top of page

【Classic Enterprise Case Studies】Just-In-Time Access Connection Approval allows for controlling the time and scope of user privilege access to minimize potential risks



Case Introduction: Regulatory Compliance New Tool - Connection Authorization Feature Helps Safeguard Enterprise Security


User Background:

IT Manager at a Financial Institution - Manager Zhang


Scenario:

Due to recent financial information protection laws, financial institutions are required to strengthen controls and supervision over their information systems. As the IT manager, Manager Zhang is responsible for ensuring the security and compliance of the financial institution's systems. He needs to find a convenient and secure method to manage employee connections in line with the new regulatory requirements.


Solution:

Manager Zhang adopted the Connection Authorization feature enabled by MAVIS. This feature allows him to establish connection authorization policies within the system, requiring employees to submit connection requests for evaluation by designated reviewers. Only upon approval of the connection request can employees proceed with the connection.

This design ensures effective control and supervision over connections, helping the financial institution meet compliance requirements. Manager Zhang can easily track everyone's connection activities through MAVIS's Connection Authorization feature to ensure all operations comply with regulatory requirements.


 

Case Introduction: Breaking Through Tradition - A Fresh Approach to Healthcare Information Security Management


User Background:

Information Security Manager at a Healthcare Institution - Manager Li


Scenario:

Manager Li is responsible for information security at a healthcare institution, handling a significant amount of sensitive medical information, requiring strict control over system access by employees and healthcare professionals while ensuring compliance with relevant regulations and privacy standards. The healthcare institution needs a new management approach to ensure the security and compliance of system access. Traditional management methods are no longer adequate, necessitating a fresh solution to address this issue.


Solution:

Manager Li opted for a solution combining RBAC (Role-Based Access Control) and Just-In-Time Connection Approval. This solution allows the healthcare institution to categorize employees and healthcare professionals into different groups based on roles and responsibilities, while requiring all connections to be pre-requested and reviewed.

RBAC categorizes employees into roles and groups such as doctors, nurses, medical staff, etc., and assigns specific access permissions.

Just-In-Time Connection Approval requires employees to submit connection requests, which are then reviewed by the security team or managers. Only after approval can employees connect to the system.

This innovative solution ensures the security and compliance of system access at the healthcare institution, enabling Manager Li to effectively manage access permissions for employees and healthcare professionals while ensuring all connections are authorized and reviewed, thereby enhancing overall system security.


 

Know more about MAVIS Just-In-Time Access (Connection Approval)


Connection Authorization is a crucial feature that helps organizations effectively manage and monitor connection permissions to ensure system security and compliance. MAVIS provides this powerful capability, allowing managers to better understand user connection behaviors and manage connection authorization and approval effectively.

Specifically, MAVIS's Connection Authorization feature achieves the following objectives:

  • Connection Application: Users can submit connection requests through MAVIS, specifying protocols, timeframes, and reasons for the request. This design ensures the reasonableness and effectiveness of connections.

  • Approval Process: The system promptly alerts reviewers to conduct evaluations. Reviewers can view all pending requests and approve or reject them based on policies and compliance requirements.

  • Request Status: Requests have different statuses including pending, withdrawn, expired review, approved, rejected, and approval revoked. These statuses help users and reviewers understand the progress and outcomes of connection reviews.

  • Notifications and Logs: Applicants receive relevant notifications during the application process, such as request expiration, approval, rejection, and approval revocation. Reviewers can view audit logs to track all changes and operational histories of requests.

MAVIS's Connection Authorization feature ensures the reasonableness, effectiveness, and security of connections throughout the application, review, tracking, and monitoring process, helping organizations achieve higher levels of security and compliance.

Comments


  • 5168781
  • LinkedIn_icon_circle.svg
bottom of page