To separate certain duties or areas of responsibility so that they cannot be assigned to the same person. By defining Segregation of Duties, you reduce opportunities for unauthorized modification or misuse of data or services. Segregation of Duties is a primary internal control with the intention to prevent errors or irregularities, identify problems and mitigate risk.

To understand Segregation of Duties (SODs) within OIA, you must first understand that it comes in two forms - Detective and Preventative.

• Detective SODs - It's both considered a strategic/tactical approach by detecting toxic combinations against any subjects (Identities) and/or objects (Roles, accounts, Entitlements, IT Policies) within your business. These are often used for specific queries to determine violations across multiple applications when required.
• Preventative SODs - Considered more a strategic enforcement of rules thus ensuring that toxic combinations are prevented. These are often pre-defined SOD rulings with a structured understanding for their intended audience. Business Management May use preventative SODs as an enforcement between business roles, IT security may use preventative SODs with an understanding of cross-platform applications. Both should be considered separate to avoid confusion.

Both with this in mind, both IT security and at the business level are taken into account though essentially it's management who should take responsibility of (preventative) security enforcements. Due to the size and granulated complexity of IT access, it can become increasingly difficult to define. Understanding associated business roles can be considered simpler, though not necessary the case as the constant dynamics of the business units will demand constant changes and a burden on managing the role management framework.

You must first enable to exclusion tab within OIA to begin configuring preventative SODs within OIA. Here is a short blog on HOW TO enable the 'exclusion tab' within OIA

About the author