Saviynt Blog | Security News and Research

Achieving Zero Trust in a Multi-Dimensional Risk Environment

作成者: Chris Gregory|2024/07/09 6:27:58

Saviynt’s Deep Integration with Microsoft’s Azure AD Identity Protection Delivers a Comprehensive Zero Trust Solution

Modern enterprise ecosystems continue to shape how we think about identity and how it can improve security and risk management. As organizations embark on the Zero Trust journey, they require a risk-based identity governance model that provides deep visibility and continuous policy enforcement. This includes consuming risk signals from multiple sources and enforcing policy-based decisions to manage critical access.

At Saviynt, we know customers have realized that relying on periodic access reviews is not enough to achieve their compliance goals. They also want to shift to a just-in-time and just enough access model for all application access — not just their privileged access. That’s why we are excited to share the details of our integration with Microsoft Azure AD Identity Protection.

An Integration that Accelerates Your Zero Trust Journey

We are at the forefront of the move to Zero Trust. In fact, Zero Trust has been the core tenet of Saviynt’s Enterprise Identity Cloud (EIC) Platform from the beginning. Today, we are expanding our Zero Trust capabilities through deep integration with Microsoft’s Azure AD Identity Protection (AADIP). This integration strengthens Saviynt’s strategic partnership with Microsoft and delivers a comprehensive Zero Trust solution for its customers.

With this integration, organizations can:

View risky identities with a single click, consolidated across platforms and applications in a concise, actionable dashboard

Drive meaningful and informed decisions by aggregating identity and asset risk signals from AADIP and Saviynt’s EIC Platform

Eliminate guesswork for administrators and asset owners, giving them the ability to approve/reject access requests with full confidence

Enable continuous monitoring of risky identities to prevent access leaks and reduce risk exposure

Enforce risk-based security policies for intelligent and continuous access reviews of identities and eliminate rogue access
The integration between EIC and AADIP is a joint effort to deliver an identity-driven trust scoring engine. EIC eliminates the need for multiple identity management products and vendors and integrates deeply with the Microsoft 365 platform and services.

An Identity-Driven, Trust-Scoring Engine

This integration creates a robust security posture that accounts for various identities across all the enterprise application portfolios. It’s unique in that it is bidirectional.

AADIP to EIC Scenario:

AADIP acts as a risk provider and sends signals to EIC. These signals trigger a micro-certification within Saviynt to allow mitigation of the user’s associated risk promptly, across applications. This enables visibility into high privilege access and separation of duties conflict both at a coarse and fine-grained access level. EIC is continuously monitoring privilege sessions via Saviynt’s CPAM service. The risk signals from AADIP can be used to trigger rules within Saviynt that terminate the risky user’s privilege sessions in near real-time. 

AADIP acts as a risk provider and sends signals to EIC.

EIC to AADIP Scenario:

EIC can consume risk insights and propagate the risk signals back to AADIP. In this case, Saviynt identifies an insider threat, marks the identity as being potentially compromised, and sends the incident to AADIP, resulting in the user being forced to reset their password or adhere to conditional access policies.

EIC consumes risk insights and propagates the risk signals back to AADIP.

 

The bi-directional integration demonstrates the value a converged IAM & IGA platform brings to our mutual customers. With this innovation, Saviynt’s EIC platform provides the unique ability to ingest risk signals from third-party risk providers, starting with AIP.

Saviynt & Microsoft have combined Zero Trust principles with this integration, allowing customers to continuously monitor and verify access via certifications — and effectively reduce the attack surface. Customers benefit from continuous context evaluation from AIP, enabling dynamic and real-time decisions from Saviynt and Microsoft’s joint identity platforms.

Microsoft and Saviynt have united to build a True Converged Identity Platform on the principles of Zero Trust. Working with our joint customers, we continuously evaluate new scenarios from various industries, including healthcare, utilities, financial services, manufacturing, and hospitality. Saviynt is building a rich intelligence framework that can consume multiple risk signals from various security platforms in real-time. It then applies them to a rich policy-driven decision framework to enable just in time, least privilege, and zero standing access.