Fálaina’s Identity Analytic and Compliance Manager (IACM) is key for the next generation Identity Governance and Administration (IGA) solution that provide complete visibility on who’s who, what’s what and who have access to what for enterprises to address their audit and compliance requirements. Fálaina’s IACM is the foundation for Identity Lifecycle Manager and Privileged Access Manager, which is a powerful platform for enabling and improving compliance at a lower cost. A single integrated IGA platform that makes it possible to set a baseline for compliance and maintain that baseline to detect violations. In addition, because the IGA process is intrinsically linked to the compliance process, a single integrated platform also makes it possible to consolidate all capabilities with compliance checking, thus enabling prevention and not just detection.

Fálaina’s next generation IACM also provides identity centric threat intelligence. Proactively enforcing access rights policies, monitoring of rogue user creations, access right changes, detection of dormant/inactive accounts, and segregation of duties (SoD) checks makes IACM as the utmost security defense platform.

Capabilities
  • Reconciliation process with automated discovery of account and access
  • Complete visibility with comprehensive entitlement catalog
  • Identity governance, risk and compliance management with Segregation of Duties (SoD) checks
  • Access rights review with close-loop remediation
  • Enterprise role management
Benefits
  • Complete record of who’s who, what’s what and who has access to what – with complete details
  • Conduct access rights review, certification and close-loop remediation to address audit and regulatory requirements
  • Eliminate outdated and excessive access rights
  • Manage audit findings of orphan and inactive accounts
  • Eliminate conflict of access rights

 

Reconciliation process with automated
discovery of account and access

Discovery of users (employees and non-employees) against their accounts in various target systems is key to detection process. IACM provides agent-less connectors for both authoritative source and target systems integration to enable enterprises to automate the reconciliation process.

The IACM discovery engine is distributed in nature and can be deployed both on-premise and on the cloud. IACM today has more than 40 out-of-the-box agent-less connectors that enable discovery of accounts, technical group/role and permission across operating systems, directory servers, databases, mainframes, enterprise applications, IoT platforms and Cloud/SaaS based applications.

IACM also supports the use of flat files/batch files to populate the employee identity data and access rights data. The data population of these data can be scheduled for periodic reconciliation. Every target systems stores their Identity data differently.

IACM provides a mechanism for not only aggregating identity and entitlement data, but storing the data in a normalized format in the identity repository

Complete visibility with comprehensive
entitlement catalog

Discovery of users (employees and non-employees) against their accounts in various target systems is key to detection process. IACM provides agent-less connectors for both authoritative source and target systems integration to enable enterprises to automate the reconciliation process.

The IACM discovery engine is distributed in nature and can be deployed both on-premise and on the cloud. IACM today has more than 40 out-of-the-box agent-less connectors that enable discovery of accounts, technical group/role and permission across operating systems, directory servers, databases, mainframes, enterprise applications, IoT platforms and Cloud/SaaS based applications.

IACM also supports the use of flat files/batch files to populate the employee identity data and access rights data. The data population of these data can be scheduled for periodic reconciliation. Every target systems stores their Identity data differently.

IACM provides a mechanism for not only aggregating identity and entitlement data, but storing the data in a normalized format in the identity repository

Identity governance, risk and compliance management with Segregation of Duties (SoD) checks

Fálaina’s IACM provides cost effective GRC solution to address a wide range of compliance requirements such as segregation of duties (SoD) conflicts, sensitive access and other violations. It produces results for policy violations, reviews, risk scoring, reports and dashboards.

Assuming for ERP or CRM systems such as Oracle, Salesforce or SAP, users may have conflict of access rights at role or actual permissions. Such roles could be ability to create transactions and approval of payments.

The SoD rules and policies can be applied across multiple applications or across platforms to address conflicts that exist across systems.

As part of the compliance check for sensitive access, policies can be created to query set of users having set of sensitive access for any systems, and these can be used for reporting and access rights review process.

Access rights review with closeloop remediation

Fálaina’s IACM automate access review and certification processes. The access review and certification use workflow processes and web portal to present identity data and entitlement data to reviewers.

The solution allows the reviewer to run certification campaign by resource, user, entitlement or by any attributes such as review of users leaving the organizaiton, inactive/dormant users, users transferred to other department or delta certification. Sensitive access and SoD compliance review is integrated as part of this review and certification process to allow seamless experience for the reviewer and approvers. Other capabilities include workflow integration and attachment management.

The IACM review and certification process includes close-loop remediation process via workflow process, provisioning event or email notifications.

Enterprise role management

Role management is the process of mining, modelling, defining and maintaining roles in the IGA implementation. Business roles are typically used to define individual job functions within an organization. IT roles on the other hand are created to provide valuable information to construct policies for administration of access, and enforcement of access within any applications.

Given the comprehensiveness of the connectors, Fálaina’s IACM is able to mine access data all the way down to detailed entitlements, IACM automates the mining/discovery process and recommend candidate roles.

These informations are used in the downstream processes such as role-based provisioning, access review/certification, SoD checks, role-based access control across enterprises on-premise and cloud/SaaS applications.