Learn more about ICRare Learn more about ICPolicy Learn more about ICLite
View ICSynergy's complete list of services, including Identity Management Strategy, Solution Archictecture and Project Management
Read more
What is Identity Management and what is ICSynergy's IdM Philosophy?
Read more

Manage Security Policies with icPOLICY™

The Challenge.

Due to the formation and establishment of regulatory bodies requiring compliance with and the implementation of various security measures around organizational responsibility and ownership of system access, organizations have put in place many different manual processes for the review and approval of system access by responsible parties. These manual processes show who has what access and that it is appropriate, however, they are disconnected, and are scattered throughout the organization. This causes these processes to become error-prone, and require significant effort by expensive skilled engineering resources for initial implementation and ongoing maintenance.

In addition, organizations are struggling to enforce segregation of duties and other policies around concurrent access to capabilities across applications in the typical enterprise. Generally, enforcement of business rules is handled using paper approval processes and periodic review by knowledgeable parties. These processes are time consuming because approvals generally take a long time and add workflow steps; they also consume energy of valuable resources for the rules around periodic access review.

example:

An example of some of these processes would be:
UNIX engineers extracting accounts from hundreds of Sunix servers across datacenters, tracking down owners for the accounts, and somehow having those resources certifying that the accounts are in fact correct and accurate. This process needs to be done every 90 days in order to comply with Sarbanes-Oxley and PCI requirements.

The Solution.

There are a number of solutions that have been developed to address this challenge, and number of products that have entered this space of the Identity Management challenge. Sun recently acquired Vaau (now Sun Role Manager), which is designed to help automate the compliance activities.

ICSynergy has developed a deployment methodology that integrates the attestation and compliance capabilities of Sun Role Manager with the IcRARE™ and icLITE™ product enablers and methodology to deliver an integrated, end-to-end entitlement management solution that enforces preventative and detective controls in a cost-effective, easy-to-deploy fashion.

Features:

This product enabler delivers a robust, integrated approach to closed-loop compliance management via:

  • Automated, preventative and detective cross-application enforcement of Separation of Duty and other policy restrictions
  • Periodic access review by application owners and managers with IcRARE™ integration to allow remediation requests to occur
  • The ability to detect changes that not initiated through the preventative, request workflow system (IcRARE™)

Curious?

Want to know more? Contact Us!