      |
Good access governance requires the regular review and certification of user entitlements and roles to ensure that access rights to enterprise information assets are appropriate and meet regulatory mandates and guidelines for Sarbanes Oxley, PCI, GLBA, Basel II and HIPAA compliance. However, many organizations are unable to achieve this critical access governance requirement. When a user provisioning system is deployed, it often serves as a good source of information about user accounts and group memberships, but cannot provide any information about the actual entitlements assigned to users.
Today, organizations rely on manual and resource-intensive processes to collect information about user entitlements and roles from multiple silos of access enforcement within IT infrastructure and applications. Often, business managers accountable for certifying entitlements and roles find the collected information difficult to understand, incomplete or out of date, and onerous to review. The result is an error-prone review and certification process that does not adequately protect an organization's information assets. This creates friction between the line-of-business teams, IT Security and the internal audit team. Business managers cannot effectively complete their attestations. The IT Security team is unable to assert that security policies and compliance objectives are being met. And the internal audit team does not have the evidence of compliance they need to be confident that risk is being managed effectively.
Aveksa provides an automated end-to-end security auditing software solution for access certification, enabling IT Security to deploy a repeatable, auditable, accurate and business user-oriented certification process. With Aveksa 3, up-to-date information about user entitlements and roles is collected enterprise-wide, and reviews are created automatically. These reviews are presented in terminology that is easily understood by the business manager, with customizable business descriptions. An integrated workflow routes any changes to the appropriate individuals or pluggable remediation handlers and maintains a complete audit trail. Dashboards and metrics help business and security managers understand the status of certifications and escalations.
By simplifying, automating, and auditing the certification processes, Aveksa 3 security auditing software enables security teams to hold business managers accountable, and integrate certifications into the corporate-wide compliance process to meet Sarbanes Oxley, PCI, GLBA, Basell II and HIPAA compliance mandates and guidelines.
Aveksa 3 provides:
