QCloud Security Audit:
Put an End to Painful Security Audits
QCloud makes Segregation of Duties and Risk Controls Easy
Auditing security can be very complex, time-consuming and painful. Unfortunately, it can also fail to give you accurate information or clear answers to help you satisfy your auditors or improve your security.
QCloud is a Cloud-based audit service which analyzes your JD Edwards security and Segregation of Duties (SoD). Simply login to QCloud, request an audit and the results are delivered within hours.
The only technical effort needed is around 30 minutes for installation, followed by a half hour training session for users to find their way around. And then you can receive accurate audit reports whenever you want them, with no technical effort.
QCloud can help you if:
- Achieving and maintaining SOX/FDA compliance is too costly
- You find it difficult to satisfy your external auditors
- You have unresolved audit issues and your next audit is approaching
- You have no understanding of the risks, and have no internal auditors to help
- You have nagging doubts about your security, but don’t really know how to start finding the problems, let alone how to fix them
- You find it hard to get buy-in and budget for security improvements.
How QCloud works
The first time you request an audit, you’ll receive an email with instructions on how to download and configure QAgent. This is the only part of the process that needs technical help and it takes around 30 minutes. QAgent runs on any supported ERP system, located on-premise, hosted, in Oracle Cloud or in a Hybrid Cloud environment.
QAgent collects security data from your ERP system, encrypts it, then pushes it to QCloud. It extracts information on security and access rights; no transactional data is uploaded.
QCloud is hosted at AWS, a leading cloud provider, and at other local Cloud Service Providers. It receives and decrypts the data, then runs the analysis and produces the reports. You’ll receive an email to notify you when the reports are ready, including links to access the audit results via QCloud. The results can be viewed by authorized users from anywhere, at any time.
What the results show
View by user or by SoD rule, with interactive queries so you can drill down to find the details of what’s causing the violations.
Critical Master Data:
Shows users who can access master data or key system configuration data, where inappropriate changes could enable fraudulent activity or jeopardize the integrity of your system, possibly resulting in financial misstatements.
Provides metrics on the status of your security and helps you to clean up by identifying redundant items that could be hijacked and abused.
Metrics about Row and Column security help you to identify excessive use, which could impact system performance.
Watch a short demo
Why choose QCloud?
QCloud analysis and reporting encapsulates Q Software’s 20+ years experience of working with JD Edwards security. We know what you need to look out for.
Using QCloud, you will benefit from the in-depth knowledge of our security and audit experts, and shine a light on vulnerabilities that many people overlook.
See for yourself – try it for free
Why not let us audit your Segregation of Duties and security and show you any weak spots?
We can run a complimentary QCloud audit and show you the results.
Enter your contact details below to find out more:
- Huge savings in audit and compliance effort and costs
- Speedy identification of security problems
- Easy to follow recommendations for remediation
- Shorter audit cycle times
- Better audit outcomes - less risk of deficiencies
- Better protection against fraud
- No need to involve technical staff
- Accurate Segregation of Duties reporting
- Clear information for auditors and business managers
- Better collaboration between IT, Audit and the Business
- Easy, repeatable audit reporting
- No platform - just thorough auditing
QCloud holds a comprehensive set of seeded SoD rules, developed in conjunction with auditors who have many years’ experience of auditing JD Edwards systems. So even if you don’t currently know what the main SoD risks are, you can report on SoD violations in your system straightaway.
You can also customize the seeded rules to suit your needs or upload your own SoD rules if you already have them.
QCloud’s automated in-depth analysis takes into account all access routes to applications to ascertain who has access to what, so security reporting and SoD analysis is much more accurate than using SQL and spreadsheets
Where known, unavoidable SoD violations exist (for example with privileged IT users), you can apply Mitigations.
These won’t show up as violations in subsequent audits, avoiding the risk of wasting time investigating false positives. QCloud reports on mitigations separately so that you can check the validity of mitigated access.
Interactive queries enable you to drill down to find out what’s causing the security problems. You can download the reports as spreadsheets, so that you can slice and dice the data.
The audit report gives a summary of the findings, shows what remediation measures are needed, and suggests changes that will resolve SoD violations.
It’s important to involve business managers in risk management, but nobody wants to plough through turgid, incomprehensible reports. Now they can login to QCloud, view meaningful information about their users’ access, and drill down to spot where changes are needed. It takes much less time to conduct reviews, reducing audit cycle times.
All your audit results are kept within QCloud, so you can compare current results with earlier audits to see evidence of remediation progress, or spot any spikes which may need investigation.
The QCloud dashboard gives a high level view of your audit results, including trends over historical reports, and draws your attention to high risk items.
QCloud uses a Multi-Tenant architecture, so your data is held in a private area and can never be seen by other tenants. All data ‘at rest’ in the QCloud and ‘in-flight’ is encrypted.
Low-cost pricing makes QCloud an easy, low-risk decision. There’s no need for a lengthy evaluation or a drawn-out RFP process – just try it out and see for yourself! It can be installed and delivering results within days, getting the burden of security reporting off your IT team’s plate once and for all.
Unlike complex GRC platforms that offer a huge range of capabilities, but require enormous investment in cost and effort, QCloud is a specialized tool that does a specific job very well for a small price.
Q Agent is platform and database agnostic, so will run on any JD Edwards-supported system.