Microsoft

Fastpath Assure for MS Dynamics — Q1 2022 Release Highlights

Amy MickleSarah Guthrie
March 17, 2022
4 min read

Fastpath is a comprehensive security auditing and governance tool that provides a platform to monitor user access and segregation of duties risks. The tool can be leveraged across Microsoft’s Dynamics product suite – Dynamics 365 Finance and Operations (D365FO), Dynamics AX, Dynamics GP, Dynamics 365 Business Central (D365BC), Dynamics NAV, Dynamics CRM, Dynamics SL and Dynamics 365 Customer Engagement (D365 CE). Fastpath’s user-friendly interface allows risk management and SOX compliance to be an accessible reality. Fastpath releases several updates each quarter that include new features and functionalities. In this quarterly blog series, we cover key new features for Fastpath Dynamics environments from this quarter’s releases.

Access Risk Monitor

Prior to the Q1 2022 release, Fastpath had the access reviews and segregation of duties modules split into two. However, numerous functionalities were duplicative across the two modules and, as a result, the access review and segregation of duties modules have been combined into a singular module titled access risk monitor. The following modifications will be made with the access risk monitor module:

  • Both the concepts of conflicts within the segregation of duties module and critical access in the access reviews module will be merged into the singular concept, risks. Risks can either be segregation of duties (SoD) risk or sensitive access (SA) risk and can be combined into a singular risk ruleset if desired. The risk ruleset will reduce the setup required by the end-user.
  • The concept of business processes will not change. SoD risks will be comprised of two or more business processes and will use AND logic. AND logic will require a role or user to have access to all business processes in order to be flagged as violating the risk. SA will review business processes with OR logic. OR logic will require a role or user to have access to at least one business process to be defined as having sensitive access.
  • Critical access groups that were configured in Fastpath prior to the release will automatically be recreated as business processes and SA risks as a separate risk ruleset. This will facilitate a more seamless transition for the customer and reduce the setup required by the end-user. If customers would like to have both SA and SoD risks in a single risk ruleset, the customer will have to manually combine the two.
  • SA risks will now be able to be mitigated using the same control library as SoD and appear mitigated in reports. This will provide customers visibility into which SA risks have mitigations and which do not, which will help customers more easily identify SA that may require mitigation.
  • When creating or modifying a risk ruleset, users will have the ability to specify whether an SoD risk or SA risk is being added. The risk type (SoD or SA) will be visible throughout Fastpath to provide an easy distinction. Per Fastpath’s recommendation, if the customer intends to combine SoD and SA into a single risk ruleset, the customer should consider developing a prefix (e.g., SOD, SA) to help distinguish between the two.
  • Reporting will look different. The previous critical access reports will be merged into other reports and will no longer be available separately. Report naming convention will be updated to include the word risk rather than conflict (a list of name changes can be found here under the headers titled Listing of… access requires a Fastpath login).

The new access risk monitor module will result in a domino effect throughout Fastpath. The following modules will be impacted by the change:

  • Access certifications – Conflict reviews will be replaced with risk reviews and can be configured to require the business to review users’ access to both SoD and SA risks. Existing critical access reviews will be converted to business process reviews.
  • Identity manager – When reviewing an identity manager request prior to the release, approvers had to review SoD conflicts and SA separately. With the release, the approver will now be able to view a single section that contains both SoD and SA risks. In addition, the business will be able to view the security roles that were assigned to a user prior to the approval of the identity manager request.
  • Security designer – Similar to identity manager, when a user creates a security model and runs the risk analysis, the user will be able to view a single section that contains both SoD and SA risk.

Fastpath embraces customer feedback and actively works to improve the functionality and end-user experience of their Assure suite of tools. This release included significant modifications that may be more impactful than past or future releases. As such, be sure to review the change notes carefully to understand the impact on any existing environments. The release calendar is maintained on their website.

To learn more about our Microsoft consulting solutions, contact us.

Amy Mickle

Manager
Business Application Solutions

View all posts

Sarah Guthrie

Senior Consultant
Enterprise Application Solutions

View all posts

You may also like

Subscribe to Topics

Protiviti Technology Follow

Protiviti leverages emerging technologies to innovate, while helping organizations transform and succeed by focusing on business value.

ProtivitiTech
protivititech Protiviti Technology @protivititech ·
11h

Learn more about what GRC Managed Service is and what it can do for SAP S/4HANA and SAP cloud solutions in the latest #SAP Blog post. https://ow.ly/OMaL50RfsHw #ProtivitiTech

Reply on Twitter 1781035159438954997 Retweet on Twitter 1781035159438954997 Like on Twitter 1781035159438954997 Twitter 1781035159438954997
protivititech Protiviti Technology @protivititech ·
17 Apr

Protiviti is a proud sponsor of ServiceNow Knowledge 2024—a three-day conference all about #AI. Stop by our booth (#2503) to visit with our team and learn how the #ServiceNow platform makes business transformation possible. https://ow.ly/qa6p50Rh9wf

Reply on Twitter 1780627914964308382 Retweet on Twitter 1780627914964308382 Like on Twitter 1780627914964308382 Twitter 1780627914964308382
protivititech Protiviti Technology @protivititech ·
16 Apr

What is #DesignThinking? Could it help your organization? Find out how Protiviti uses it to help clients build net new applications and modernize legacy systems. https://ow.ly/fMK550Rfsoi #ProtivitiTech

Reply on Twitter 1780204913663873376 Retweet on Twitter 1780204913663873376 Like on Twitter 1780204913663873376 Twitter 1780204913663873376
protivititech Protiviti Technology @protivititech ·
15 Apr

Join our May 2 webinar designed for privacy and security professionals seeking to navigate the intricate nuances of data governance within the ever-evolving global regulatory landscape. Register today! https://ow.ly/hzrG50R4fTX #ProtivitiTech #DataPrivacy

Reply on Twitter 1779872392535212145 Retweet on Twitter 1779872392535212145 2 Like on Twitter 1779872392535212145 1 Twitter 1779872392535212145
protivititech Protiviti Technology @protivititech ·
12 Apr

The latest Technology Insights Blog post offers insight into the unique risks associated with Large Language Models (LLMs) and how to establish strategies to mitigate them. https://ow.ly/q3w550RfbXm #ProtivitiTech #TechnologyInsights

Reply on Twitter 1778890996282982442 Retweet on Twitter 1778890996282982442 Like on Twitter 1778890996282982442 Twitter 1778890996282982442
Load More