Start Up Real Estate Management Company Builds SOX Compliant and Scalable D365FO Security Framework in Expedited Timeframe
Customer Company Size
Large Corporate
Region
- America
Country
- United States
Product
- Fastpath Assure
- Dynamics 365 for Finance and Operations (D365FO)
Tech Stack
- Microsoft Dynamics
- Fastpath
Implementation Scale
- Enterprise-wide Deployment
Impact Metrics
- Cost Savings
- Productivity Improvements
- Digital Expertise
Technology Category
- Application Infrastructure & Middleware - API Integration & Management
Applicable Functions
- Business Operation
Use Cases
- Regulatory Compliance Monitoring
- Cybersecurity
Services
- System Integration
- Training
About The Customer
The customer is a national manager of distinctive, independent assisted living and memory care communities throughout the U.S. Established less than two years ago, the company has grown to manage more than 100 retirement communities caring for more than 5,500 residents across 28 states. To accommodate the company’s rapid growth, the organization implemented Dynamics 365 for Finance and Operations (D365FO) on an accelerated timeline to rapidly establish a business management platform. However, this forced the team to rely only on the standard security roles delivered with the application ‘out of the box’ which inherently contained critical and high-risk segregation of duties (SoD) conflicts.
The Challenge
The customer, a rapidly growing real estate management company, was relying on the standard security roles delivered with the application ‘out of the box’ which inherently contained critical and high-risk segregation of duties (SoD) conflicts. Due to the amount of revenue under management for a large public real estate investment trust (REIT), they soon needed to comply with Sarbanes-Oxley (SOX) and external audit requirements, including controls over security access in D365FO. They needed to quickly find a solution that would integrate well within their D365FO environment and provide detailed audit reporting, SoD visibility, and scalable task-based roles for future growth.
The Solution
The customer acquired Fastpath Assure® and asked for implementation partners that could support them and solve their problem within the timeframe allotted. They reached out to Protiviti, a global consulting and internal audit firm, to assist with the Fastpath implementation, the security redesign build process, and establishment of governance processes to protect their new security architecture. A SoD risk framework had to be established and configured within the Fastpath software. The framework provided the rules for how the new roles can be built. Once the ruleset was configured within Fastpath Assure, the team used the solution to help build security roles that aligned and complied with the SoD framework, designed processes for managing their new risk framework, and implemented the new roles throughout the organization.
Operational Impact
Quantitative Benefit
Case Study missing?
Start adding your own!
Register with your work email and create a new case study profile for your business.
Related Case Studies.
Case Study
Remote Monitoring for Environmental Compliance
Emerson wanted to provide a connected environmental analyzer to their customers. They wanted to leverage IoT technologies to provide a software solution that was easy to use, real-time and centralized. Compliance with pollution control board guidelines and the ability to remotely calibrate and troubleshoot these devices was the primary objective. Requirements - Centralized Remote Monitoring. - IoT Based Smart Environmental Analyzers. - Remote Calibration and Troubleshooting. - User Friendly Application. - Reporting & Dashboards. - Compliance with pollution control board guidelines.
Case Study
Enel Secures Italian Power Generation Network
Electric energy operators around the world are working to increase the reliability and cyber resiliency of their systems. This includes Enel, a global power company that manages and monitors the Italian power grid. This grid:• Serves 31 million customers• Has a net installed energy capacity exceeding 31 gigawatts• Includes more than 500 power generation plants,including hydroelectric, thermoelectric, and wind• Is managed and monitored by Enel 24/7/365• Is operated by Terna, the Italian Transmission System Operator (TSO)Enel is responsible for the availability of the grid’s underlying ICS and industrial network. It also manages Regional Control Centers and Interconnection Centers which connect with the TSO. The TSO manages the flow of energy to the grid plus controls and remotely regulates the power generation of power plants, increasing and decreasing power production as required. The complex system of interaction and cooperation between Enel and the TSO has strong security implications as well as operational and business challenges.
Case Study
Securing the Connected Car Ecosystem
In-vehicle communications and entertainment system hosts high-value or sensitive applications. API libraries facilitate communication and sharing of vehicle data. These API libraries are vulnerable to reverse engineering and tampering attacks and may even result in loss of passenger safety. Attackers can inject malware that may be able to migrate to other in-car networks such as the controller-area-network (CAN) bus which links to the vehicle’s critical systems. Software provided for dealers to interface with cars through the OBD2 port is vulnerable to reverse engineering and tampering attacks. Hackers may be able to abuse these tools to inject malicious code into the ECUs and CAN bus. Attackers can lift the cryptographic keys used, and use that to build their own rogue apps/software. Their cloned version of the original app/software may have altered functionality, and may intend to gain access to other in-car networks.
Case Study
ELI LILLY ADOPTS MICROMEDIA’S ALERT NOTIFICATION SYSTEM
Pharmaceutical production is subject to a strict set of enforced rules that must be adhered to and compliance to these standards is critically necessary. Due to the efforts of WIN 911’s strategic partner Micromedia, Lilly was able to adopt an alarm notification infrastructure that integrated smoothly with their existing workflows and emergency hardware and protocols. These raw energy sources enable the industrial process to function: electricity, WIN-911 Software | 4020 South Industrial Drive, Suite 120 | Austin, TX 78744 USA industrial steam, iced water, air mixtures of varying quality. Refrigeration towers, boilers and wastewater are monitored by ALERT. Eli Lilly identified 15000 potential variables, but limitations compelled them to chisel the variable list down to 300. This allowed all major alarms to be covered including pressure, discharge, quantity of waste water discharged,temperature, carbon dioxide content, oxygen & sulphur content, and the water’s pH.
Case Study
Secure and Cloud-based Data Marketplace
The great promise of new connected concepts of industry like 'Industry 4.0' is their ability to deliver a historically unparalleled level of responsiveness and flexibility. While modern supply chains are already heavily integrated and designed to be fluid and fast moving, a large swathe of manufacturing still remains beholden to economies of scale, large production runs, and careful preplanning.The Industrial Internet of Things (IIoT) is set to change this by allowing small-batch or even custom manufacturing on a truly industrial scale. With machines whose functions are not set in stone, but flexible and determined by their operating software and with a new form of connectivity bringing industrial engineers, product manufacturers, and end users closer together than ever before. Ad-hoc adjustments to automotive parts, for example, during active product runs or the bespoke manufacturing of custom sneakers become very viable options indeed.Much of this remains a theoretical vision, but IUNO, the German national reference project for IT security in Industry 4.0 demonstrates the new capabilities in action with a secure technology data marketplace running a smart drinks mixer.
Case Study
Expedia Hosted by 2lemetry Through AWS
Expedia is committed to continuous innovation, technology, and platform improvements to create a great experience for its customers. The Expedia Worldwide Engineering (EWE) organization supports all websites under the Expedia brand. Expedia began using Amazon Web Services (AWS) in 2010 to launch Expedia Suggest Service (ESS), a typeahead suggestion service that helps customers enter travel, search, and location information correctly. According to the company’s metrics, an error page is the main reason for site abandonment. Expedia wanted global users to find what they were looking for quickly and without errors. At the time, Expedia operated all its services from data centers in Chandler, AZ. The engineering team realized that they had to run ESS in locations physically close to customers to enable a quick and responsive service with minimal network latency.
