RSA is expanding its Identity Governance and Lifecycle product suite with the new 7.1 update that provides improved analytics, as well as best practice recommendations for deployment and configuration.
RSA Identity Governance and Lifecycle provides organizations with multiple capabilities to help understand and manage identities and access within an enterprise. The need for identity governance is not a new one for enterprises, though with new compliance efforts such as the European Union's General Data Protection Regulation (GDPR), it has become increasingly important.
"RSA Identity Governance and Lifecycle has always provided visibility of who has access to what and the context of that access to help make decisions," James Ducharme, Vice President, Identity Products at RSA, told eWEEK.
Ducharme explained that in previous versions of RSA Identity Governance and Lifecycle, access reviews were enabled by providing business descriptions of the access and giving users an understanding of the risk an access represented. For example, the system could have alerted an administrator that a certain access event was likely a violation of compliance, based on the user entitlements. In the 7.1 release, RSA has now added an analytics layer to the access reviews in a bid to make it easier to use.
"By incorporating advanced analytics, RSA has removed the frustrations and given the business user areas of focus," Ducharme said.
Ducharme said that RSA has now divided up the review items into categories such as common access, uncommon access, access recently approved, access that has not changed since the last reviewed, access that is critical or privileged, and access that is not in compliance. He added that by using those categories, organizations can make quick bulk decisions on the things that are common or less of a risk, while prioritizing time and effort on the items that actually pose a risk to the business.
The new risk analytics capabilities are directly built into the RSA Identity Governance and Lifecycle product. RSA has additional analytics capabilities in other products that can further an organization's understanding of risk.
"We have also integrated with SIEM (Security Information and Event Management) solutions including RSA Netwitness and authentication activity from platforms such as RSA SecurID Access to gain further business and risk context across the broader security ecosystem," Ducharme said. "As we see the continued increase of compromised identity as a major factor in breaches, RSA believes that this type of Integrated Identity Risk approach will be an extremely important part of a company’s overall cyber-security practice."
Often the most difficult part of deploying an identity management system is getting started. To that end, RSA Identity Governance and Lifecycle 7.1 now includes what the company is calling "Quick Starts" as well as recommended best practices and implementation blueprints to help companies with deployment.
Ducharme said that with the quick start tools, new customers are provided with a guided experience that does not require extensive Professional Services engagements.
"It is still surprising to see that many organizations who have a project do not understand in detail, what it is that they want to do and how best to achieve it," Ducharme said. "RSA wants to help these companies to be successful and by sharing the knowledge and experience gained with our many customers. "
For existing customers, Ducharme said that the tools in the 7.1 update can help organizations to gain further understanding of the best ways to improve and tune what they have already deployed.
The EU's GDPR compliance requirements map well into the capabilities that RSA is providing in the Identity Governance and Lifecycle 7.1, according to Ducharme. He commented that having visibility and control of the users with access to personal data, is the core of the GDPR.
Beyond visibility it's also important to have a proper processes in place for identity governance. Ducharme said that identity processes help to ensure that the organization has done everything it can to stop data from being exposed to the wrong people. He added that the access review capability in Identity Governance and Lifecycle 7.1, provides a validation at regular intervals or when events occur such as organizational moves.
"The user's access to data be it in a file share or within an application, should be removed or updated in a timely manner," Ducharme said. "Without it, there is a much greater risk of non-compliance to the GDPR."
Looking forward, Ducharme said that RSA is looking at further expanding the capabilities of Identity Governance and Lifecycle in future releases. Among the things that RSA is working on are enhanced identity risk analytics and reporting capabilities, as well as continued identity assurance features.
"Our platform will continue to focus on the expansion of scale ability and performance," Ducharme said. "RSA will also provide policy capabilities to help to manage identity risk in a more automated way to reduce the effort of IGA (identity governance and administration) processes across the business."
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.