Fastpath

Hamamatsu, a company that researches light and develops new products, was facing a challenge with their segregation of duties (SoD) management in their ERP system, Microsoft Dynamics AX. The system did not provide an easy way to manage roles, users, privileges, and duties, which resulted in the IT Business Analyst, Amy Padovani, having to handle all SoD management manually. This manual process of analyzing segregation of duties and locating where there are conflicts took weeks to execute. Hamamatsu needed an automated way to report and correct critical access areas.

SBA Communications, a leading independent owner and operator of wireless towers and facilities in the U.S., was facing significant regulatory and financial burdens due to SOX compliance requirements. As a publicly-traded company, SBA was required to prove control over their financial statements through documentation and testing. This was imposing heavy costs on the organization. The company was struggling with managing Segregation of Duties (SoD) conflicts, maintaining data integrity and audit trail, and managing identity and access. The manual process of downloading monthly security reports and reconciling them was time-consuming and inefficient. Moreover, to comply with SOX, SBA needed to limit system administrator access and ensure that all Microsoft Dynamics GP users were adhering to tighter password policy controls.

After upgrading their Microsoft Dynamics AX system to handle more facets of their business processes, Wilson Trailer found a need to improve their data security. The role based system in Dynamics AX gave the basic user more access than was needed, not to mention more than was safe. Jay Gonzalez, Developer at Wilson Trailer, found the native GRC tools to be clunky and unworkable. When they decided to upgrade Dynamics AX, the company focus was put on business process improvement and security was continually an afterthought. In addition to the upgrade they utilized external add-on applications, which gave special access to their database. Before long the segregation of duties (SOD) risks became an apparent issue. Wilson Trailer had full trust in their staff, but the potential for accidents and misstatements was growing. They needed a solution that could review SOD risks and mitigate conflicts within AX as well as any 3rd party add-on applications. Seeing these issues T.J. Dennis, CIO at Wilson Trailer, began looking for such a solution.

Hearst, a global media and information services company, had implemented Oracle ERP Cloud and needed a tool to maintain high security standards. The company's business environment was complex due to its size and the number of businesses it had interests in, including recently acquired ones. This complexity brought about risks around security, making it critical for the company to ensure security was maintained at the highest level. Hearst brought in Application Security Audit Manager Ivan Ng to assess security controls to ensure they met the company’s requirements.

The Trade Desk, a technology company offering a self-service, cloud-based media-buying platform, experienced rapid growth and went public in 2016. This success brought with it the need for Sarbanes–Oxley (SOX) compliance as well as other checks and balances to ensure smooth operations and audits. At the time of the IPO, The Trade Desk was using Intacct as its ERP system but by 2018 had outgrown it and chose Oracle’s Cloud ERP. After evaluating their segregation of duty (SoD) and other requirements, the company determined that the user access and security product closely associated with Oracle did not measure up to Fastpath Assure.

Box, an enterprise content management platform, faced a significant challenge after going public in 2015. They were required to conduct user access reviews in NetSuite, a process that proved to be time-consuming and expensive. The data generated from NetSuite was overwhelming and unusable for the business. There were thousands of permissions associated with each role, and the list was growing exponentially. One person was dedicated to reviewing every permission and role, a process that took an entire quarter. This inefficient process led Box to seek a more streamlined solution.

Arrow S3, a subsidiary of Arrow Electronics, was recently acquired by a large, public organization and needed to become SOX compliant quickly. The company was struggling with tracking data from certain areas using the standard database log within AX 2009, and identifying specific fields and activities was proving to be cumbersome. Creating all the reports that Arrow Electronics required was also a challenge with the current staff and systems in place at Arrow S3. They needed to be up and running and able to pull reports quickly and efficiently with the current staff.

Opower, a global leader in cloud-based software for the utility industry, was experiencing rapid growth. They needed a Segregation of Duties (SoD) analysis to ensure appropriate user access inside their Intacct ERP system. The organization was using spreadsheets of incompatible functions to manually review their SoD analysis and relying on their employees to know exactly what they could and could not do within Intacct. This process was time-consuming and unreliable. Opower became concerned about their risk and the accuracy of these reviews and knew they needed a better process.

Flow International Corporation, a world leader in the development and manufacturing of ultrahigh-pressure (UHP) waterjet technology and a leading provider of robotics and assembly equipment, was facing challenges in complying with Sarbanes Oxley (SOX) Section 404 requirements. As a publicly-traded company in the United States, Flow International is required to publish information in their annual reports concerning the scope and adequacy of the internal control structure and procedures for financial reporting. Documenting and testing financial controls had proven difficult in the past and they were looking for a better performing solution that would work easily with their new ERP solution, Microsoft Dynamics® AX. The company needed a solution that could simplify their SOX compliance efforts while maintaining strict security standards, ultimately saving time and audit costs.

The customer, a global market leader in the production of fresh berries, faced challenges with their complex global structure. They needed a tool that would simplify the process of adding users and handling segregation of duties to eliminate security concerns and ensure clean audits. The company had 86 entities, including a research arm and multiple entities in Europe, the U.S., Mexico, and Chile—each with unique processes. They moved European operations to Microsoft Dynamics AX on-premises in 2015, with the Americas following in 2016. However, problems arose when it came time for the upcoming audit. Auditors pointed out several issues: There was no way for the company to provide auditors with the information they needed, Segregation of Duties (SoD) were handled manually and therefore were not being sufficiently enforced, and there were several weak or undefined processes, and with the many entities, there were security risks around how the users were being managed.

The customer, a rapidly growing real estate management company, was relying on the standard security roles delivered with the application ‘out of the box’ which inherently contained critical and high-risk segregation of duties (SoD) conflicts. Due to the amount of revenue under management for a large public real estate investment trust (REIT), they soon needed to comply with Sarbanes-Oxley (SOX) and external audit requirements, including controls over security access in D365FO. They needed to quickly find a solution that would integrate well within their D365FO environment and provide detailed audit reporting, SoD visibility, and scalable task-based roles for future growth.

Smith+Nephew, a leading medical technology company, was facing challenges with their aging GRC tool for SAP which needed to be upgraded or replaced in 2019. The existing SAP tool required manual work, making the management of user access within systems a laborious process. The team had to use Excel spreadsheets to check which roles had access, determine whether conflicts existed among them, create SOD reports, and decide how these conflicts should be mitigated. This manual process was time-consuming and inefficient, prompting the need for a more streamlined and automated solution.

The customer, a rapidly growing national manager of distinctive independent, assisted living and memory care communities throughout the USA, was relying on the standard security roles delivered with the application ‘out of the box’ which inherently contained critical and high-risk segregation of duties (SoD) conflicts. Due to the amount of revenue under management for a large public real estate investment trust (REIT), they soon needed to comply with Sarbanes-Oxley (SOX) and external audit requirements, including controls over security access in D365FO. They needed to quickly find a solution that would integrate well within their D365FO environment and provide detailed audit reporting, SoD visibility, and scalable task-based roles for future growth.

GP Strategies Corporation, a global performance improvement provider, was facing issues with the Oracle seeded job roles they were using. These roles presented segregation of duties (SoD) conflict challenges and allowed extensive sensitive access to individuals who did not require it, increasing risk. As a publicly traded company, GP Strategies also had to adhere to the Sarbanes-Oxley (SOX) compliance requirements, which imposed heavy regulatory and financial costs as well as compliance burdens. They needed an audit and compliance solution that would integrate well with Oracle Cloud, provide detailed audit reporting, SoD visibility, and sensitive access analysis without increasing overhead and support costs.

Zoom, a leading video-first unified communications platform, wanted to provide Single Sign On (SSO) capability to their business applications to reduce the fatigue of tracking multiple usernames and passwords for the employees to access their various accounts. The company’s services have seen explosive growth since the onset of the COVID-19 pandemic as a leading resource enabling people and businesses to continue working and communicating in a stay-at-home world. Zoom uses Fastpath Assure for their segregation of duties, identity management, and access certifications.

The customer, a leading provider of time management training and assessment services, was operating on older technology ERP for many years which was stable and had been doing the job adequately, thanks to the 90s mentality of, “If you need it to do something else, customize it.” But, as everyone who has worked with customized software knows, there comes a time when heavy customizations outlive their usefulness. The customer selected and was in the midst of implementing Microsoft Dynamics 365 for Finance & Operations (D365FO), a cloud-based ERP system, which would put the company on the path to transformation, handling complex processes and those processes brought over by previous mergers. And true to the company’s culture of going beyond “good enough,” employees had very high expectations about ensuring a quality customer experience. This event spurred the search for an audit trail tool, as the company’s current solution (HelpSystems) did not have an offering for D365FO.