as management that must sort through and organize an overwhelming amount of raw audit data in order to satisfy Sarbanes-Oxley compliance requirements.
|
|
|
 |
 |
|
PAAR(Production Access and Audit Reporting) provides the platform needed for an organization to define the production file servers, application servers, databases, etc. that make up their applications.
PAAR then provides a simple and fast way for developers to request and be granted instant access to the production resources so that they can perform authorized changes to production systems. At the same time
a developer is performing production changes, a organization's existing audit tools will be monitoring these changes. The PAAR system will then gather data from one or more audit sources and organize the raw audit data
in a way that paints a clear picture of: Who accessed production, when they accessed production, why they accessed production, and what changes they made while in production. This information can be reviewed and approved by
managers each week in a fraction of the time it would take to them to search through and verify raw audit data on their own.
|
|
|
|
