SailPoint’s Adam Bacia explains the concept of separation-of-duties and why it is a critical component to identity today.
Adam Bacia: So I was asked to help explain the concept of separation of duties and that’s actually kind of funny since separation of duties is exactly what it sounds like. It’s the separating of any critical or high-risk function into two or more functions. So I guess the real question is why is this important or better yet why would you want to break something up into multiple functions for multiple people?
Well the example that everyone always gives is finance. If you work in the finance department and you can create pay to accounts, there’s nothing wrong with that but if you can also cut checks to those accounts well then what’s to stop you from creating Adam’s early retirement fund and cutting yourself a nice big check? Now morals not withstanding that maybe too much power for some people to handle. So that’s where separation of duties or SoD policies come in. They create a matrix of all the different types of access or power that people should not have in combination. And then you set up monitoring so that you can be alerted if anyone ever gets one of those combinations, we call them toxic combinations. Or you can actually set up proactive SoD policies so that no one is ever actually able to gain those two combinations of access. I mean at the end of the day why is that sales guy asking for access to the payroll application?
Anyway hopefully this helps explain why separation of duties is one of the key critical functions that’s included in all identity access management and governance functions.
You might also be interested in:
Find out how SailPoint can help your organization.