Securing access to data and applications has become a cornerstone of any modern cybersecurity strategy.
In the IAM market, user access governance projects have a history of incurring multi-year roll-outs and requiring specialized personnel, making many companies shy away and bear excessive cyber risk.
In this space, Elimity tries to break the status quo. As an innovator, Elimity provides a data-driven platform that specifically offers the essentials for user access governance: automated data collection, holistic risk analytics and user-friendly access reviews integrated with ITSM. As a result, the platform lets companies achieve mature access governance in a matter of days, not months.
In this presentation, Maarten gives an overview of the essentials of user access governance, showcase the Elimity platform and how it is successfully applied in practice.
2. elimity.com
Dr. Maarten Decat
Co-founder and CEO
maarten@elimity.com
Trimming down
user access governance
to its essentials
Innovation talk
May 12, 2022 - EIC 2022
6. Secure access
IDENTITY HAS ENTERED CYBERSECURITY
ISO 27001 A.9 Access Control
NIST 800-53 Control family: Access Control
CIS CONTROLS
14. Controlled Access Based on the Need
to Know
ISO27001 NIST GDPR
SOC2 NIS SOX CIS
Good extra reading: www.idsalliance.org
SECURITY-FIRST
IDENTITY GOVERNANCE
Ensure that only the right people have the
right level of access to the right resources
as fast and at the lowest cost possible
7. Secure access
IDENTITY HAS ENTERED CYBERSECURITY
ISO 27001 A.9 Access Control
NIST 800-53 Control family: Access Control
CIS CONTROLS
14. Controlled Access Based on the Need
to Know
ISO27001 NIST GDPR
SOC2 NIS SOX CIS
Good extra reading: www.idsalliance.org
SECURITY-FIRST
IDENTITY GOVERNANCE
Ensure that only the right people have the
right level of access to the right resources
as fast and at the lowest cost possible
8. SECURITY-FIRST
IDENTITY GOVERNANCE
Ensure that only the right people have the
right level of access to the right resources
as fast and at the lowest cost possible
IDENTITY HAS ENTERED CYBERSECURITY
FOCUS OF
IGA MARKET
Optimize costs, improve efficiency
Multi-year, multi-million projects
ISO 27001 A.9 Access Control
NIST 800-53 Control family: Access Control
CIS CONTROLS
14. Controlled Access Based on the Need
to Know
ISO27001 NIST GDPR
SOC2 NIS SOX CIS
9. SECURITY-FIRST
IDENTITY GOVERNANCE
Ensure that only the right people have the
right level of access to the right resources
as fast and at the lowest cost possible
IDENTITY HAS ENTERED CYBERSECURITY
FOCUS OF
IGA MARKET
Optimize costs, improve efficiency
Multi-year, multi-million projects
90% of the companies out there are
not able to regularly review user access
10. ELIMITY
Helping companies take control over who can access what
without hassle.
NO-NONSENSE
APPROACH
Think big, take small steps.
NO-NONSENSE
PLATFORM
End-to-end governance cockpit.
NO-NONSENSE
SECURITY & IDENTITY EXPERTS
Don't reinvent the wheel.
11. THE ESSENTIALS OF
USER ACCESS
GOVERNANCE
To get in control fast, focus on:
1. Creating visibility: build a central view
of users and permissions from any
application or data source.
2. Reviewing access: involve IT and
business to remove unneeded
accounts and accesses
3. Monitoring over time to stay on top of
the situation at all time.
0 Collect data 1
3
Continuously
in control
Review
Understand
Monitor
2
4 Act
12. |
Take
control
Consolidate
control
Identify
access
risks
Clean up & monitor
Set up identity
governance
Increase operational
efficiency
Optimize
control
Design a role model
Design SOD policies
Introduce governance
processes (requests,
reviews, JML)
Automate provisioning
Improve decision making
Improve data quality
Review
Address violations
Get notified of new
violations
Fundamentally
improved
cyber security
Structural
control
SECURITY-FIRST IGA
IS A NEW JOURNEY
Everything we do focuses on cyber
security and efficiency: no multi-year IAM
roll-outs, but quickly identifying access
risk, cleaning up and introducing
governance where needed.
Go for security improvements in a
matter of days, not months or years,
13. |
8 CATEGORIES OF
KEY RISK INDICATORS
KEY
RISK
INDICATORS
Orphaned
accounts
1
Privileged
accounts
2
Access
accumulation
3
Identity
hygiene
4
Role
hygiene
5
Data
quality
6
Segregation
of duties
7
Business-specific
indicators
8
Read the guide:
elimity.com/kri-guide
Want to know more?
14. API
...
ELIMITY
PLATFORM
4 ESSENTIAL
BUILDING BLOCKS
1. Easily gather & correlate
data from your sources
2. Easily analyse and
identify risks
3. Easily review access
and initiate changes
4. Monitor over time and
send out alerts
ALERTS
Elimity Insights
elimity.com/start-now
CHANGE
REQUESTS
MONITOR
UNDERSTAND
REVIEW
On-premise
agent
...
Db
CSV LDIF
2. File upload connectors
3. Push agents
15. 4 ESSENTIAL
BUILDING BLOCKS
1. Easily gather & correlate
data from your sources
2. Easily analyse and
identify risks
3. Easily review access
and initiate changes
4. Monitor over time and
send out alerts
Elimity Insights
elimity.com/start-now
16. 4 ESSENTIAL
BUILDING BLOCKS
1. Easily gather & correlate
data from your sources
2. Easily analyse and
identify risks
3. Easily review access
and initiate changes
4. Monitor over time and
send out alerts
Elimity Insights
elimity.com/start-now
17. 4 ESSENTIAL
BUILDING BLOCKS
1. Easily gather & correlate
data from your sources
2. Easily analyse and
identify risks
3. Easily review access
and initiate changes
4. Monitor over time and
send out alerts
Elimity Insights
elimity.com/start-now
18. 4 ESSENTIAL
BUILDING BLOCKS
1. Easily gather & correlate
data from your sources
2. Easily analyse and
identify risks
3. Easily review access
and initiate changes
4. Monitor over time and
send out alerts
Elimity Insights
elimity.com/start-now
19. Start now
✓
✓
Free Standard Enterprise
ITSM integration
Library of connectors ✓ ✓
✓
Task reminders ✓ ✓
✓
✓
Single Sign-On
Access profiles
Monitoring & alerts ✓ ✓
✓
✓
Usage logs
Virtual private cloud
✓
✓
Enterprise support
Library of security controls ✓ ✓
✓
Insights & analytics ✓ ✓
✓
“
Elimity offers unparalleled cost efficiency within identity management.
They provide a combination of smart people and smart technology.
─ Stéphan Hellmann, Chief Security Officer, Byblos Bank Europe
elimity.com/start-now
20. |
SaaS platform for
security-first IGA
ABOUT ELIMITY
Maarten Decat
Co-founder & CEO
maarten@elimity.com
For more guides, visit:
www.elimity.com/guides
User Access
Screening
Solution brief
How to prove
that you are in control
Guide
For more customer cases, visit:
www.elimity.com/cases
MORE RESOURCES
Access Certifications
as a Service
Solution brief
Enterprise-wide visibility
of users and their
accesses
Customer case
elimity.com/start-now