Search:
Home Products Solutions Partners Customers News & Events Resources Corporate Contact Us
Home
 
 
Read a Customer Story
   
Download a Brochure
   
5C�s of Role Management
Request More Information
   
Sign Up for Announcements
   
Request a Demo
 
 
 
Enterprise Role Management
   
Role-based Identity Management
   
Entitlement Compliance Management
   
Privileges Quality Management
   
Identity Management Preparation and Gap Analysis
   
Eurekify Sage Survey
   
Single Platform Solutions
   
 
 
 
�We have used Eurekify's Sage to build a few roles for thousands of users. It is clearly an easy method to create roles and maintain them�, Peter Zuenti, Consultant.
 
 
 
�Sage Discovery and Audit provides a quick and easy insight of the authorizations within a company�s infrastructure. Sage helps customers realize the benefits of RBAC�, Koos Jennekens, Senior Consultant.
 
 
 
�Sage provides instrumental tools for managing Roles. With Sage, our customers can very simply and quickly add new Roles or modify current ones according to organizational demands�, Franco Rasello, CEO.
 
 
 
�In order to control user permissions as well as being compliant with regulations, the Identity Management solution alone is not enough. The right way to start with a provisioning solution should be optimizing Roles�, Franco Rasello, CEO.
 
 
 
"In my experience, role-based management is critical for achieving the true benefits and ROI of Identity Management implementation.", Marc Sel, Director - Security Solutions, PwC Belgium.
 
 
 
�We have made incredible leaps forward by applying Eurekify technology to speed up the process aimed at pinpointing user profiles and roles�, Rob Bus, Managing Director.
 
 
 
�Sage is the perfect tool for assessing specific needs within a large organization. It is also important for attaining administrative efficiency, reduce employee downtime and to improve security�, Ophir Zilbiger, CEO, Secoz Ltd.
 
 
 
�Role definition applications can significantly reduce the cost of the process (by 40-60% according to a leading systems integrator). To our knowledge, Eurekify and Beta Systems are the only vendors in this space.�, Michael Tieu and Andrey Glukhov.
 
 
 
�From Years of experience in implementing enterprise user administration systems in large environments, we strongly recommend a structured and business-aligned approach to the implementation method...�, Jesper Oestergaard, CEO.
 
 
 

Overview

Organizations today must be able to demonstrate compliance with various industry and privacy regulations such as Sarbanes Oxley, HIPAA, FERC, Basel II, etc. Sarbanes Oxley requires that: “Access to resources should only be granted in accordance with a person’s exact needs as defined by their job function”.  The organization and its executives must demonstrate compliance with requirements such as:

  • Segregation of Duty: Who has a combination of access rights that may present risk to the company, violating regulatory requirements or policies set by the internal audit committee?
  • Sensitive transactions and Privacy: Who has access rights to transactions that are highly sensitive, or to private information of consumers
  • Collectors: Who is still holding rights to privileges s/he no longer needs (often associated with historical business roles?
  • Level of risk: Which privileges, and more importantly which combination of access rights represent low, high, or unacceptable risk level?

Since regulations hold security officers and executives personally responsible to instill proper IT controls. Thus, regulatory compliance and corporate governance drive organizations to invest more in improving the quality of privileges, and in aligning them with business practices. Furthermore, since the organization changes continuously, and since regulations also change from time to time, the organization must implement a flexible compliance demonstration system and processes. To be able to perform compliance tasks repeatedly, sophisticated companies are seeking ways to automate privileges review processes, as well as periodical verification of compliance with Segregation of Duties (SoD) and other business restrictions on the distribution of access rights.

The Need

Organizations need to deploy a system and processes that would enable them to automate compliance management tasks:
  • Automating demonstration of proper IT controls and compliance with SoD and other business process rules.
  • Automating the process of privileges review by business managers, enabling completion of such certification quickly and with minimum interruption to business.
  • Automated identification of exceptional privileges, and the repair and cleanup of privileges and groups in various levels of granularity.
  • Ability to quickly review privileges from across systems and applications, and to answer common privileges and audit questions.
  • It is important that such system be flexible enough and easily adaptable to changing business environment and regulatory requirement.
Organizations that implement compliance management solutions must ensure that their solution works well both as an independent solution as well as in concert with Identity Management and Provisioning solutions, providing the latter with all relevant privileges quality, identity audit, identity governance, and role model management capabilities.

Key Deliverables

Eurekify Sage ECM provides a powerful and flexible framework for corporate IT governance and compliance management:

  • Rich and flexible editor to create and maintain organizational policies with SoD rules and other business process constraints, and across multiple platforms and applications.
  • Automated batch processor retrieves current privileges, and verifies them against organizational policies to yield an up-to-date set of violations, and/or to demonstrate full compliance.
  • Quick and easy to set up a web-based facility for privileges certification/attestation by business managers as well as by resource owners. Eurekify analytics technology empowers business owners by highlighting suspicious privileges that may require more attention.
  • Automated detection of out-of-pattern privileges and various other exceptions and deviations.
  • Interactive application allows tracking and critiquing exceptional privileges, privileges reviews, and policy violations.
  • Easy to use browser provides for immediate visual inspection of privileges, as well as querying
    All Eurekify Sage functions can be applied at any level of granularity, and to any combination of systems and applications.

Five Quick Steps to Compliance

Eurekify Sage ERM is designed to provide a clearly documented set of privileges and IT controls. A quick 1-2 week assessment project will highlight the main areas where it would be most beneficial to invest compliance efforts. Thereafter, Eurekify suggests an incremental 5 steps approach towards full compliance with IT controls requirements:

  1. With Eurekify, you will immediately gain control of privileges by reviewing and querying all privileges across platforms in one central location or identity warehouse.  Sage’s rich auditing functionality allows quick identification, analysis, prioritization and correction of risks and violations.
  2. With Eurekify pattern-based analytics, you would discover hundreds and thousands of exceptional access privileges, within days and even hours. An initial cleanup process is easy to manage and will rid of many unnecessary and incorrect privileges, group definitions, etc.
  3. Web-based privileges recertification and attestation campaign is easy to set up, and will let business managers quickly and effectively sign off on privileges, while helping you cleaning up an additional layer of incorrect privileges.
  4. Quickly automate the detection and remediation of privileges that violate segregation of duty rules and other business process constraints. Compliance demonstration and reporting is quick and easy to attain.
  5. For the longer term, manage privileges based on business and IT roles. Quickly construct and easily maintain a role-based privileges model that best reflects business practices.

With Eurekify you will quickly implement a compliance response environment.

  • Provides a central view of privileges across platforms in one Identity Warehouse
  • Leverages common business language and interface to easily define business process rules
  • Offers a web-based collaboration environment for auditors, business managers & IT

With Eurekify, you will deliver compliance results immediately.

Back to top of Page

 
 
 
   
 
Identify your own IdM needs Prepare for IdM project & evaluate alternatives Make your existing IdM deploument Role-Based Audit existing privileges, roles and policies