Saviynt Blog | Security News and Research

Simplify Certifications | Contrast Security

Written by Umesh Lella | Oct 2, 2024 9:10:08 AM

Accurate access certifications and ensuring identities have just enough access to maintain the principle of least privilege are core components of successful Identity Governance and Administration (IGA) programs. Saviynt’s capabilities in this area have helped enterprises reduce identity-related risks, improve security postures, and help maintain customer trust for organizations around the world.

Saviynt has helped provide 5+ million revocations of overprovisioned access through more than 80,000+ certification campaigns.

 

A Changing Landscape

Over the past several years, business operations and IT environments have dramatically changed, with new threats and challenges needing to be met. Organizations are experiencing an average 25% annual increase in the number of integrations an organization has, as well as data ingestion from directories, applications, Infrastructure as a Service and modern vaulting platforms, DevOps and CICD pipelines, external security systems including CMDB (Configuration Management Database), SIEM (Security Information and Event Management), ITSM (Information Technology Service Management) and more. This has increased the complexity of organization digital footprints. Saviynt customers run certification campaigns with an average of 500,000 items needing review, often with missing owners or missing entitlement descriptions. Many organizations have also started adopting flattened organizational hierarchies, increasing the number of direct reports under managers. As a result, those managers or certifiers are dealing with reviewing and certifying thousands of line items in the continuous process of maintaining compliance.

Market analysis shows that 60% of data breaches are due to internal identity threats. Identities can be human or non-human, and these threats can be intentional or unintentional, including simply due to a lack of awareness. 

Image 1: Common types of identity risk that can lead to data breaches.

 

With this changing landscape and expanding threats, identity security and compliance postures are more complex than ever, increasing the need to eliminate manual processes and errors to mitigate them. And there are three challenges most organizations face when it comes to properly implementing identity security:

Getting complete visibility: Not having a central identity repository, resulting in fragmented access and making it difficult to get a comprehensive view across the organization.

Rubber stamping: Certifiers making hasty decisions without proper reviews.

Certification fatigue: Certifiers reviewing thousands of identities and access requests to ensure just enough access to reduce risk.

With all of these changes and challenges, intelligence is vital for supporting or improving security, compliance, and mitigating challenges like access over-provisioning. It is also central to adopting automation and reducing governance costs.

 

Intelligent Certifications

Traditional certification processes often rely on manual processes and can be time consuming and error prone. Certifiers also suffer from certification fatigue, leading to ongoing challenges with rubber stamping access. By leveraging the intelligence provided through Saviynt’s intelligence engine, certifiers are able to make more efficient and better informed decisions.

Customers using Intelligent Certifications receive accurate predictions of outlier access that also helps reduce certification fatigue. Saviynt Intelligence analyzes 14+ risk signals, including peer access recommendations, segregation of duties (SoD) violations, previously or last certified users and accesses, out of band access etc. This improves access revocation of critical or low confidence items by 75%. Certifiers get a trust score along with a user-friendly summary of risk signals that will help make faster and better informed decisions. 

 

Image 2: Certifiers are provided with accurate trust scores along with the reasons why a recommendation has been given

 

We will also soon be releasing a Copilot for certifications which is a game changer for the industry. The co-pilot will relieve certifiers from the burden of making every decision, which decreases productivity and can continue rubber stamping processes. Our Copilot assists certifier decision making by providing detailed recommendations for the certifier and in the coming weeks will expand to include the automation of approvals of high confidence/low risk access through the use of scoring thresholds. These thresholds are based on the platform’s use of multi-dimensional trust scoring that normalizes risk signals and trust scores to create a single, weighted score for increased accuracy. The flexible model allows customers to adjust the signal weights per their security and governance policies.

 

Image 2: Saviynt’s Copilot for Certifications assists certifiers by recommending automated actions. Certifiers can review recommendations made by Saviynt before submitting final decisions.

 

These foundational elements pave a path to provide pre-launch analytics to our customers that can predict the success and quality of their campaigns. The Copilot will also integrate with Large Language Models (LLMs) to enable interactivity with the certifiers by leveraging real time information, and saving time by reducing consultation with subject matter experts (SMEs).  

As mentioned at the beginning of the blog, many campaign items miss ownership and lack, or have, poor entitlement descriptions. Saviynt will also be adding capabilities in the near future to eliminate these challenges. With metadata enrichment, we will be able to further simplify the certification process by suggesting entitlement and role descriptions. By filling in the blanks, certifiers will be able to accelerate the decision making process and feel more confident that they are approving or denying the right level of access for each identity.

 

Summary

In essence, Saviynt Intelligence is not just about mitigating risks and cutting costs—it's about simplifying complexities, ensuring scalability, and enhancing user experiences. It's designed to be user-friendly, making the certification process more manageable and less daunting for the certifier. The result is a stronger identity security program as certifiers are able to make smarter, more informed decisions that shrink the threat landscape when approving or denying access to critical information.

You can learn more about Saviynt’s Intelligence Suite by visiting our website or by reaching out to your Saviynt account team to schedule a demo.