Northumbrian Water is responding to demands from
industry regulators to demonstrate best practice in IT security by
rolling out software to control the access rights of 2,000 staff to
the firm's Windows and Unix systems.
The software, called Cosuser, will ensure that employees only
have access to the databases and computer systems they need in
their work, and that their passwords are automatically deleted when
they leave company.
Cosuser will help Northumbrian Water demonstrate it is following
best practice to Ofwat, the water industry regulator.
The system will also help Northumbrian Water improve efficiency
by reducing the time taken to provide new staff with access to
computer systems, from over a week to a matter of hours.
"When user provisioning is handled manually, it is difficult to
enforce best practice, especially for new users who need access
quickly. Cosuser enables our formal processes and procedures to be
defined and audited," said Malcolm Beckwith, datacentre
manager.
Northumbrian Water said the system has helped it to reduce the
number of IT staff involved in setting up user access from 22 to
six, freeing them to work on more productive projects.
Previously IT staff had to send e-mails and negotiate with
departmental "super-users" to give new staff access to the
utility's systems. Cosuser allows the process to be carried out
automatically through a web interface.
The system, supplied by OSM, will also allow systems
administrators to drill down into user data, to produce management
reports showing which users have access to certain systems.
Northumbrian Water began rolling out Cosuser to its Unix and AIX
systems last year. It plans to extend the system to cover Windows
desktops and Citrix terminal servers over the next 12 months.
The system controls access to applications such as customer
billing, payroll, HR databases and delivery systems.
The biggest challenge in implementing the new systems have been
cultural rather than technical, said Beckwith. "People are very
hesitant to change to new technology, new processes. People
sometimes find that a threat. It requires a buy-in from all
departments and the technology groups within the IS
department."