Identity Governance

Identity Governance and Risk Management

EmpowerID provides solutions to assist organizations with the corporate governance of IT systems, to identify and reduce risk in ongoing IT management, and to support regulatory compliance efforts. This integrated approach for enforcing a business control layer around Identity Management is referred to as Identity Governance. The key requirements of effective Identity Governance include visibility across systems and control of user access to applications and data within an enterprise. Each user’s access to corporate data as well as their access to applications and their activities within those applications must be appropriate to their job and in keeping with enterprise policies.

EmpowerID provides functionality that is both detective and preventive. Detective controls identify current issues or risks such as combinations of permissions that violate risk policies or users that have accumulated an extremely large amount of permissions.

Examples of detective controls in EmpowerID include:

  • RBAC and ABAC Access Control Engine – Role-based and fine-grained access control providing instant access reporting on who has access to which enterprise resources and applications and how that access was granted
  • Native system Permissions Inventory – EmpowerID modules and connectors provide an inventory of the native permissions assignments as specified within managed systems Examples include Windows Shared Folders, Exchange mailboxes, and custom application roles
  • EmpowerID Operation Audit Log – All actions performed in workflow processes are logged with detailed information as to who made the request, who approved the request, which action was performed, and which resources were effected
  • Separation of Duties (SoD) Policy Engine – Identifies potential areas where conflicts of interest can create opportunities for unchecked errors or outright abuse
  • Attestation and Access Recertification – Snapshots the access to resources granted to people and to roles, the assignments of people to roles, and the security assignments that have been made against protected applications and resources. These snapshots are routed to the appropriate authorized personnel for review to verify the access and to certify if it is valid or not.

Examples of preventive controls in EmpowerID include:

  • Automated User Account De-Provisioning – Rule-based and request based processes can automatically de-provision or disable all of a user’s accounts and access across enterprise systems
  • Native System Permissions Enforcement – The EmpowerID RBAC engine continuously evaluates who should have which level of access to applications and resources. For traditional systems, this access can be “pushed” down onto them and enforced so that only the proper access is granted
  • Group Membership Enforcement – Groups in managed systems are continuously monitored for changes in their membership. For groups that must be tightly controlled, EmpowerID can automatically rollback and changes that are not performed through an approved workflow process
  • Access Requests with Rights-Based Approval Routing (RBAR) – RBAR unifies workflow and RBAC security to enforce real-time evaluation and routing of who can approve what based on the actual rights delegated to the current person for the affected resource. Approvals route to approvers with the necessary privileges to perform the intended operation.
  • Time-based Access Assignments – All EmpowerID access assignments can include time-based constraints to auto-expire access and prevent accumulation of privileges
Call Toll Free: