Empowering the Human Element Through IGA

MJ Kaufmann

MJ Kaufmann

Security Specialist

As RSA 2020 celebrates the Human Element in cybersecurity, we’d like to take a moment to explore ways in which Saviynt empowers the dedicated members of the security community by pioneering ways to ease the more cumbersome aspects of Identity Governance Administration. Designing smarter security with intelligent identity drives Saviynt’s fierce commitment to innovation which means taking into account the needs of those using our solutions as well as accounting for the human risk factors that we discussed earlier this week. Solid solutions work with the human element not against it. Using deep visibility, frictionless access, intelligent analytics, and intuitive interfaces, Saviynt supports the human element in cybersecurity by automating what we can so they can more efficiently keep organizations around the globe secure. 

Least Privilege

We noted in the earlier blog how implementing the principle of least privilege helps reduce the human risk factor for organizations. Least privilege requires ensuring that identities have just enough access to do their jobs and nothing more, and is supported and streamlined by efficient roles and automated addition to the roles. 

Saviynt helps to get to these roles and automation. We create user “clusters” based on commonalities such as multiple HR or identity attributes, then we draw in all of the access and account permissions from across your ecosystem to search for commonalities, also known as “role mining”. Based upon this, we arrive at candidates for hierarchical roles, which your organization can approve. Once this is done, we help tie role membership to business attributes to create birthright roles which provide just the right amount of access to accomplish the tasks at hand.  

Your environment will change, however. New applications are added, new business hierarchies defined, and old environments decommissioned. Your roles will need to change with this, so Saviynt provides role simulation to understand the impact of changing a role, the ability to compare and rationalize roles to avoid the sprawl of excessive roles, and role history and versioning with a rollback ability. Maintaining least privilege is an ongoing process, and Saviynt provides the tools to assist organizations with it. 

Changing Roles and Excessive Access

Just as roles may evolve and change over time, employees are rarely static within a company. Individuals change jobs due to promotions, departmental moves, or shifting organizational priorities. Security solutions need to take this into consideration. Saviynt understands that these situations can lead to excessive permissions if not properly handled. 

Significant changes to a user’s position or job codes should spark a re-assessment of the complex web of that identity’s permissions throughout the enterprise ecosystem to ensure that the new permission set is not only appropriate to the new position but retains no unnecessary access that was granted during their time in the previous job/position. Saviynt does this automatically, preventing the delays that often accompany manual reassessment.

On the other hand, the individual who is changing jobs may have to maintain some of the responsibilities of the prior job until someone is hired or trained to take on those tasks. When performing that re-assessment of the employee’s entitlements on a job change, Saviynt can trigger a micro-certification which asks the prior manager if the employee needs to retain the permissions for a time. The manager can choose to extend the moving employee’s access and have an end date tied to it. In this way, Saviynt accommodates enforcing an end date on residual access while also enabling the business.

Requesting Extra Access

Individuals will often try to get more access than required to accomplish their job. Excessive access requests are rarely malicious but streamlining the access request process can reduce the risk associated with excessive rights requests. Saviynt’s application access catalog helps business users determine the access they actually need by providing recommendations based upon their job and the access of their peers. We provide roles and templates for ease of bundled access and offer an auto-preview search function to display possibilities as they type. When employees can easily and intuitively find what they’re looking for, the access request is less likely to be unnecessarily broad.

Also, however, employees don’t always realize when they’re asking for access which is high-risk or inappropriate.  Saviynt gives easy-to-understand thumbs up or down signals to indicate access is anomalous and explains if that access is unusual because it violates a control such as Segregation of Duty (SoD), is inherently high risk, or doesn’t match the access of other similar employees. An employee who realizes they are asking for something out of the ordinary, and who legitimately needs that access, can choose to add justification and still submit it to an approver. Employees who don’t have a good reason to ask for the access, however, are alerted and thus discouraged from pursuing it. The human risk of wanting more than necessary is reduced. 

Rubber Stamping

Saviynt understands approving access requests is a cumbersome manual process in most IT environments. Reviewing what group a requester belongs to, researching whether this individual should have access, and ensuring there is no Segregation of Duties violations are all time-consuming tasks for an approver. Saviynt lightens this burden. 

Saviynt provides in-depth visibility throughout multi-cloud ecosystems, distilling down the complex web of information to highlight potential risks and compliance challenges. This encourages informed, purposeful decisions without hours of manual research. Saviynt’s Control Exchange library offers over 200 out-of-the-box controls that cross-map between regulatory initiatives, control frameworks, platforms, control types. These controls can be selectively implemented via Saviynt’s easy drag-and-drop configurator to meet organizational compliance needs and industry standards needs without scripting. 

Saviynt assesses the risk of the access against pre-defined/customized controls, roles, policies, and peer permission-sets appropriate to the request. Through Saviynt’s frictionless access request process, low-risk requests are automated and anomalous/high-risk requests are escalated for approval. If escalated, the approver benefits from the deep visibility offered by Savyint’s analytics which accelerates the approvers’ ability to make an informed decision, avoiding hours spent and large amounts of research. Decreasing friction increases effectiveness. 

Sharing Via Collaboration

While collaboration tools are extremely useful for boosting productivity, they also come with the risk of indiscriminate sharing as those with access to a resource can share it outside of the normal Governance process. Saviynt DAG (data access governance) tool helps to bring the governance model into collaborative environments without interfering with the dynamic agility of collaboration tools.

DAG offers two important features that are often missing in collaborative tools: the ability to limit what is shared and visibility into sharing. When a user attempts to share an asset they have access to, a check occurs to analyze the risk of sharing the data based upon a number of criteria such as the contents, how it is categorized, and who it is being shared with. Based upon how it is scored, it can be allowed depending on the enterprise’s risk appetite or temporarily blocked for an approver to review before going forward. Then to finish the process, the sharing is logged so there is a full audit trail of where the resource was shared from and where it went. 

Wrap Up

Saviynt’s solutions are designed to empower the theme of  RSA 2020, the human element. Utilizing both technology and innovation, Saviynt reduces the human risk factor and eases the workload of the human element. We are proud to facilitate the effectiveness of cybersecurity professionals working with our customers around the globe. We salute all of you. We also acknowledge that no Saviynt solution could even exist if not for the relentless commitment to innovation of our designers and developers who, through their tireless efforts, are also a part of the most crucial aspect of cybersecurity – the human element. Only through the convergence of human creativity, intelligence, and technology can a truly robust security ecosystem be established.  

Saviynt at RSA Conference 2020

The RSA Conference 2020 is in San Francisco and Saviynt is there. We invite you to stop by and see us at Booth #1747 in the South Hall to chat with us. Saviynt ranks in the top third of Inc. Magazine’ 5000 fastest growing companies in the US as well as Deloitte’s Top 500 fastest growing companies. As a leader in converging Identity Governance, Application GRC and Cloud Privileged Access Management solutions, Saviynt is committed to delivering outstanding customer service in a way that bolsters our customers’ cybersecurity risk posture and compliance. Saviynt’s third-generation IGA product (Identity 3.0) is a hyper-converged platform that brings together intelligent Identity Governance & Management, Application GRC, identity-centric cloud security and cloud Privileged Access Management (PAM). Saviynt enables organizations to leverage identity as the security perimeter across a multi-cloud and hybrid IT environment and ensure appropriate access with its usage-driven identity intelligence and analytics. We hope to see you at RSA, you can book a demonstration here.

Schedule a Demo

Ready to see our solution in action?
Sign up for your demo today.

Saviynt named a Gartner® Peer Insights™ Customers’ Choice: IGA Learn More >