| |
|
|
| |
 |
| |
| “We have used Eurekify's Sage to build a few roles for thousands of users. It is clearly an easy method to create roles and maintain them”, Peter Zuenti, Consultant. |
|
|
| |
 |
| |
| “Sage Discovery and Audit provides a quick and easy insight of the authorizations within a company’s infrastructure. Sage helps customers realize the benefits of RBAC”, Koos Jennekens, Senior Consultant. |
|
|
| |
 |
| |
| “Sage provides instrumental tools for managing Roles. With Sage, our customers can very simply and quickly add new Roles or modify current ones according to organizational demands”, Franco Rasello, CEO. |
|
|
| |
|
| |
| “In order to control user permissions as well as being compliant with regulations, the Identity Management solution alone is not enough. The right way to start with a provisioning solution should be optimizing Roles”, Franco Rasello, CEO. |
|
|
| |
 |
| |
| "In my experience, role-based management is critical for achieving the true benefits and ROI of Identity Management implementation.", Marc Sel, Director - Security Solutions, PwC Belgium. |
|
|
| |
 |
| |
| “We have made incredible leaps forward by applying Eurekify technology to speed up the process aimed at pinpointing user profiles and roles”, Rob Bus, Managing Director. |
|
|
| |
 |
| |
| “Sage is the perfect tool for assessing specific needs within a large organization. It is also important for attaining administrative efficiency, reduce employee downtime and to improve security”, Ophir Zilbiger, CEO, Secoz Ltd. |
|
|
| |
 |
| |
| “Role definition applications can significantly reduce the cost of the process (by 40-60% according to a leading systems integrator). To our knowledge, Eurekify and Beta Systems are the only vendors in this space.”, Michael Tieu and Andrey Glukhov. |
|
|
| |
 |
| |
| “From Years of experience in implementing enterprise user administration systems in large environments, we strongly recommend a structured and business-aligned approach to the implementation method...”, Jesper Oestergaard, CEO. |
|
|
|
|
| |
|
 |
| |
|
Overview
Microsoft's Active Directory (AD) is the leading LDAP implementation, and is widely used as the principal repository of users and privileges information. Eurekify's Sage ERM provides sophisticated AD administrators with an analytical and collaborative platform to manage AD in a more effective fashion, and to be able to provide answers to growing security and compliance needs.
The Need
Managing Active Directory in a constantly changing and increasingly demanding environment can be very challenging.
- Most AD platforms that have been functioning as a central enterprise repository over several years have accumulated substantial excesses in users, groups, and privileges, and require significant cleanup
- Many AD platforms serve as a repository of privileges to tens and hundreds of applications. These privileges are now subject to compliance verification and demonstration requirements.
- AD administrators find it increasingly difficult to decide how to provision new users, and how to adapt the privileges of users that move between jobs
- Many AD administrators find it increasingly difficult to answer common administrative and audit questions
All in all, quickly rising complexity makes it quite challenging to manage AD in an effective and secure way without an analytical audit and cleanup tool.
Key Deliverables
Active Directory administrators using Eurekify Sage ERM may expect to be able to deliver the following as part of a variety of projects:
- Easy browsing, query, and analysis capabilities on a copy of AD privileges
- Who has access to what, who else, what else, etc.
- Common access patterns and exceptions
- Review and cleanup of users, groups, and privileges
- Identify out-of-pattern privileges and other exceptions
- Identify orphan, overlapping, and otherwise redundant groups
- Simplify privileges and groups structure
- Create and/or critique a role-based privileges management paradigm in AD and beyond
- Automated discovery of roles and rules (mining) - common access patterns that may represent privileges that are granted together for people that perform a certain business role
- Define organizational, functional, project-oriented, applicative roles, and more
- Review existing roles structure for extension, restriction, and other refinement options
- Automate compliance verification and demonstration
- Automate periodical privileges review and cleanup processes. Identify, review, and track exceptional access based on a variety of pattern-oriented analyses.
- Automate periodical verification and demonstration of compliance with segregation of duty (SoD) rules and other IT controls.
- Automate periodical privileges certification/attestation processes quickly and easily. Business line managers can easily review and make requests over privileges of subordinates and/or privileges to resources they own .
- Overlay AD privileges with a separately imported privileges to Windows shared folders and perform all analyses at a finer level of granularity
- Analyze privileges across multiple AD domains
How it Works
Eurekify Sage ERM supports a typical cycle of "assess, adapt, and approve" to initially fix and then continuously maintain privileges quality in Active Directory:
- Users and groups information is mapped and imported into Sage.
- Optionally, a separate import scans shared folders access control information from other Windows servers
- Eurekify Sage ERM analytical engine is used to
- Identify out-of-pattern privileges and other exceptions
- Identify privileges that violate regulations and other policies
- Identify orphan accounts and redundant groups
- Identify opportunities to simplify groups structure
- Identify common access patterns that can serve as role candidates
- Suggest refinement and possible extensions to existing role definitions
- Eurekify Sage ERM is used to correct and improve privileges structure
- Visual inspection and exploration
- Reviewing and correcting previously identified flaws
- Review and correct violations of regulations and policies
- Establishing and refining role definitions
- Create approval and certification lists for business managers
- Eurekify Sage ERM collaborative web-based platform is used to bring in business managers into the process
- Review privileges of employees by their manages
- Review of privileges to data sources and applications by their owners
- Self-service privileges request by employees and their managers
- Review and approval of suggested privileges changes
- Changes to users, groups, and privileges structure are exported back to Active Directory
|
| |
| |
|
|
