| |
Home > Products > In Focus
|
In Focus: Controlling Applications
Enterprises and other organizations are finding an increasing need to control their computing applications to achieve greater business efficiency and comply with a wide range of laws and regulations. Controlling transactions by means of internal mechanisms is crucial, but needs to be complemented by external controls that protect the integrity of the application itself.
One dilemma many organizations face is whether to implement controls at an application-specific level or whether to implement General Computing Controls that will centrally regulate a range of applications. On the one hand, it makes sense to have application specialists devise and maintain
controls for a specific application; on the other hand, the wide variety of controls this can give rise to across an organization can prove problematic when audit time comes around, and the benefits of standardized controls can become very clear to organizations.
When determining the strategy for application controls, organizations are advised to look at solutions that can enhance internal controls with proper external controls, and ally an appropriate level of support for specific applications with standard procedures for controlling applications that are embedded in a given organization's IT policy and technical environment. Before looking at what properties such solutions would have, consider the following definitions of internal and external controls.
Internal Controls
Internal controls of applications can include:
- Transaction-level monitoring of application activity
- Roles governing what individual users can and can't do within the application
- Rules governing which resources within the application individual users can access
- Change control for application routines/database tables etc.
Internal controls are application-specific, are typically closely tailored to an organization's business processes and security policy, and are essential for making sure applications are used in the proper way and that data processed in and outputted from applications is correct.
External Controls
External controls of applications can include:
- Procedures regulating external change management for the application (e.g. what computers applications are run on, application upgrades)
- Rules governing what application servers individual users can access and when they can access them
- Access and account control systems
- Patch and technical management of the application
External controls are often similar for different applications, in that they are designed to ensure that applications are properly managed and secured. Ideally, external controls can be applied to a variety of applications within the organization, allowing management policies and administration work to be consolidated.
FoxT ApplicationControl combines internal and external controls
With FoxT ApplicationControl, you get internal and external controls to manage both aspects of application security. A robust set of rules and reports let you proactively tackle SoD issues, while identity and access control mechanisms ensure that applications are protected from unauthorized use. FoxT ApplicationControl allows you to implement a standardized, supported control structure across your business applications.
|
|
|
