Planning for a Periodic Access Review

An access review can be a labor- and time-intensive process for any business enterprise. The Waveset periodic access review process helps minimize the cost and time involved by automating many parts of the process. However, some of the processes still are time-consuming. For example, the process of fetching user account data from a number of locations for thousands of users can take a considerable amount of time. The act of manually attesting records can be time-consuming as well. Proper planning improves the efficiency of the process and greatly reduces the effort involved.

Planning for a periodic access review involves the following considerations:

• Scan times can vary greatly depending on the number of users and the resources involved.

  A single periodic access review for a large organization can take one or more days for scanning, as well as one or more weeks for manual attestation to complete.

  For example, for an organization with 50,000 users and ten resources, an access scan might take approximately one day to complete, based on the following calculation:

  1 sec/resource * 50K users * 10 resources / 5 concurrent threads = 28 hours

  If resources are spread across geographies, network latencies can add to the process time.

• Using multiple Waveset servers for parallel processing can speed up the access review process.

  Running parallel scans is most effective when the resources are not common across the scans. When defining an access review, create multiple scans and restrict resources to a specific set of resources, using different resources for each scan. Then when you launch the task, select multiple scans and schedule them to run immediately.

• Customizing the Attestation workflow and rules gives you greater control and can provide greater efficiency:

  For example, customize the Attestor rule to spread attestation duties across multiple attestors. The attestation process assigns work items and sends out notifications accordingly.

• Using Attestor Escalation Rules helps improve response time for attestation requests.

  Set the Default Escalation Attestor rule, or use a customized rule, to set up an escalation chain of attestors. Also specify escalation timeout values.

• Understand how to use the Review Determination Rules to save time by automatically determining which entitlement records need to be manually reviewed.

• Bundle notification of attestation requests for a scan by specifying a scan-level Notification Workflow.