policy-based access controls

Access Controls Governor

Any ERP :: Any Application :: Any Infrastructure

Across all Cloud SaaS as well as on-premise applications based on fine-grained policies.


We provide AUTOMATED detection, mitigation, remediation and prevention of access risk.

  • Detection
  • Mitigation
  • Remediation
  • Prevention

Control fine-grained identity access rights embedded in security roles to meet rapidly changing technology needs, compliance regulations, and cyber threats.

As organizations adopt an increasing number of business applications along with the expansion of data sources and devices, security risks are growing at unprecedented rates. Identity Governance and User Rights Management are more complex and the security design can impede the benefits of a modern digital business platform. Role-Based Access Controls (RBAC) available in ERP applications, Identity Governance, and IT Service Management systems are no longer sufficient to deal with the modern digital paradigm, especially when it comes to policy-based cross-application access management such as Segregation of Duties, User Access Request Orchestration, Periodic Access Certification, Privileged Access Management, and Data Protection.

Identity Governance and Administration (IGA) systems do not provide fine-grained risk management capabilities which are critical for compliance reporting, auditing, and forensics. IGA systems are unable to control access risks growing from face-paced, digital business landscapes, a mix of on-premise and cloud application environments, and an increase in hybrid work models.


Managing and controlling identities that grant users access to enterprise applications, databases, servers, and cloud infrastructure is challenging without effective policy-based access controls in place. Complex ERP security design can impede the deployment of a modern digital business platform without specialized solutions and knowledge.

Business needs for effective access controls have evolved, beyond the general IGA capabilities in response to growing compliance mandates and increased cyber security risks. As a result, IGA customers are now demanding specialized capabilities based on new control objectives to address the following gaps in the general-purpose IGA systems


AccessPaaS™

A complete controls governance platform that seamlessly integrates with ERP applications, IT Service Management (ITSM), and IDM/IGA data sources to govern role-based access controls based on access policies at the fine-grained access rights level.


Detects access policy violations to control financial, operational, fraud, and cyber risks.  Define policies in terms of risk descriptions, impact, likelihood, and fine-grained rules that constitute discrete and fuzzy logic in terms of IT system security entitlements and privileges for governance models such as Segregation of Duties, Sensitive Access, Data Protection, Trade Secrets etc. Eliminate false-positive filters to improve risk analysis and response. A high-performance policy engine rapidly analyzes millions of security attribute combinations and permutations across all enterprise IT systems and ERPs and business application security snapshots to report violations. Violation Manager eliminates exceptions where risk is accepted with compensating controls,  using advanced filters. Remediation Manager issues corrective actions using closed-loop workflows that expedite risk response, reduce risk exposure and automatically update violations reports to ensure audit evidence is accurate and timely. We provide:

RULES MANAGEMENT

SECURITY SNAPSHOTS

VIOLATIONS MANAGER

FALSE POSITIVES

REMEDIATION

COMPENSATING CONTROLS


Digitalization and the constant evolution of business and IT landscapes together with the increased adoption of hybrid work models, hundreds of cloud applications along with legacy on-premise applications have materially increased the risks in user access request management.

Organizations with complex enterprise systems, require Identity Life Cycle Management solutions to control access for onboarding employees, contractors, and third parties. Any change to work assignments, or departures from the organization requires immediate updates to security privileges in compliance with access governance policies to ensure users only have access to what they need while removing access they don’t need. Policy-based access management also improves user productivity while preventing unauthorized users from accessing business-critical systems.

Challenges with user provisioning


Today many businesses use ITSM tools to fulfil access requests using roles that are manually configured as catalogs. The downside: the manual management of roles at a high level created audit findings where the attribute level details in the business application do not accurately reflect in the Catalog role.  For example, a role of Payables Inquiry available in ServiceNow does not prevent the risk of fulfilment where the user may also be granted access to the role in the Oracle ERP Cloud application that enables supplier creation – causing and significant risk to financial statements – enabling a user to create suppliers and pay suppliers. 

Furthermore, the lack of integration with business application increases the risk where the access requests in the ITSM system do not match the actual user access in the business application where the access is granted within the application or through multiple provisioning workflows or systems, SafePaaS enables integrated user request fulfilment to prevent fine-grained access violations. 


READ MORE