        |
|
Good access governance requires the regular review and certification of user entitlements and roles to ensure that access rights to enterprise information assets are appropriate and meet regulatory mandates and guidelines for Sarbanes Oxley, PCI, GLBA, MAR, FERC/NERC, Basel II and HIPAA compliance. However, many organizations are unable to achieve this critical access governance requirement. When a user provisioning system is deployed, it often serves as a good source of information about user accounts and group memberships, but cannot provide any information about the actual entitlements assigned to users.
Today, many organizations rely on resource-intensive, manual processes to collect information about user entitlements and roles from multiple silos of access enforcement within IT infrastructure and applications. The business managers accountable for certifying entitlements and roles often find the collected access information difficult to understand, incomplete or out of date, and onerous to review. The result is an error-prone review and certification process that does not adequately protect an organization's information assets or ensure compliance with regulations and corporate policies.
This creates friction between the line-of-business teams, IT Security and the internal audit team. Business managers cannot effectively complete their attestations. The IT Security team is unable to assert that compliance objectives are being met and access risk is being properly managed. More importantly, the internal audit team has difficulty in demonstrating the evidence of compliance to external auditors or regulatory bodies.
Aveksa provides an automated end-to-end security auditing software solution for access certification, enabling IT Security to deploy a repeatable, auditable, accurate and business user-oriented certification process. With the Aveksa solution, up-to-date information about user entitlements and roles is collected from across the enterprise, and reviews are created automatically. These reviews are presented in a context that is easily understandable by business managers, with customizable business descriptions. Integrated workflow routes any changes to the appropriate individuals or pluggable remediation handlers and maintains a complete audit trail of actions. Dashboards and metrics help business and security managers understand the status of certifications and escalations.
By simplifying and automating the certification processes, the Aveksa Enterprise Access Governance Platform enables IT Security teams to drive accountability to business managers and to integrate access certification into the corporate-wide compliance process to meet various compliance regulations and industry mandates.
The Aveksa Enterprise Access Governance Platform provides:
• Automation of the entire entitlement and role review process
• Reviews that are easy for business users to understand and can be configured to
accommodate company’s unique process
• Dashboards for immediate insight into the status of the entire review and certification
process
• Change request workflow process that can be initiated from within a review for change or
revocation of entitlements
• Event driven workflows that can be initiated by change events requiring an incremental
review of a user’s access
• Archived certifications and complete audit trail of historical changes that provide the
evidence needed by auditors
Aveksa Compliance Manager is the only product in the industry to fully automate the monitoring, reporting, certification and remediation of user entitlements. Leading Global 2000 organizations in financial services, healthcare, telecommunications, retail, energy/utility, transportation and manufacturing count on Aveksa to provide a sustainable access governance model.