Saviynt https://saviynt.com Mon, 13 Aug 2018 05:14:45 +0000 en-US hourly 1 https://wordpress.org/?v=4.9.8 Putting Governance Into Your DevOps Processes https://saviynt.com/blog/putting-governance-into-your-devops-processes/ Tue, 07 Aug 2018 18:06:59 +0000 https://saviynt.com/?p=33412 There are many possible avenues, access policies and service misconfigurations leading to data exposure when managing and protecting workloads in IaaS environments. According to recent statistics, as many as 7% of all S3 servers are completely publicly accessible without any authentication and 35% are unencrypted. And if the incidents of the past six months or...

The post Putting Governance Into Your DevOps Processes appeared first on Saviynt.

]]>
There are many possible avenues, access policies and service misconfigurations leading to data exposure when managing and protecting workloads in IaaS environments.

According to recent statistics, as many as 7% of all S3 servers are completely publicly accessible without any authentication and 35% are unencrypted. And if the incidents of the past six months or so are any indication, these aren’t low-value data stores.

The challenge is, governing who or what can access cloud-based workloads while in rest or transit needs to be different than the way you’ve been governing identities and data in on-premises environments. Because these environments are different, you could be opening your critical applications and data to hackers, which results in the plethora of data hacks we see today.

National Credit Federation – December 2017
Data Exposed: 111GB of detailed financial information–including full credit reports–about 47,000 people. This credit repair service put the financial lives of tens of thousands of customers at grave risk when it left extremely detailed financial information publicly available on an S3 bucket.

Alteryx – December 2017
Data Exposed: Personal information about 123 million American households
The Lowdown: This marketing and analytics company, which sells data aggregation and analytics for marketing purposes, put sensitive data at risk for the majority of American households.

Despite the significant efforts from the cloud providers in creating awareness of the “shared responsibility model”, providing security controls and trainings, the leaks continue and the damage with each leak is growing in leaps and bounds.  Unfortunately, the cloud industry lacks a sustainable solution for identifying root causes and automated policy-driven remediation.

What’s more, finding the root causes that lead to data leaks costs organizations millions each year in paid consulting services and failed audit fees.

When you think cloud,  it’s so easy to stand up working environment. Which means, it’s easy to create an insecure environment and lose control, especially as it relates to cost and security.  And because developers are responsible for building, managing and deploying workloads to the cloud, the responsibility for securing these environments to ensure security and compliance has shifted to developers. Therefore, the term “shift left” is so ubiquitous today in tech discussion.

At Saviynt, we help organizations using DevOps processes ensure the code used to stand-up workloads cloud-based infrastructure is monitored and managed to prevent inadvertent mistakes made by developers coding the access calls to databases and other connected services for the workloads to work in a secure and compliant way.

In this recording of Vibhuti Sinha’s presentation at ChefCon 2018, he recommends organizations prioritize how to tackle this challenge by focusing on these three preventative areas to light the path for DevOps shops to see what bug fixes and updates are required to truly ensure the access policies and controls in your IaaS workloads are compliant to the principle of least privilege.

Visibility

To see is to know. Learning is how we understand the changes needed for correction. Just as your DevOps teams use workflow visibility tools that help them ensure the quick pace of the software development culture doesn’t manifest a giant string of fluffy, buggy yarn that kids will have a ball with for generations, Saviynt recommends enabling greater visibility via a unified dashboard that intelligently and uses access and use activity of infrastructure workloads in order to detect and correct areas of potential risk.

Identity Governance Administration

In Chef, the new code, if a variant from the norm, becomes the new norm. It’s called Chef for a reason. The great chefs of our time are well known for combining interesting flavors from the spices of multiple continents into something crunchy and delicious that is plated in new and interesting shapes and colors for the pallet. Similarly, code building in cloud environments uses Chef-like tools to foster similar, unique and creative ways to spin-up plates and bytes of object-oriented code delivered as a service to the ever-hungry business that needs to compete and survive in a fast-paced global economy. At the same time, a Chef also must manage the lifecycle of identities within the ecosystem of a restaurant, from kitchen staff to the patrons. The work from end-to-end requires each role to perform distinct, rote tasks for food prep. The server staff calls and picks up orders on demand. And the patrons of the restaurant order food while declaring what they can/can’t eat based on diet or allergies.

Privileged Access Management

If you don’t get what you ordered, you get served another one until it’s just right. From end-to-end, DevOps pros need to include and respect the concepts around role governance, role design, mining, and provisioning in both federated and non-federated environments to ensure access governance best-practices are cooked within the meal at the right time, assembled on the right plate, and picked up to serve when all the guests are ready to consume. Mastery over a good kitchen is mastery of DevOps processes from end-to-end. Everyone is in their station, and no one should have more authority or given more than what they are assigned. A kitchen chef knows the team members have grand ideas and capabilities, but for what is to be delivered in that master’s restaurant environment, privileges are restrained intentionally to enable a stable workflow, so accidents don’t happen. Tools enabling a console to see workflow, including how APIs, CLIs, call for workloads that are fit for purpose using only the ingredients required. Privileged accounts have the power to call for more than what was ordered. Often the result is a separation of duty violation or leaving business critical assets exposed to the threats from hijackers and hackers.

Practical guidance is available from Saviynt on more granular ways to build governance into your cloud environments in this YouTube video and this blog post. Also, check out Saviynt’s Infrastructure-as-a-Service solution that offers pre-configured governance capabilities in one-click, easy to consume services for your cloud environments.

The post Putting Governance Into Your DevOps Processes appeared first on Saviynt.

]]>
Is Identity at the Center of Your Supply Chain? https://saviynt.com/blog/is-identity-at-the-center-of-your-supply-chain/ Mon, 30 Jul 2018 11:22:24 +0000 https://saviynt.com/?p=33402 Who has a supply chain today? For the purposes of this blog installment, I want to first-off take the liberty to expand the definition of “supply-chain” as it relates to today’s digital economy. Traditionally when the term supply chain is used, we tend to think of market segments like manufacturing, retail, etc. In fact, if...

The post Is Identity at the Center of Your Supply Chain? appeared first on Saviynt.

]]>
Who has a supply chain today?

For the purposes of this blog installment, I want to first-off take the liberty to expand the definition of “supply-chain” as it relates to today’s digital economy. Traditionally when the term supply chain is used, we tend to think of market segments like manufacturing, retail, etc. In fact, if you “google” the words here is how they define it: “The sequence of processes involved in the production and distribution of a commodity”.

Today however, as more business go through digitalization and digital transformation, these organizations are finding themselves not only exposing more of their enterprise services as the new way to do business with their customers and clients; but also opening access to critical systems like mainframe, ERP systems, inventory management or other financial and operations “crown-jewel” applications, to conduct business with their partners, vendors, suppliers, etc. For the remainder of this article, I will simply refer to these entities as “vendors”.

By expanding that definition this now starts to include non-traditional businesses managing this set of processes and the vendors that support their business’s ability to deliver their goods and services. Now, we need to include markets and organizations such as; hospitals and healthcare, telecommunications, utilities/energy, hospitality, logistics and even media/entertainment/content companies.

It’s true – almost every company now has a “supply chain”.

What’s more, is that organizations are discovering that reducing costs and improving efficiencies for vendor management within the supply chain can fundamentally help drive more black numbers to the bottom line of the balance sheet. As recently as a few months ago, I had a client in the hospitality business tell me “we are now a supply chain company, that happens to have casinos and hotels” – meaning that managing the economics of their supply chain and the network of vendors that create it, is just as critical (perhaps even more so) as bringing customers through the doors of their business.

YES – Identity is at the center!

As these organizations move more of their processes into the digital realm and expose them online to their “supply chain” – they are also exposing themselves to greater risk. Many of the applications that need to be exposed to drive your business in this new digital world are sensitive and may even be subject to regulations like SOX, PCI, HIPAA/HITRUST, FERC/CIP and GDPR… Oh my!

Meaning that now more than ever it is IDENTITY at the center of it all. Companies must now have an understanding of critical identity controls for; who has access and to what? how they got it? how long do they need it? do they still need it? who approved this access? what they did with it while they had it? Perhaps most importantly being able to provide your auditors and risk-compliance people with evidence of the answers to these questions. Today it is not only a must to protect your corporate brand and customer loyalty… In many cases, it’s the law. Worst of all it could have severe economic consequences for your company – and possibly even you.

Improving controls while streamlining vendor access.

So how do we answer those “who, what, where, when and why” questions, and better yet, ensure the controls are there without creating friction for the vendors in your supply chain? If we make it too hard to do business with our company – we will have a hard time keeping good reliable vendors in our network.

Over the years, I’ve worked with a number of companies, that I believe got it right. I want to share a list of things I’ve seen work for these organizations as they implemented controls within their vendor management processes.

  • Onboarding New Vendors and Users:

Before a vendor can conduct business with your company, you need to onboard and grant access to the vendor itself as well as users from the vendor’s organization. Traditionally this has been done through help-desk and manual processes, but this can take days or weeks to accomplish which isn’t going to improve efficiencies. By exposing a registration portal to your vendors, they can quickly create and maintain a profile with your company and add or remove users as needed to support the scale of your mutual business process.

  • Self-Service, Delegated Administration and Access Request:

Now that your vendor exists and has identities registered with your company, you’ll want to expose capabilities to allow for resetting of passwords and user IDs, as well as request access to your systems for conducting their business with you. If they supply your company widgets for instance, they’ll need access to your inventory control system to understand how many to ship and where. You don’t want to have a large internal staff at your company creating and maintaining these users in all the various business systems. You’ll need to expose excellent self-service and delegated administration functions. The access request mechanism needs to be simple, intuitive and easy to navigate – again to reduce friction and streamline the process. By designating one or more delegated admins, especially in vendors with large numbers of employees, you can streamline access to critical business systems and reduce costs of managing vendor relationships getting a two-for-one benefit that has direct positive implications to the bottom-line of your financials.

  • Approvals and Manual Controls:

With all this delegated authority, especially outside of your company, you will need to introduce better controls in the newly enhanced processes. The good news here is that you won’t need an army of employees to govern this. By putting in place single or multi-step approval processes, it will only require a small number of people to allow your company the final say on just who can get access to these critical applications. Furthermore, integrating these services into your help-desk solutions can create additional audit trails – especially when the setup of access requires some sort of manual effort as part of the workflow process. Regardless putting approval processes and in some cases explicit air-gaps in the access request and onboarding processes are a very effective control in limiting access to only key vendor users that require it to conduct their business with your company.

  • Roles and Analytics:

I could (and may) write a whole blog just on this topic…Closely related to Access Request and the next topic Access Reviews are “roles”. For the purposes of this article, we just define roles as a grouping of entitlements that may span one or more applications and can be granted to a user in order to provide them that access. Doing this for vendors is not any different than doing it for employees and contractors. However, for many organizations this is a massive undertaking ultimately resulting in less than stellar results.  But the well-meaning intentions are not in vein. When a company can successful map entitlements into roles, they simplify access request process, and the access review process considerably. It doesn’t have to be that hard…So how do organizations make roles work effectively, 3 key steps:

  1. Use a role modeling solution to do application bottom-up and organization top-down modeling to find a minimal number of roles to cover 80-90% of the access entitlements therefore only the remainder become exception handling.
  2. Periodic review of role composition and ownership for both “birthright” roles and “functional” roles, to ensure the roles continue to map to the current state of your business.
  3. Leverage real-time analytics to evaluate access and exceptions to suggest new roles as your business evolves.  Also analytics can ensure existing roles don’t create unintentional SOD violations especially when coupled with ad-hoc access requests.

Companies that take this approach, tend to have a much greater success delegating administration of access and driving end-user adoption of self-service because it increases convenience, eliminates administrative overhead and simplifies the user experience.

  • Access Reviews and Application Governance:

Periodic inspection of who has access, what they have access to, and what they’ve done with that access, in many ways, is why you must do all the aforementioned processes and controls. That said, you’ll also need a good way of facilitating regular access reviews for your vendors. Just like you do access review for your own employees (whether currently automated or not), companies are finding that auditors are requiring them review access for vendors and partners – especially if they are touching systems that are subject to regulations. Depending on the size of the vendor or the number of vendor users that have access to corporate applications, the first step in this review process may indeed be with the delegated administrator or relationship manager at the vendor itself. By empowering the vendor to govern itself they can reduce their risk of having a user from their company create risk or exposure to your company. Ultimately however, someone from your firm will need to review and certify access for all the vendors and their users. These are usually vendor management personnel and the application owners themselves. Access reviews can determine the who and the what, even help pin-point SOD violations, but they also need to tie into SIEMs and UEBA solutions to gain further understand of whether the access is being used enough to justify having it, and whether that access when used, is being done so in accordance to safe and expected behaviour. One more key notion is remediation – if it is determined during the access review, that a vendor’s access is no longer needed or desired – your process should include, where ever possible, automated remediation of the removal of that access, closing the loop and preventing manual administration mistakes from creating an exposure for you and the vendor.

  • Access Removal and Off-Boarding:

Finally, there may come a time that either employees of a vendor transfer departments, leaves the vendor outright, or the relationship with a given vendor may come to an end. Providing timely removal of access for these users is critical, especially to your sensitive “crown jewel” apps. Think about the damage that could be done if a person leaves Vendor A, goes to work for Vendor B, but still uses their Vendor A credentials to access your systems? This can be handled in many ways, but most commonly; the delegated admin at the vendor can remove or change access for the user, even remove the user entirely; The vendor may submit a request to a help-desk ticketing system to initiate the change request, especially for manually administered systems; or worst-case it is caught during, and then remediated as part of, the governance process of a periodic access review. The key take-away here is that automating access change and user removal will undoubtedly reduce exposure and improve your risk posture as it pertains to your supply chain vendors.

So, how can Saviynt help?

Obviously, companies that have made this journey are reaping the financial benefits of better vendor relations, reduced friction with their vendor management process and lower economic costs in their supply chain; but perhaps most importantly, they are achieving their goals of better compliance as it relates to regulations and protecting the corporate brand – which ensures customer loyalty.

Saviynt has a rich set of solutions focused on identity administration and governance, application governance, data governance and infrastructure governance that can deliver all the above stated controls to your mission critical supply chain vendors and ensure maintenance of a strong security and compliance posture. Saviynt offers deep out-of-the-box SOD, access governance controls and powerful analytics into “crown-jewel” systems like SAP, Oracle EBS, EPIC, Cerner, Workday and many others – so that you can ensure not only your employees and contractors have just the access they need, but your vendors and partners as well. Lastly, all of these can be delivered as a no-compromises SaaS for hassle-free consumption, at enterprise scale, without maintenance and up-keep burdens.

The post Is Identity at the Center of Your Supply Chain? appeared first on Saviynt.

]]>
Why you need to care about privileged access management in the Cloud https://saviynt.com/blog/why-you-need-to-care-about-privileged-access-management-in-the-cloud/ Thu, 26 Jul 2018 11:41:52 +0000 https://saviynt.com/?p=33379 Last year at Saviynt’s first annual Converge Conference, Saviynt expert Vibhuti Sinha hosted a panel discussion on why privileged access management in cloud environments is different and what IT administrators should consider in to ensure the principle of least privilege for critical assets including IaaS and SaaS. A few challenges exist today making privileged access...

The post Why you need to care about privileged access management in the Cloud appeared first on Saviynt.

]]>
Last year at Saviynt’s first annual Converge Conference, Saviynt expert Vibhuti Sinha hosted a panel discussion on why privileged access management in cloud environments is different and what IT administrators should consider in to ensure the principle of least privilege for critical assets including IaaS and SaaS.

A few challenges exist today making privileged access management for cloud more tricky than in traditional on-premises environments. Chiefly, cloud computing’s nascent entrance into the market means security and risk standards are still being defined or don’t exist. What’s more, the elastic nature of cloud computing enables developers to build and test code faster. Untethered from traditional IT operations, the responsibility of ensuring least privilege has shifted to less security and risk-savvy teams. As a result, DevSecOps is now becoming top-of-mind for organizations managing infrastructure and services in the cloud.

The lack of awareness and training to address identity lifecycle of privileged users with access to mission critical data and infrastructure has unveiled more than a few gaping security and compliance concerns for organizations, including data leaks from unencrypted file systems accessed using poorly managed privileged accounts to hacking into to administrative control, or “command and control” workloads to blackmail an organization.

The thing is, solving this critical issue is difficult because cloud-managed workloads and services are just that, managed services from third-party providers. And today, many only offer binary identity and access controls to applications and services making it even more challenging for IT operations and security pros to manage risk and IT auditors to achieve continuous compliance. What this all amounts to is a need for fine-grained, risk-analytics driven, governance of identities across the entire lifecycle of that workload, from the bare metal it runs on to the developer that manages the APIs to the IT administrator that has to govern who has access to applications, data, and infrastructure.

To mitigate risk, Saviynt expert Vibhuti Sinha recommends the following five security and identity governance considerations for cloud access governance.

1 – Visibility, Continuous Controls Monitoring and Compliance

Gaining visibility and being able to continuously monitor for vulnerabilities and risks in the cloud ecosystem are key to achieve compliance and stay compliant. Organizations typically have multiple Amazon Web Services (AWS) Accounts, Microsoft Azure Subscriptions or Google Cloud Platform (GCP) accounts. Having visibility across the entire ecosystem requires inspection and integration across all these accounts and subscriptions.

2 – Privilege Access and Assignment Management

Privilege Access Management in Cloud needs to be elastic. Start with clean-ups and training programs where not only the existing high privileged policies/roles are cleaned but also IAM admins could be trained to effectively design policies/roles with least privileged access. Periodic attestation of high privileged policies/roles is essential.

Access assignment in Cloud needs to be Elastic. Access between infrastructure objects and their consoles or APIs is provided by IAM Policies and Roles. Access assignments are long-term, so policy clean-up is recommended. In addition, future privileges should be duration-based or just-in-time access elevation as a principle.

3 – Infrastructure and Identity Lifecycle Governance

With identity being the new perimeter, its governance and administration are paramount. For cloud, securing IaaS services by implementing granular delegation of roles and policy changes to an authorized set of owners/users can perform Create/Update/Delete or Role/Policy/Permissions assignment operations. This should be paired with periodic, owner or event based attestation of IAM policies and roles.

Automate the access lifecycle of users, groups, roles and federated access points. As users join, move across departments, ensure appropriate access on target systems changes accordingly. Access Request system should be intelligent allowing for self-service as well as automated identity and access provisioning/de-provisioning rules. And, finally, segregation of duty management across enterprise systems and cloud is imperative.

4 – Secure DevOps

With infrastructure being represented as “code templates” and “not as physical entities” it becomes imperative to integrate least privilege frameworks with the CI/CD and DevOps systems to secure cloud infrastructure.

Infrastructure code configurations could reside in multiple repositories and in various forms with access governance to these critical assets performed periodically.

5 – Key Management

IaaS security requires a special focus on securing and managing access keys/oauth tokens. Encourage developers and application owners to make use of short term keys. OAuth tokens should involve gaining only the required authorization scope with least privileged access. Rotate API Access keys on a periodic basis and implement continuous controls monitoring. Automate the creation and distribution of SSH key key pairs used for workloads/servers. Use SSL or client-side encrypting for data at rest or during transit. Providers managed keys implement the necessary best practices including periodic rotation, revocation and using strong encryption algorithms. Gaining visibility or real time alerting on deleted Keys is essential.

Saviynt is one of the few that integrates with AWS Config to secure DevOps and offer near real-time preventive controls. This allows organizations to enforce infrastructure security policies such as stop launch of vulnerable EC2 instances or notify when unauthorized changes are made to privileged AWS IAM Policy or Roles.” Learn more at AWS Config.

The post Why you need to care about privileged access management in the Cloud appeared first on Saviynt.

]]>
Saviynt Showcases the Next Generation of Identity Governance at Microsoft Inspire 2018 https://saviynt.com/blog/saviynt-showcases-the-next-generation-of-identity-governance-at-microsoft-inspire-2018/ Fri, 20 Jul 2018 12:26:09 +0000 https://saviynt.com/?p=33197 This week at Inspire 2018, partners Microsoft emphasized it is looking to partners to develop solutions that build upon core offerings such as the Microsoft Azure platform, Microsoft Office and Dynamics 365, making co-selling among the top trends. According to Judson Althoff, executive vice president of worldwide commercial business at Microsoft, “Partners are the beginning...

The post Saviynt Showcases the Next Generation of Identity Governance at Microsoft Inspire 2018 appeared first on Saviynt.

]]>
This week at Inspire 2018, partners Microsoft emphasized it is looking to partners to develop solutions that build upon core offerings such as the Microsoft Azure platform, Microsoft Office and Dynamics 365, making co-selling among the top trends.

According to Judson Althoff, executive vice president of worldwide commercial business at Microsoft, “Partners are the beginning and the end, the first and the last mile of our industry strategy [Partners] bring forward the differentiation we need to make our customers’ digital transformations come to life.”

For Microsoft Identity Manager and Azure AD customers that need to tackle major digital transformation initiatives, the software giant’s focus on leveraging the industry experience, knowledge and ability of its partners to develop solutions that build upon Microsoft’s core offerings is a good thing.

Saviynt technology experts were on hand in Vegas this week to showcase how our solution can help Microsoft customers by enabling last mile and app-deep access provisioning into ERP, EHR and other critical applications by integrating with Microsoft Identity Manager and Azure AD. Our modular, out-of-box connectors with several hundred enterprise and SaaS applications make it so you can provision and monitor identity and access controls using a framework that spans identities, applications and infrastructure in the cloud and on-premise.

Click here to learn more about our partnership with Microsoft as well as how our identity governance platform can help you get even more out of the solutions you’re leveraging in conjunction with your Microsoft technologies.

The post Saviynt Showcases the Next Generation of Identity Governance at Microsoft Inspire 2018 appeared first on Saviynt.

]]>
Report from Identiverse: Where Saviynt Partners for the Benefit of Customers https://saviynt.com/blog/report-from-identiverse-where-saviynt-partners-for-the-benefit-of-customers/ Thu, 28 Jun 2018 22:22:20 +0000 https://saviynt.com/?p=32626 Our consistently strong growth is powered by our partner network and our approach to partnering. Our work with system integrators and technology partners is based on the mutual understanding that unique and synergistic combinations are found at the deep integration level. For example, this week from the Identiverse show in Boston, we announced our partnership...

The post Report from Identiverse: Where Saviynt Partners for the Benefit of Customers appeared first on Saviynt.

]]>
Our consistently strong growth is powered by our partner network and our approach to partnering. Our work with system integrators and technology partners is based on the mutual understanding that unique and synergistic combinations are found at the deep integration level. For example, this week from the Identiverse show in Boston, we announced our partnership with Axiomatics to integrate advanced risk analytics and intelligence with fine-grained privilege management. This partnership and the technology integration is unique as it is a powerful because IGA and ABAC systems work best when deployed in tandem.

The Axiomatics Dynamic Authorization Suite enables an externalized, policy-based approach to access control. Using Attribute Based Access Control (ABAC), this next generation framework leverages attributes to build policies that help define precise scenarios under which access should be granted. When combined with Saviynt’s IGA solution, the Axiomatics ABAC engine can consume curated and governed attribute metadata from the IGA warehouse and can connect with this attribute source to solve the most complex access control use cases. In addition, Saviynt’s IGA solution can help with ABAC policy and workflow governance.

Because investing in our partners is of paramount importance to us, we also rolled out our new partner portal that will serve as a centralized location to collaborate and create efficiencies for the benefit of partners and ultimately, our customers. The new partner portal is a critical piece of the infrastructure we will use to scale our mutual business with partners.

Our partnerships were definitely a win/win for our customers this week. To celebrate, we along with Axiomatics, Radiant Logic and Core Blox, hosted our customers attending the Identiverse show to an evening of collaboration and baseball with the Boston Red Sox playing our own LA Angels. Unfortunately, we didn’t win tonight, and we’re rooting for the safe recovery of Jake Jewell – who tonight made his third career major-league appearance. Jake came to LA from the Triple-A Salt Lake Bees, a fine place many of us at Saviynt have called home, including yours truly and our CEO, Amit Saha who presented this week at Identiverse on the need to balance agility and security today’s ‘Hybrid World.’

In his presentation, Amit explains that Digital Risk Management is the integrated management of risks associated with digital business components, such as cloud, mobile, social, big data and IoT. And, the infrastructure, applications and administrative services that serve these business components span both on-premises and cloud resources. But, because technology changes so rapidly today, organizations are facing increased risk because they lack a consistent view across different assets which results in an ineffective security culture.

What’s needed, according to Saha, is for organizations to redefine identity governance and administration with the idea that Hybrid IT is going to be the new norm. He recommends the next generation of IGA, or, IGA 2.0, include the following fundamental principles:

  • Identity is the new perimeter
  • Visibility across data, infrastructure and applications on cloud and enterprise
  • Governance is the new imperative
  • Effective regulatory compliance and better monitoring and control
  • Intelligence is the new prevention
  • Need to move from Compliance to Intelligent Security, effective detection and response

Saviynt’s uses these principles to develop our next-generation IGA platform. The proof that demonstrates we’re on the right path toward helping our customers build a more secure future is that our partners support our approach at the deep integration level. To us, this is more than a surface-level, high-five between two businesses. When our partners give us a thumbs up, it means four fingers are pointing back at them. In a way, this is cool because we’re literally lending the better part of our hands in this journey together to make sure our customers can build businesses that are secure enough to last many next generations. You can read more about next generation IGA in this post from my colleague, Yash Prakash.

The post Report from Identiverse: Where Saviynt Partners for the Benefit of Customers appeared first on Saviynt.

]]>
Critical Capabilities for Identity Governance Should Also Protect the Economic Life Cycle of the Business https://saviynt.com/blog/critical-capabilities-for-identity-governance-should-also-protect-the-economic-life-cycle-of-the-business/ Fri, 22 Jun 2018 10:33:57 +0000 https://saviynt.com/?p=32371 Recently, Saviynt Received the highest product score for two of the four use cases in the Gartner 2018 Critical Capabilities for Identity Governance and Administration. In particular, the company scored a 4.0 out of 5 in the Midsize or Large Enterprise Use Case and 3.95 out of 5 in the Governance-Focused Use Case. And we’re...

The post Critical Capabilities for Identity Governance Should Also Protect the Economic Life Cycle of the Business appeared first on Saviynt.

]]>
Recently, Saviynt Received the highest product score for two of the four use cases in the Gartner 2018 Critical Capabilities for Identity Governance and Administration. In particular, the company scored a 4.0 out of 5 in the Midsize or Large Enterprise Use Case and 3.95 out of 5 in the Governance-Focused Use Case. And we’re proud of this.

According to the authors of the Gartner 2018 Critical Capabilities for Identity Governance and Administration report, “The IGA market is mature, and products typically address most of the needs of their customers for customary IGA scenarios. Where products differ is in their approaches to the problems IGA is intended to address.” You can download the report here.

We believe the right approach is giving you greater visibility to securely manage the identity and access lifecycle across multiple IT environments using compliance to help you focus where the risk is highest. At the same time, our delivery model helps you protect the economic life cycle of the business by ensuring you don’t spend a dollar in product today and five dollars in services tomorrow. To do this, we craft out-of-the-box workflows based on use-cases and best practices our engineers bring to the table from years working in both the vendor and system integrator fields.

We’re proud to have secured two of Gartner’s highest use case scores, which confirms our ability to meet the unique challenges and needs most organizations face today and in the future. Which is why we call our solution IGA 2.0.

To receive a complimentary copy of Gartner’s Critical Capabilities for Identity Governance and Administration, please visit: https://saviynt.com/analyst-report-gartners-critical-capabilities-for-identity-governance-and-administration-2018/.

The post Critical Capabilities for Identity Governance Should Also Protect the Economic Life Cycle of the Business appeared first on Saviynt.

]]>
The Path to Next-Generation Identity Governance https://saviynt.com/blog/the-path-to-next-generation-identity-governance/ Tue, 19 Jun 2018 11:23:19 +0000 https://saviynt.com/?p=32104 As the United States Public Sector (Federal, State & Local, Higher Education) continues to migrate mission-critical workloads, unstructured data, and applications to cloud services, the need for an identity-centric governance solution that is cloud-focused increases. Successful digitalization and modernization initiatives require organizations research and validate approaches that can both serve the US Public Sector Initiatives...

The post The Path to Next-Generation Identity Governance appeared first on Saviynt.

]]>
As the United States Public Sector (Federal, State & Local, Higher Education) continues to migrate mission-critical workloads, unstructured data, and applications to cloud services, the need for an identity-centric governance solution that is cloud-focused increases.

Successful digitalization and modernization initiatives require organizations research and validate approaches that can both serve the US Public Sector Initiatives while also ensuring business runs as usual. Today, many organizations are embracing hybrid IT environments because they are flexible enough to serve dynamic use-cases while providing a simple, contextual view of how users interact with systems and tools to ensure appropriate identity governance practices without inhibiting business processes.

When evaluating your organization’s security requirements, Saviynt believes the following capabilities are worth considering as you define the right mix of security, audit, and compliance controls for today’s hybrid IT environment. Look for identity and governance and administration capabilities that can:

  • Enforce and manage consistent security policies and compliance controls across all  environments – the “hybrid IT reality.”
  • Ensure sensitive unstructured data can be viewed via a single-pane-of-glass for greater visibility across your hybrid environment.
  • Enable privileged users the capability to manage their workflow conveniently across all platforms while also enforcing the highly critical controls required for this use case. This avoids the proverbial “workaround” which leaves many organizations vulnerable.
  • Consider solution providers with capabilities that have your future in mind such as scalability capabilities at least 10x more.
  • Ask if your solution provider can support multiple use cases such as employees, customers, contractors and devices that interact with internal systems and external users.
  • Empower end users with easy to use, intuitive tools, so it’s easy for them to self-identify the resources they need to do their jobs. Key here is to avoid self-enrollment programs that drive users to “select all access” when using self-enrollment.

The above is a good high-level start. Our technical experts at Saviynt can go into more fine-grained detail too. We’re known for this. Read how Saviynt provides Identity, Security, and Compliance Management for the United States Public Sector. In fact, if you’re going to the AWS Public Sector event this week in Washington DC, June 20-21, stop by our booth and catch a demo.

The post The Path to Next-Generation Identity Governance appeared first on Saviynt.

]]>
How Identity Governance Supports GDPR Compliance from a Bottom-Up Approach https://saviynt.com/blog/how-identity-governance-supports-gdpr-compliance-from-a-bottom-up-approach/ Wed, 06 Jun 2018 22:37:25 +0000 https://saviynt.com/?p=32031 Identity Governance supports GDPR Compliance by Addressing regulatory compliance from a bottom-up approach. Gone are the days where a checkbox on compliance equated to users having the right access to the right data at the right time. Today, organizations need more granularity and stricter risk-based control of their critical assets to meet compliance needs. “Who has...

The post How Identity Governance Supports GDPR Compliance from a Bottom-Up Approach appeared first on Saviynt.

]]>
Identity Governance supports GDPR Compliance by Addressing regulatory compliance from a bottom-up approach.

Gone are the days where a checkbox on compliance equated to users having the right access to the right data at the right time. Today, organizations need more granularity and stricter risk-based control of their critical assets to meet compliance needs. “Who has access to what” now has more scrutiny under GDPR, due to the sensitive nature of the data. Simply put, let’s not worry about the gatekeeper for your enterprise security, but instead focus on protecting PII and access to your sensitive data in all downstream applications.

Since the GDPR covers any organization that collects EU citizen data, its impact extends far beyond the region itself. And the GDPR carries significant fines and penalties for non-compliance of up to 4% of annual global revenue, or approximately $22 million (whichever is higher). GDPR also requires that companies report the existence of a data breach within 72-hours of its occurrence.

Yet despite the extensive publicity surrounding the seismic changes to European data privacy environment, Gartner, a US-based research and advisory firm estimates that by the end of 2018, 50% of the companies covered under the GDPR will not possess the ability to comply with the regulation. While the degree of compliance readiness varies, companies in both Europe and the United States, in particular, appear unprepared to comply with GDPR.

GDPR is affecting private companies worldwide that conduct business with European organizations. Securing, anonymizing, and forgetting your customer’s identity isn’t a choice, it’s required and it’s time to prioritize your identity governance. Saviynt can help you prioritize the capabilities that provide the most value, with less deployment risk.

  • Do you know who has access to your critical files?
  • What is your cloud data migration strategy?
  • Are you classifying your risky data and implementing controls to prevent unauthorized access?
  • Do you have cross-platform visibility into the various systems and files that use personal information? This means having the right access controls for MORE than just your HR system. This can also mean marketing systems and more.

So, if you’re among the 50% of organizations that are still not ready, we got you. It’s time to save you.

Download this whitepaper to learn how to prioritize the systems, data and files that need to go into your GDPR readiness. Then visit us at one of our upcoming events to talk to the Saviynt team about how we’ve done the time and the work to tackle GDPR for our customers.

The post How Identity Governance Supports GDPR Compliance from a Bottom-Up Approach appeared first on Saviynt.

]]>
Opening Scene: Oktane 2018 Advocates Using the Best Tools to Ensure Security https://saviynt.com/blog/opening-scene-oktane-2018-advocates-using-the-best-tools-to-ensure-security/ Thu, 24 May 2018 15:04:10 +0000 http://saviynt.com/?p=32005 Our technical experts team at Saviynt are spending this week at Oktane, where there is ample encouragement to engage Okta technology partners to talk about the big things they are doing to drive innovation for Okta customers. According to a recent Oktane press release and a key message highlighted in the keynote addresses:   “Businesses...

The post Opening Scene: Oktane 2018 Advocates Using the Best Tools to Ensure Security appeared first on Saviynt.

]]>
Our technical experts team at Saviynt are spending this week at Oktane, where there is ample encouragement to engage Okta technology partners to talk about the big things they are doing to drive innovation for Okta customers. According to a recent Oktane press release and a key message highlighted in the keynote addresses:  

“Businesses need to equip their employees with the best tools and ensure their data is secure while doing so. As a result, IT leaders not only have to connect to and manage a variety of cloud apps and on-premises solutions, they also need to balance ease of use and security,”  – Okta Press Release

Saviynt has built one-click integration with Okta, and we’re more than pleased to demonstrate our latest capabilities that help organizations more easily embrace governance in today’s hybrid IT reality.

Saviynt believes any company should be able to choose the software and tools that fit the needs of the business without sacrificing an ounce of security along the path to business agility. In fact, we never bought into the idea that risk has to mean less convenience or agility. Which is one of the reasons our partnership with Okta makes so much sense.

Digital transformation is driving amazing innovation that lets business be quick, work and process be nimble and it’s helping companies burn their light twice brighter than the competition. With this faster-than-ever pace of business comes an even greater need for governance to enter the scene in the first act of any technology provider’s purview of how they build and manage business services today. Placing governance first is what we do at Saviynt.

Governance is being aware of the risks at play in any business transaction or interaction. No matter how quick and agile today’s technologies enable your organization to win at business, you have to have governance for it to be a smart business. Whether you’re granting access between organizations or to employees within an organization, enabling seamless interactions with your customers or preparing for the future of IoT things interacting with your systems, governance is a necessary caution. Governance of identities, infrastructure, applications, and data allows us to process and consider so we can proceed with greater clarity and confidence in who we do business with and the global economies we operate in.

So in the name of smart business and intelligent governance, we are pleased to see Okta and VMWare working in our same direction to keep governance top-of-mind while advancing security for the digital workspaces they’ll enable tomorrow. Anything that puts ease in the hands of users while placing governance to work in the background wins in our book.

We’re pleased to be a deep integration partner with Okta. To show it, we drove all the way from our LA headquarters to show you how our integration with Okta can help your business – whether you’re cloud-first, on premises, or living the hybrid IT reality.

No matter what genre or scene you’re trying to play a role, visit booth #S10 and see how we considered your governance needs well before the first scene of your epic business quest. Because as the Duke so aptly said, “Well, there are some things a man just can’t run away from.”

The post Opening Scene: Oktane 2018 Advocates Using the Best Tools to Ensure Security appeared first on Saviynt.

]]>
Takeaways from the KuppingerCole Report on the Reality of Hybrid IT https://saviynt.com/blog/takeaways-from-the-kuppingercole-report-on-the-reality-of-hybrid-it/ Tue, 22 May 2018 12:52:31 +0000 http://saviynt.com/?p=31983 The reality of hybrid IT environments is upon us. If you’re not already using cloud services, the time will come to plan and prepare. And, for those responsible for Access Governance and related compliance requirements, it’s important to plan for an increase in due diligence when it comes to managing who has access to what...

The post Takeaways from the KuppingerCole Report on the Reality of Hybrid IT appeared first on Saviynt.

]]>
The reality of hybrid IT environments is upon us. If you’re not already using cloud services, the time will come to plan and prepare. And, for those responsible for Access Governance and related compliance requirements, it’s important to plan for an increase in due diligence when it comes to managing who has access to what resources and what they are doing with that access.

Compliance requirements increase in complex hybrid IT environments. However, while many organizations are good in doing that for SAP or Oracle applications, there are significant gaps in an in-depth Access Governance for Cloud services because hybrid IT reality tends to split up functionality across multiple cloud services. It is not “all SAP” anymore, but some SAP HANA, some SuccessFactors, some Workday, and so on. Creating a consistent framework across all these applications is cumbersome enough for provisioning, but even harder for access governance.

Other challenges are the inability to see across the hybrid access environment in a single view, lack of standardized APIs, and incompatibility within the hybrid IT architecture. As organizations start to move from a perimeter-based security model to a perimeter-less one, greater emphasis will be placed on implementing tools and processes for achieving governance, reducing risks and providing evidence of compliance.  

Saviynt has put a lot of work into addressing these challenges and making access governance work well across the hybrid IT environment. Here are some key recommendations to help you on your path forward:

  • Understand your access governance challenges before defining your requirements.
  • Identify your access governance requirements across all of your applications and services in your hybrid IT environment.
  • Select an appropriate solution that will support all of your requirements and address your challenges, then create a roadmap to fulfill what is still missing.
  • Consider the use of analytics and intelligence tools to assist in lowering your access and compliance risks.

Saviynt’s next-generation IGA platform not only provides traditional identity governance, but also combines the ability to govern a user’s access to data and infrastructure in complex hybrid IT environments.

According to a KuppingerCole research analysis, Saviynt addresses the need of Access Governance to extend beyond the traditional boundary of an enterprise, as well as across infrastructure, applications, and data.  This unique approach enables organizations to protect their cloud infrastructure platforms from undesirable access through privileged users, but also from the dangers resulting from inappropriate access by end users, DevOps, data or even IoT.  Saviynt tackles the complexity of managing access governance in hybrid IT environments using analytics and intelligence. The company also has deep integrations with the following:

  • IDaaS (Identity as a Service) solutions like Microsoft, Ping, Okta
  • Cloud Directories like AWS IAM or Azure AD and existing enterprise-level IAM systems
  • Business application-specific identity stores like those of SAP, Oracle, Salesforce or Peoplesoft
  • Analytics platforms like Splunk
  • Data and document sharing platforms like Office 365, Box or Dropbox

Get more advice from KuppingerCole about how to tackle access governance in today’s hybrid IT reality by downloading this report. You’ll also learn more about Saviynt’s approach and how our solutions can help you.  

The post Takeaways from the KuppingerCole Report on the Reality of Hybrid IT appeared first on Saviynt.

]]>