Moving Access Governance to the next level: Beyond check-box compliance
- LANGUAGE: English DATE: Tuesday, November 19, 2013 TIME: 5:00pm CET, 11:00am EST, 8:00am PST
Identity Access Governance and Intelligence (IAG/IAI) is one of the key disciplines of today’s Information Security. While many organizations still are in the deployment phase and focus on fulfilment of regulatory compliance in some selected systems, the challenges already have changed. It is not sufficient to govern access in SAP environments or some few other IT systems to really tackle all of today’s Information Security challenges. The threat landscape is changing and attacker tactics have fundamentally changed, resulting in adversaries that are more formidable than ever before, and who can’t be stopped effectively using today’s tools and methods.
Today’s Information Security organizations are being asked to secure information in this changing landscape. Unfortunately, not only the threat landscape is changing, but today’s organizations are increasingly agile. For Access Governance, the challenge is to secure information in a dynamic environment the Information Security department does not own, manage, or control. Business processes are changing, applications are purchased, Cloud services are ordered, organizational change happens – all out of control of the Information Security department. Nevertheless: Information needs to remain secure.
Obviously, the common check-box compliance approaches, targeting some few systems and typical risks, are not sufficient anymore. They frequently ignore large portions of the IT infrastructure, from individual IT to IT in production environments. They are not made to withstand continuous change. They are not built for covering access risks by external attackers.
Agile, connected businesses in a world of change – both from a business and a threat perspective – need new approaches, beyond traditional check-box Access Governance. Here Access Intelligence comes into play – and here the integration with other areas of Information Security becomes relevant.
In this KuppingerCole Webinar, Dave Kearns of KuppingerCole will talk about the emerging trends in Information Security that affect Access Governance. He will look at the current evolution of Access Governance, the pitfalls and shortcomings of common approaches, and the areas where KuppingerCole expects innovation for Access Governance.
In the second part of the webinar, Jason Garbis of RSA Aveksa will dive deeper into how to combine Access Governance, Access Intelligence, external Threat Intelligence and other security solutions and services with IT GRC approaches to move from a reactive to a preventive Information Security approach. Based on deep intelligence, this approach provides insight into what users should and should not have access to, how organizations are exposed to the risk of excessive privilege, how they are challenged by potential data breaches and regulatory non-compliance. Based on that insight, organizations can really start mitigating their access risk and move to the next level of Access Governance.
Aveksa was founded by a team of identity and access management pioneers, whose successful track records include Netegrity, Banyan Systems and PowerSoft. They recognized that businesses are struggling to achieve security governance across the enterprise, and are unable to efficiently or effectively manage the risk of inappropriate access to enterprise information resources.
From the time of our founding, we’ve focused on helping security teams and business managers collaborate on these objectives, through the automation of the many critical, yet manual tasks associated with access delivery, change management and compliance across the entire enterprise. We believe that in order to rapidly respond to business and regulatory demands, IT security organizations need an Enterprise Access Governance solution, to manage the complete lifecycle of user access to information resources through an automated, continuous process for access request, approval, fulfillment, review, certification and remediation.
We provide the industry's most comprehensive, enterprise-class, access governance and management solution, helping IT organizations reduce access management complexity and increase operational efficiency, while minimizing risk and ensuring sustainable compliance. Leading Global 2000 organizations in financial services, healthcare, retail, energy/utility, telecommunications, transportation and manufacturing rely on Aveksa to efficiently address access request, fulfillment and regulatory compliance demands.
Since 2006, when we released the first version of our product, we’ve been working hard to make our vision a reality. Our Enterprise Access Governance solutions are distinct in the following ways:
- We make line-of-business managers key participants in access governance
- We support ALL enterprise entitlements and roles; and enable role-based governance
- We provide reports, certifications and analytics that are easily understood by business users
- We enable and track entitlement changes
- Our solutions are designed for fast deployment and massive scale
- We embrace, complement and integrate with identity management and change management systems
- Aveksa's growing customer base includes leading organizations in financial services, health care and manufacturing. Our customers tell us that “we get it.” We think you will too
There is growing interest in deception as a methodology and as an integral part of cybersecurity architecture, as organizations seek more effective approaches for detecting and responding to threats in real time. Distributed Deception Platforms have made this approach practical and affordable for the first time, but choosing the right solution can be challenging.