13 Nov Control authorizations with Dynamics NAV and 2-Control
We did not want to leave Directions EMEA 2018 without first having a conversation with Arno Mouwen, owner of the Dutch company 2-Control, with whom we talked about his solutions, which allow us to solve all the possible security problems in Dynamics NAV and we exchanged the vision about the future of the ERP industry.
After more than 12 years as an IT auditor and experience in the Dynamics universe, 2-Control was born with the aim of helping companies that use Dynamics NAV to manage security, control, automation and data protection problems.
The authorization solution for Dynamics NAV
Arno defines its product suite as “an extension of its expertise” and is made up of different products. We focused our conversation basically on Authorization Box, the authorization solution for Dynamics NAV, the benefits of which Arno summarizes in 3 points:
- Simplifies the authorization assignment process. In addition, it also offers the possibility of creating roles within Dynamics NAV. It will be the tool that will alert us if there are duplications in the system and indirect gaps.
- It offers the possibility of implementing the best possible security (data security, validations, failures, etc.) in the management of authorizations. Through a visual organization chart, it will be very easy to manage the authorization circuit quickly.
- It offers the possibility of checking, through a single button, the quality of authorizations (segregation of functions, gaps in user permissions, among others) and offers a monitoring function.
Arno is convinced that a good authorization structure can improve the security and internal control of Dynamics NAV. For example, in the payment process, which is the most risky for companies to fraud. What would be an example of poorly managed authorizations? If the same person who is in charge of changing bank accounts, it is also under the control of preparing the payments. So it would be very easy to divert money to other accounts and commit fraud. In this same example, the Authorization Box would alert about the security breach of these permits.
And the good thing is that the solution already offers a list of the most common standard checks and potential conflicts depending on the industry.
Suitable for small companies?
Reading this post, anyone would think that this solution is designed only for large companies, but it is not so. Arno recognizes that, although it is true that in large companies there are more resources allocated to the control of this type of procedure, small companies should not give up at least identify possible security breaches that may have in their implementations. And this is why we talk about risk mitigation, that is, if a CEO has identified the possible gaps and risks that exist, if he/she adds one more person to the team, they can decide if theywant to assume that risk or not and, for example, check Payments manually during the first months thus mitigating a possible security breach.
For this reason, he recommends the implementation of this solution to companies that, even if they are small, are planning to make great growth in the short term. “This way they will be able to know of the certain thing that all the circuit of authorizations is in order and they will be able to grow calmly without worrying about possible security risks”, explains.
Although the product is intuitive and easy to use, Arno always recommends a training session prior to any implementation with the 2-Control team. “We want the client to understand the philosophy on how to implement a circuit of authorizations correctly, the implications of each decision and discuss the value they want to give,” Arno explains.
And for the circuit to remain in effect for a long time, the solution includes an alerting and monitoring function that alerts the IT controller or the designated person about a breach in the authorization system, which could occur, for example, if a user changes permits or approvals.
Another of the modules that make up the 2-Control suite is Field & Dataset security, which allows you to refine authorizations at the field or data set level. Because as Arno explains, it does not make sense that a user who only has to fill in a field, has access to the whole complete picture. In this way, we can manage authorizations at a millimeter level.
What does the future of Dynamics hold?
Finally, we still had a little time to talk about the future of Dynamics and the new challenges of the sector, a topic on which Arno highlighted the challenge of controlling traceability and data maintenance in Microsoft’s Common Data Model. And all this without forgetting new fronts of action that opens the application of the regulation of data protection, known as GDPR, which is also giving a lot of work to companies that handle personal and / or sensitive data.
Undoubtedly, an enriching conversation about a solution that could be of vital help for companies that want to reduce risks in their implementation of Dynamics NAV.