Vennx developed and deployed Oráculo, a platform for continuous corporate access monitoring. The solution was designed to cross data between authoritative sources, HR databases, and final applications, with the objective of detecting inconsistencies, improper access, and status differences between systems. The project meets a critical demand for access governance, information security, and regulatory compliance.

‍

Identified Customer Problem

‍

Before Oráculo was implemented, the Ipiranga and Ultrapar access environments presented significant risks and several points of fragility, including:

1. Access with higher profiles than necessary, creating a risk of undue privilege;
2. Disconnected users who still had access to systems and applications;
3. Active users in applications, but absent from HR databases or official sources;
4. Differences between the status of users in the authoritative sources and in the applications (active/inactive);
5. Low traceability and absence of automated alerts about inconsistencies.

‍

Objective of the Project

‍

The project aimed to establish an automated verification and alert mechanism capable of identifying:

• Improper access or inconsistent with the functions performed;
• Active accounts that are not backed up on official bases;
• Governance flaws in the access lifecycle;
• Data exposure risks or flaws in internal IT controls.

The proposal aimed to reinforce security, regulatory compliance, and the effectiveness of access controls in critical environments.

‍

Achieved results

‍

Although still in a phase of continuous evolution, the Oracle has already demonstrated significant results:

• Reduction of access inconsistencies of approximately 20% for the range of 10% to 15%;
• Identification and correction of improper access not previously tracked by conventional routines;
• Creation of an additional layer of identity governance, based on integrated data and proactive monitoring;
• Direct support for managing access risks, especially in the context of SoX auditing and compliance requirements.

Oráculo is consolidated as a strategic solution in the access governance ecosystem of Ipiranga and Ultrapar. By significantly reducing the number of irregular accesses, the tool strengthens the internal control environment, provides a faster response to emerging risks, and promotes greater security in the management of users on a corporate scale.

‍