Core Security is excited to announce our newest release - Access Insight 9.2! The most exciting part of this release is the added ability to support Segregation of Duties (SoD) which identifies conflicts between roles or entitlements within an organization. Access Insight 9.2 now supports setting up SoD policies for roles and entitlements to allow users to create policies in the Manage Policy page to set up SoD Roles and SoD Entitlement Policies. SoD Violations checks for separation of duties between two roles and sends a notification if there is a conflict. The SoD reports section now includes a comprehensive view of all SoD Violations through three visualizations.
1. Profile Analysis View: This view shows SoD policy violations by user profile. You can toggle user profiles by both Entitlement and Role.
2. Role Analysis View: This view shows a list of conflicting entitlements by Role.
3. Account Analysis View: This view shows a list of conflicting entitlements by Account. With Separation of Duties Violation alerts you can continuously and comprehensively monitor what your organization has access to and when they are in conflict with your policies. What other obstacles does Access Insight help solve? For starters it answers the three challenges that every organization faces: business change, routine change, and infrastructure change. Do any of these situations sound familiar?
• Business Change: You restructure the company org chart, buy and implement a new product, there are changes that happen every day, many without input from the security team as to why and how this should be done.
• Routine Change: Here we are talking about the day-to-day items like hires, terminations, promotions and transfers that happen in your company. With so many people coming and going from your organization you need to stay on top of provisioning and de-provisioning for all applications but there is often times not a system in place to alert you of these changes.
• Infrastructure Change: You’re getting into the mobile market, you’ve decided to put everything in the cloud, it’s time for a system upgrade or a new application; these decisions are made constantly. Just like before, they are not always made by consulting the security team. We’ve said it before and we will say it again, you can’t stop what you can’t see. And if you can’t see it, how can you prove what you are doing is working? Pretty much every industry has rules and regulations when it comes to access management, and compliance regulations are more strenuous than ever. If you can’t show a trail for the auditor when asked, you could be in for punishments both financial and regulatory.
So what is the answer to seeing into your identities and visualizing all of your billions of access relationships? Core Access Insight.