|
Feature
|
|---|
| Feature |
Function |
Benefit |
| 360-degree view of assigned access |
Goes beyond “who has access to what” to reveal what was done with the access, including policy violations and potential violations |
Provides information to make intelligent decisions concerning user access |
|
| Closed-loop remediation |
- Provides an automated, end-to-end solution for reviewing and revoking access
- Automatically verifies remediation and sends alerts if remediation does not take place
|
- Helps control cost of compliance by automating processes
- Reduces risk of policy violations and compliance failures
|
|
| Rule lifecycle management |
- Applies role lifecycle management technology to audit and role assignment rules
- Proactively determines impact of rule changes on access assignment processes
- Provides API for remotely executing rule assignment and SoD rules
|
- Improves audit effectiveness by capturing rules history
- Provides information for decision making
- Simplifies integration with systems that utilize Role Manager as authoritative source for roles
|
|
| Role engineering |
- Conducts role mining based on organization, user, and entitlement attributes
- Performs both top-down and bottom-up role mining
- Uses rule discovery to correlate rules between approved roles and attributes for use in role assignment
|
- Improves alignment between IT and business organizations by mapping business roles to underlying entitlements
- Reduces the cost of defining roles by automating manual processes
|
|
| Role maintenance |
- Provides role approvals upon detection of entitlement updates
- Performs impact analysis before changes
- Allows for the definition of temporary roles
- Enables simple changes in access based on changes in job responsibilities
|
Improves organizational flexibility by making it fast and easy to change access based on business needs |
|
| Role certification |
Allows for ongoing role certification by business unit managers or role owners |
Improves alignment between IT and business organizations |
|
| Access certification |
Automates existing processes for certifying the access assigned to users by business managers and application owners |
- Reduces costs by automating existing manual controls
- Enhances audit effectiveness by enforcing concept of least privilege
|
|
| Policy enforcement |
- Enables enterprise-level monitoring of access for conflicts in SoD and security policy
- Supports inter- and intra- application policy enforcement
- Provides complete lifecycle management of a policy violation
|
- Reduces business risk associated with failed access controls
- Enhances audit effectiveness by enforcing security policies related to SoD and least privilege
- Reduces costs by automating existing manual processes for enforcing security policies
|
|
| Compliance dashboard |
- Delivers an enterprise view of certification status
- Provides an enterprise view of policy exceptions
- tracks policy exceptions by type and business unit
- Provides historical trending analysis
|
Improves compliance by providing an easily accessible view of activities |
|
| Data collection based on extract, transform, and load (ETL) |
- Enables integration with any resourceful
- Eliminates the need to write connectors to applications
|
- Ensures ability to access entitlement data
- Increases efficiency and cuts costs by reducing time to load data by 70%
|
