Identity Audit & Compliance Manager (Deep IACM) is the industry’s most comprehensive solution that provides a ‘layered approach’ to identity governance and administration. Deep IACM does this by discovering deep into applications, databases and systems, where users and their access permissions are stored. While the typical process of discovering users’ access is just to determine whether the users were given specific access rights, Deep IACM, adopting ‘layered approach’, penetrates deeper to bridge the link between all the layers. This information is used for downstream processes such as attestation, compliance, role management, audit and reporting.
Account and Access Reconciliation
Reconciliation of users (employees and non-employees) against their accounts in various target systems is key to governance and administration activities. Deep IACM provides comprehensive connectors for both Trusted Source (HRMS) and target systems to enable enterprises to automate the reconciliation process and provide details across all layers of access. Bridging multiple attribute authority and automatically linking them with target systems accounts’ using dynamic attribute mapping make the discovery or mining process simpler and cleaner.
Enterprises are able to tag sensitive and hidden attributes from trusted source and target systems so that they can be managed within permissible means to meet regulatory requirements for data privacy such as PDPA, HIPAA, SoX and many more.
Deep IACM offers access certification not only of users, but also certification of roles, both business and technical. While user access certification limits who has access to what, role attestation refers to aggregation of access independent of any particular user. Both these attestations have their respective advantages and uses in an enterprise. Deep IACM facilitates user and role attestation with three phase attestation approach, serving as the best practice for enterprises to complete the attestation process.
- Self-service Attestation – In this process, during the attestation campaign, snapshots of users’ access information are put together and automatic notifications are sent out to user community requiring their actions during the campaign period. Users are required to self-attest or declare the accesses they have been granted. Users are required to verify and confirm whether they continue to require such accesses in these systems and applications. As part of this self-attestation process, users can provide justifications/information to make their managers’ review process more focused and efficient.
- Attestation/Access Review by Group (Department/Manager) – In this second part of the attestation process, the Departmental heads, group leaders and managers review accesses of each user under his/her supervision. Information from the Self service attestations is provided to these reviewers so that informed decision can be made during the review process. Managers can avoid manual calls and clarifications with their employees during this review process. In this manner, though the managers continue to be ‘accountable’, the responsibility and information are shared between managers and user community.
- Attestation/Access Review by Business or Endpoint System Owners – In some cases the final step of this attestation process could be the target system owners review and carry out attestation of all the users specific to their application(s). At this stage of attestation, the business or target systems’ owners have complete information from the previous two attestation stages, facilitating easier decision making without impacting the day to day business.
Deep IACM also provide ‘policy-based’ attestation that can be triggered based on employee movements such as transfers, promotions, M&A, re-organization, etc.
Deep Identity – Identity Audit and Compliance Manager (Deep IACM) provides solutions addressing full range of compliance requirements such as excessive access rights, Segregation of Duties (SoD) conflicts, Sensitive accesses and identity and access violations. These compliance checks are in built into Deep IACM and are available out of the box. Policy adherence is checked and Deep IACM produces results for policy violations, reviews, risk scoring, reports and dashboards.
Deep IACM handles compliance checks differently from other regular IGA or GRC tools. Deep IACM spans the compliance checks across multiple layers across operating systems, databases and applications. As part of the compliance checks, Deep IACM also provides comprehensive risk scoring and evaluation of users and the users that have privilege access.
Close-loop remediation ensures follow-on effort is conditioned automatically on the previous steps without any manual effort. Close-loop remediation functionality in Deep IACM allows organizations to implement changes at the target systems based on actions required post Attestation, Compliance or Role Management activities.
The remediation is completed automatically with Deep IM and seamless workflow approval integration. Actions such as revoke access and modify access are part of lifecycle management for user accounts, roles, groups, and profiles all the way down to entitlements/permissions.
Business roles are typically used to define individual job functions within an organization. IT roles on the other hand are created to provide valuable information to construct policies for administration of access and authorization at the target systems. Authorization includes coarse grain and fine grain authorizations. In today’s context, there are multiple approaches to perform authorization functions such as Role-based Access Control (RBAC), Attribute-based Access Control (ABAC), eXtensible Access Control Markup Language (XACML) and many more.
Role mining or discovery process within Deep IACM helps to identify association between users, accounts and groups, and whether or not associations are necessary. Given the comprehensiveness of the connectors, Deep IACM is able to mine information all the way down to actual entitlements,. Deep IACM automates the mining/discovery process and recommend candidate roles. This enables Deep IACM to provide very comprehensive role analysis, modeling, attestation, SoD and role based provisioning with Deep IM integration.
Deep IACM pattern matching technology, role-optimization algorithm and intelligence based attribute bridge helps organizations to embark on role optimization project and increase the overall security and reliability of access management across enterprise. This comprehensive approach also makes Deep IACM the preferred solution especially for organizations that have SAP as their ERP system.
Analytics and Dashboard
To make the governance process relevant to each organization, Deep IACM brings intelligence and computational analysis of historical data, and correlating it against operational data. Deep IACM provides flexibility to filter and search for information with ability to drill down to provide transparencies down to details. This information is presented in a personalized dashboard.
Deep IACM also provides Audit and Reporting, which can be scheduled and delivered to mailbox anytime.