Compliant Risk Management
The goal of any organization is to efficiently deliver Compliant Access which is “position appropriate” and adheres to an organization’s “business policies” concerning risk. Compliant Access enhances an organization’s Zero Trust strategy by adding risk policies into the equation to determine if least privilege ‘level’ would produce unacceptable risks. Identifying such cases allows an organization’s risk control owners to make informed decisions whether to accept risk and apply mitigating controls or to reject them. EmpowerID’s risk engine supports both preventive and detective SOD simulation and validation with friendly dashboards and workflow processes to automate remediation and revocation.
The greatest challenge in identifying and managing enterprise risk is understanding the actual business access that the technical entitlements granted to users enable. The IGA system must bridge the divide between the technical “system” world and the business “process” world by providing a common language or “Intelligibility Layer” that connects both. EmpowerID uncovers the real-world impact of technical entitlements with a concept known as Functions. Functions are the business user recognizable terms for the activities performed by users with the access they are granted. Traditional examples of Functions which would represent a risk are “Create Purchase Order” and “Approve Purchase Order”. Functions define the system-specific permissions or roles that grant someone the ability to perform these type of business actions. EmpowerID ships with a large library of Function definitions for common systems. Process owners and application owners may also use the Function mapping tools in EmpowerID to define which application permissions or roles equate to which Functions. Risk policies then use Functions as building blocks to uncover who has access to perform which Functions and which users are in violation of risk policies.
Risk Management for All Your Systems
The reality for organizations today is that enterprise risks are scattered across many Cloud and on-premise systems and are often acquired by a risky combination of cross-system access. To gain visibility and control over these risks requires a system able to connect and consume this data and to understand the idiosyncratic permissions models and inheritance used within your applications. EmpowerID provides one of the largest libraries of out of the box connectors for on-premise and Cloud systems available. Once connected, the inventory engine pulls in these complex system specific permissions and monitors systems for changing triggering events and security alerts as desired. For risks selected for revocation, EmpowerID can leverage its connectors for immediate fulfillment or open a ticket in ServiceNow.