Сase studies

Governing User
Access in the Cloud

The world depends on Chevron to provide reliable, affordable and increasingly-cleaner energy to drive progress.

Chevron embarked on a digital transformation initiative to automate the mitigation of access risks, simplify business processes, reduce costs and improve agility in an ever-changing business environment. Chevron focused on ensuring access security, improving violation remediation, and automating key reports. Pathlock enabled the company to centralize, standardize and streamline Segregation of Duties (SOD) and business risk review processes across critical business systems.

Chevron Corporation

San Ramon, CA
www.chevron.com

Industry

Oil & Gas

Products and Services

Petroleum, natural gas and other petrochemicals

Employees

161,000

Revenue

$140B USD (2019)

Systems

SAP ERP, SAP S/4 HANA, SAP Ariba, JD Edwards ERP

Governing User Access in the Cloud
Multinational energy corporation Chevron was preparing for an enterprise-wide digital transformation initiative to streamline financial and procurement processes. Key elements of the initiative included securing access control and streamlining Segregation of Duties (SOD) testing and reporting, in addition to moving systems and data to the cloud.
Before: Challenges and Opportunities
  • Automate manual access review processes
  • Improve monitoring and testing of SOD controls across multiple systems (SAP, JDE, Ariba)
  • Improve overall risk profile, fortify fraud protection, and enhance data security
  • Standardize SOD compliance assessments and reporting across systems
  • Move data and processes to new procurement system
Why Pathlock
  • Streamline end-to-end control monitoring and reporting with complete visibility into materialized risks and fraudulent activity
  • Prioritize cross-system risk by quantifying the potential financial impact of access conflicts
  • Seamlessly extend SAP Access Control functionality to multiple mission-critical systems without any business interruption
After: Value Driven Results
  • Moved from periodic to continuous availability of access risk and user activity data
  • Reduced the volume of manually-reviewed user activity data by 70% and time spent reviewing SOD conflicts by 50%
  • Centralized, standardized, and streamlined risk review and reporting processes during COVID-19 pandemic with thousands of remote employees
How Pathlock Helps
50%

Reduction in time spent reviewing SOD risks

70%

Decrease in user data review manually

71%

Reduction in time spent managing external audit

Continuous

Access to risk and user
activity data

Pathlock’s data protection capabilities have helped us enhance security without disrupting work. Users need to have the right access to do their jobs, and Pathlock tackles that while protecting sensitive information.

Director
Governance Risk and Compliance

Pathlock allows us to find out on a real time basis where access violations are happening, identify exactly what caused them, and review whether action needs to be taken. We’re monitoring millions of activities daily which enables us to focus only on the items that represent true SOD conflicts or risks.

Senior Director
Finance

Pathlock retrieves activity data from users so we can understand where access conflicts are. The risk matrix implemented in Pathlock allows us to measure potential impact in Euros for each risk and see the actual user activities that violate access policy. And of course, it’s all automated.

Senior Project Manager
Finance and Audit

At Citrix, we look at access risks and conflicts across systems, not app by app. Pathlock allowed us to standardize and automate access management and SOD analysis across our key systems. We’re more efficient because our teams don’t need to learn new processes for different systems, and we’re more secure because we have cross-system visibility.

Director
Finance and Global Accounting Systems