Completion of the Development Sprints
The next stage for the User Guardian project would be to complete it and have it running as a working prototype. The User Guardian could be offered for free to business in exchange for joint development time to trial the prototype with actual user access attributes.
The results of this phase would be used to develop a beta version of the software, with refinements made based on the customer's feedback.
A strategic decision would need to be made based on the effectiveness of the beta tool if it should remain a stop gap lightweight tool, or be developed further. The options would be:
The real-time reporting would move the tool into the large enterprise market, where it would need to be scaled up to support greater numbers of users and applications.
Real-time Protection for Medium and Large Scale Deployments
If the real-time option was developed it could be possible to use the tool as a security sensor, providing constant log file capturing and aggregation that monitors user access attribute changes over time.
User Guardian would differ from typical monitoring tools as it could detect the real-time access control breaches based on application attribute changes within the application.
This could be an effective early warning system in the event of an administrator applying a combination of application rights that could cause organisational risk.
The real-time logging could track incidents where application rights are applied and then removed to cover any foul play after a security event has occurred. These logs could forensically support any discrepancies or tempering of application log files if the attacker disabled or replaced the server logs in order to cover their tracks.
To be most effective the real-time protection would need to be done in combination with BIA (Business Impact Assessments) to monitor privilege change in sensitive operational systems or systems connected to business critical functions.