GLB, meanwhile, restricts financial institutions' ability to share consumers' personal information, both with other companies and within the organization. EUA products help meet these requirements by providing audits and controlling employees' access to critical customer data. For example, a bank employee in a loan-processing department can see an applicant's data but can't get information about credit-card applicants. Setting up these rights correctly is critical, both to comply with the law and to keep public trust.
Just think of the negative publicity and loss of consumer confidence that follows a security breach. Many large auditing firms (KPMG, for example) require public companies to pass an information security audit or risk having the failure noted on their SEC filings. There's no legislated financial penalty, but shareholders don't like to see such things.
By providing centralized management of access and resource allocation, companies can ensure that strict security policies are followed and identify when access is granted outside the normal processes. This is the basis of provisioning products and can reduce the chances of employees being granted unnecessary access that may breach security policies.
Automating Process Workflow
We've all suffered through manual processes that depend on undocumented phone calls, e-mail or interdepartmental routing of paper-based forms to provision employees. These methods can be time-consuming ("Sorry, the person who handles that is on vacation this week") and error-prone ("I wasn't sure if that box was checked so I didn't create the account"). Auditing is nearly impossible.
